If you have ever been involved in an incident response scenario, it is easy to see how important communication and collaboration are. Panic may be on the rise as critical network components are offline or sensitive systems are discovered as compromised and you have to react quickly. While reaction times are important, being thorough and confident with the findings in an investigation is also paramount. We are in the midst of one of the highest annual number of reported data breaches and we still have a quarter of the year remaining. The number of reported vulnerabilities keeps growing alongside the list of exploits that are being shared and sold worldwide. While cybersecurity has always been important for information technology, it just doesn’t seem to stay ahead of the curb. Why? Security isn’t in the room.
The role of a security operations center is not just to analyze logs and ensure that policies are met. We are considered the experts in the areas of network and host security. Unfortunately, the trend is still erring on the side of reactive versus proactive cybersecurity strategy because it is a lot harder to sell an idea when there hasn’t been a data breach or cybersecurity incident. A lot of IT departments may consider the SOC a hassle since most of the time we are asking them to do more work by patching vulnerabilities and change the configuration of a system that has worked fine for years. Our requests involve more research and troubleshooting to figure out how to make a vulnerable system less vulnerable while making sure it still performs its functions.
I get it – security is a pain. But I would much rather have a long-term dull ache in my side than a sharp pain that is life-threatening. There isn’t a day at work where someone in IT comes to one of us in security and says, “I noticed my system has a vulnerability, what do you know about it and how can we fix it?” We are doing the research and reaching out to get things patched and up to date in a timely manner.
My question for IT departments is: why are we still treating security like a bolt-on component? We need to evolve our approach and step back to look at how we can improve and get ahead. Instead of rushing to complete the work, taking the time to mentally map out all the implications of a change. When IT decisions are made, security needs to be in the room. Security should no longer be a bolt-on; security needs to be the glue that holds the network architecture together. IT and security need to converge as one team of united minds working together to make the overall network not only function but secure.
