433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (727) 493-2351

5 reasons why security operations are getting harder

Recent ESG research reveals that 52% of security professionals believe security operations are more difficult today than they were two years ago. Why? Security operations center (SOC) teams point to issues such as: * A rapidly evolving and changing threat landscape: Forty-one percent of security professionals find it difficult to understand and counteract modern threats like ransomware or supply chain attacks and then build this knowledge into a comprehensive security operations program. Most react to threats and indicators of compromise (IoCs) rather than study cyber-adversaries and plan ahead. * A growing attack surface: This issue came up with 39% of respondents, but attack surface challenges are no surprise. Other ESG research indicates that the attack surface is growing at two-thirds (67%) of organizations, driven by third-party IT connections, support for remote workers, increased public cloud usage, and adoption of SaaS applications. A growing attack surface means more work, vulnerabilities, and blind spots for SOC teams. Little wonder then why 69% of organizations admit to a cyber-incident emanating from an unknown, unmanaged, or poorly managed internet-facing asset. * The volume and complexity of security alerts: We’ve all heard about “alert storms” and “alert fatigue.” Based on the ESG data, these conditions aren’t just marketing hype, as 37% of SOC teams say that alert volume and complexity is making security operations more difficult. It’s easy to understand this one: Imagine viewing, triaging, prioritizing, and investigating a constant barrage of amorphous security alerts from a variety of different detection tools and you’ll get the picture. Seems overwhelming but that’s the reality for level 1 SOC analysts at many organizations. * Public cloud usage: Beyond just expanding the attack surface, more than one-third (34%) say that security operations are more difficult as a direct result of growing use of the public cloud. This is not just a numbers game. Securing cloud workloads is difficult due to multi-cloud deployment, ephemeral cloud instances, and developer use of new cloud services that security teams may be unfamiliar with. Chasing cloud evolution and associated software developer whims has become part of the job. * Keeping up with the care and feeding of security technologies: More than half (54%) of organizations use more than 26 different commercial, homegrown, or open-source tools for security operations. The burden of managing and maintaining all these disparate technologies alone can be difficult. This is one reason why many firms are replacing on-site security tools with cloud-based alternatives. Growing scale complicates security operations In analyzing this data, it’s easy to see a common theme across these different responses – scale. Everything is growing – threats, IT, alerts, tools, everything. The research illustrates the fact that we don’t have the people, processes, or technologies to keep up with these scaling needs. To read this article in full, please click here
http://news.poseidon-us.com/SZbthH

US CISA reaches a new maturity level with its comprehensive strategic plan

On November 16, 2018, the awkwardly named National Protection and Programs Directorate (NPPD) at the US Department of Homeland Security (DHS) emerged as a full-fledged agency called the Cybersecurity and Infrastructure Security Agency (CISA). Since then, CISA has been the federal government agency for bolstering cybersecurity and infrastructure protection across the federal government and setting the example for the private sector to follow suit. Under the auspices of its first director, Chris Krebs, and current director, Jen Easterly, CISA has tackled many serious cybersecurity problems, from supply chain infections to crippling ransomware attacks. Last month, CISA took a significant step forward to achieving its goals by releasing its first comprehensive strategic plan, an overarching agenda of priorities for 2023 to 2025. (CISA did release in 2019 a “strategic intent” document, upon which the strategic plan builds.) To read this article in full, please click here
http://news.poseidon-us.com/SZbtTJ

More IcedID, (Wed, Oct 5th)

[This is a guest diary we received from Gunter Der]
http://news.poseidon-us.com/SZYM4r

CISA orders federal agencies to regularly perform IT asset discovery, vulnerability enumeration

A new directive issued by the Cybersecurity and Infrastructure Security Agency (CISA) is ordering US federal civilian agencies to perform regular asset discovery and vulnerability enumeration, to better account for and protect the devices that reside on their networks. About the Directive “Over the past several years, CISA has been working urgently to gain greater visibility into risks facing federal civilian networks, a gap made clear by the intrusion campaign targeting SolarWinds devices,” the agency … More → The post CISA orders federal agencies to regularly perform IT asset discovery, vulnerability enumeration appeared first on Help Net Security.
http://news.poseidon-us.com/SZY6fp

Tenable’s CIO pushes resource optimization as company pursues $1B in revenue

Technology veteran Patricia Grant is joining the cybersecurity company amid sustained industry growth. Her challenge now is to help Tenable scale.
http://news.poseidon-us.com/SZXw19

7 cybersecurity audiobooks you should listen to this year

Audiobooks have gained enormous popularity among book lovers for a variety of factors, including their convenience, which enables listeners to learn while running errands or traveling. Here’s a list of cybersecurity audiobooks that are worthy of your time. Cybersecurity: The Insights You Need from Harvard Business Review Author: Harvard Business Review This book brings you today’s most essential thinking on cybersecurity, from outlining the challenges to exploring the solutions, and provides you with the critical … More → The post 7 cybersecurity audiobooks you should listen to this year appeared first on Help Net Security.
http://news.poseidon-us.com/SZX7YC

After Log4j and SolarWinds, CISA tells agencies to routinely scan networks for devices, potential bugs

CISA is kicking off cybersecurity awareness month with a new binding operational directive for agencies.
http://news.poseidon-us.com/SZTnsl

Is mandatory password expiration helping or hurting your password security?

For decades cybersecurity professionals held tight to the idea that passwords needed to be changed on a regular basis. In recent years, however, organizations such as NIST and Microsoft have abandoned this longstanding best practice and are now recommending against mandatory password expiration. The case against password expiration Microsoft lists two main reasons why scheduled password expirations should be avoided. Fast-acting criminals won’t be deterred by your 90-day change policy First, the company argues that … More → The post Is mandatory password expiration helping or hurting your password security? appeared first on Help Net Security.
http://news.poseidon-us.com/SZSm3B

ISC Stormcast For Tuesday, October 4th, 2022 https://isc.sans.edu/podcastdetail.html?id=8200, (Tue, Oct 4th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
http://news.poseidon-us.com/SZSTz0