Respondents to the survey believe their own organizations could be between 38-100% more secure if threat management and incident response personnel and systems could simply collaborate better. The team believe collaboration is one area which is often overlooked, with decision maker’s often favouring new threat detection or prevention tools, though security operations’ effectiveness can be increased through better collaboration between silos within the organization.
“Threat management contributions are almost evenly spread among different roles, but there are some notable areas of specialization,” the company stated in its “How Collaboration Can Optimize Security Operations” report. “Every handoff or transition can add significant operational overhead—along with the potential for confusion and chaos and delays in responding. But, on the upside, there is also huge potential for collaboration and increased efficiencies.”
The report states CIOs are still prioritizing new tools as a means to shore up their own perimeters, though collaborations technologies were not far behind in the rankings. 40% of the respondents highlighted their spend would be prioritized on better detection tools, 33% pointed towards preventative tools and 32% said improved collaboration between SOC analysts, incident responders and endpoint administrators.
One of the main challenges for these organizations is the process, accuracy and trust in communication. For a number of organizations data is shared manually and potentially reprocessed several times, increasing the possibility of inaccuracy. Automated collaboration tools ensure data is shared quickly and accurately through an array of different functions and responsibilities. “Trust arises from good communication, transparency, and accountability, all of which engender confidence in the outcome,” the report states.
The number of tools being used within these organizations is also a challenge, as data is often transferred between or collected centrally manually. The average number tools companies use to investigate and close an incident is four, though 20% of the respondents said they can use up to 20 different products to achieve the same aims, further increasing the challenge. Though larger and more geographically diverse organizations will by definition use more tools, the same principles of collaboration and automation apply, and in theory could increase the security of an organizations perimeter.
“Tougher new EU data privacy regulations, which are currently in the process of being modernized, will be implemented in 2017,” said Raj Samani, EMEA CTO for Intel Security, in the report. “Organizations will be legally required to implement a security architecture that ensures a secure and trustworthy digital exchange of data throughout the EU. Data privacy needs to be assured at every level and across the entire infrastructure. In light of that, improved incident investigation and response processes that bring together collaborative tools and teams are imperative.”
While most organizations are answering the threat of more advanced cyber threats with the implementation of more advanced defence solutions, collaboration is an area which could be seen as a complementary means. Collaboration can contribute to real-time visibility for various teams, improve execution capabilities, as well as speed of response.