Each year, right around the time when winter turns to spring in the United States, 64 college basketball teams stage an annual win-or-go-home tournament. The competitions’s memorable history of thrilling moments and sudden chaos has earned it the moniker “March Madness.”
Fans love madness in sports because it usually brings with it theatrics, unpredictability and edge-of-your-seat entertainment. Businesses? Not so much. Especially when it comes to their security operations, which are already pressed to the max due to alert overload, disparate detection tools, the existential threat of advanced attacks and limited internal resources.
Fortunately, one characteristic translates perfectly between the stadium and the security operations center (SOC) – and can go a long way to inspiring confidence and producing optimal infosec outcomes for your business: teamwork.
And with security now a companywide imperative and its own business risk category, successful communication, collaboration and task management requires participation from multiple audiences, including beyond the SOC, to ensure more efficient and sound intelligence gathering and incident handling when an attack – sophisticated or otherwise – emerges.
Here are three synergies that will facilitate better security results for your organization:
1) Inside the SOC
Depending on how mature your security command center is, it may include personnel with expertise in various disciplines, from log monitoring to malware analysis and threat hunting to forensic investigations and evidence handling. Each of these disciplines is critical to pre-empting an event before it devolves into something more serious, as well as helping to paint the full picture of what happened if crisis does indeed strike, allowing for quicker containment, recovery and remediation. As a result, all these teams must be in lock step with each other, sharing tools and discoveries and discussing actions to be taken and lessons learned.
2) Across IT and Network Operations Desks
Your SOC team also must build a symbiotic relationship with the network operations center and general IT group, as they are the ones with a pulse on traffic flows and the various on-premises and cloud-based servers and endpoints that would be impacted by an incident. An ongoing and productive collaboration will glean more insight into where sensitive data lives within the organization and the priority levels of every asset, allowing you to immediately discern the potential impact level of an event and orchestrate a more efficient response.
3) Throughout the Wider Business
Between customer churn, reputational damage and legal fees, the average price tag of a data breach in the United States is closing in on $8 million. The presence of incident response that scales across the company is arguably the best way to control and reduce the fallout costs. That means connecting your SOC to stakeholders in key departments, including legal, human resources, public relations and the executive suite.
Remember, collaboration within and outside of the SOC doesn’t need to be reserved to times of emergency. In fact, if you build those lines of communication today, the teamwork process will be much more fluid – and less maddening – when the inevitable serious incident arrives on your doorstep.
Dan Kaplan is director of content at Siemplify.