McAfee leader on how a good CSOC helps build cybersecurity maturity

CYBERCRIME is seeing phenomenal growth and businesses need to be very careful about how they defend their networks and protect their data.

The consequences of failure, especially for mid-sized and large enterprises, include regulatory penalties and reputational damages, and out the future of the business at risk.

As a result, experts such as McAfee Head of Advanced Threat Research Steve Povolny strongly advise businesses to establish a good Cyber Security Operations Center (CSOC) — so that they can boost cybersecurity maturity while pursuing digital maturity.

Povolny, at McAfee’s MPOWER Cybersecurity Summit 2019 in Las Vegas told Tech Wire Asia that he believes there’s a lot of value that CSOCs bring to organizations.

“Having an effective CSOC, not just to manage the technology in the organization, but to be able to quickly respond to threats and enforce security policies, I think is critical.”

Povolny, whose research into threat vectors helps safeguard organizations across industries, points out that since CSOCs are familiar with the organization’s systems, they’re in a better position to identify threats that come into those systems, and then, re-actively are able to respond to those threats quickly.

Further, once the CSOC is able to get through remediating those threats, they’re also able to understand and map them and perform forensics analyses to defend against them proactively in the future.

“To me, that’s the huge benefit of a CSOC, especially a well-trained CSOC.”

The biggest CSOC is not always the best CSOC

According to Povolny, the responsibility of building a CSOC doesn’t rest solely on the board of the company.

Based on the type of organization, its structure, and needs, either the Chief Security Officer or any security leader in the organization can initiate the conversation about building a CSOC.

According to the McAfee Head of Advanced Threat Research, what matters most when building a CSOC is not who starts the conversation but how, ultimately, the CSOC is built.

“Who starts it, I think, is maybe less important than, you know, how it’s formulated, how it’s developed, who they actually hire to be part of that CSOC, and the kinds of processes and maturity they have in place. Those are the things that really matter.”

Povolny told Tech Wire Asia that a CSOC with 2,000 people could sometimes be less effective than a CSOC with just 10 people — so companies looking to get the most out of their CSOC must focus on getting the right team in place.

“It’s the right people, the right processes, the right skill sets, all that coming together to be effective versus purely the numbers or access to the systems that they have.”

How a CSOC helps raise cybersecurity maturity

Cybersecurity maturity is very important in today’s day and age, simply because organizations need to realize that the threats and attacks will only increase as the surface area increases.

The ability to defend against threats is critical to surviving and doing business in the digital-first world.

A CSOC, according to experts including Povolny, is what helps the organization get better at securing its network, applications, data, and ultimately its people.

“A CSOC that is well trained is able to understand threats before they’re effective. I’ve worked with one before that was able to identify a DDoS attack that was coming into the organization.

“The CSOC was well enough trained that not only were they able to stop the DDoS from happening, but realized that it was a distraction and diversion from an attempt to infiltrate the organization.

“Given their combined experience, they were able to stop that attack before it actually got into the system and targeted the end-users.”

While not many business leaders talk about CSOCs very often, the need for one is clear to cybersecurity professionals across the world — many of whom are already at some stage of planning or building their CSOC.

Businesses today don’t neglect cybersecurity, but failing to build a CSOC and climb the cybersecurity maturity curve might be catastrophic.

---

---

---

---