EDITOR’S QUESTION
Stephan Berner
Managing Director
at Help AG
In today’s world, Security Analytics
is a must have and will become more
important than ever before. It is
one of the most important parts of
information security in the future.
The reason organizations need to get
their security data into analysis is that
we see more and more changes around
advanced hackers’ motives and the
ways they approach their objective(s).
Whereas malware used to be the
common thing to focus on, we now
see hackers utilizing legitimate tools in
combination with stolen credentials. As
a result, today, many threats cannot
be detected without deep insight!
Therefore, organizations need to
improve their detection capabilities
and take incident response and
security operations more seriously.
Security analytics should be treated
as three integrated sections- the
capture of critical information
from the large number of events
generated by security devices such
as firewalls, IPS etc; feeding of this
information to security controls; and
finally learning from shortcomings to
mitigate future threats.
Whereas in an ideal case, threat
intelligence should be leveraged in
advance to prevent security incidents
in the first place, it must often be
used post-event both to mitigate
the threat as well as to harden the
organizations security posture for the
future. Any early breach detection
mechanism that is configured with
78
INTELLIGENTCIO
the learnings of security analytics will
allow organizations to make informed
decisions about relevant remediation
actions, which in turn will enable them
to take control back sooner than later.
At Help AG, we have invested in our
Cyber Security Operation Center
(CSOC) to offer Managed Security
Services. As part of our services
portfolio, we address this important
subject and provide 24x7 Security
Event Management and Incident
Response locally in the UAE. This
service is based on hundreds of the
industry’s best use cases combined
with the right threat intelligence and
allow us to correlate between different
events very effectively in a timely
manner, regardless of the threat
vector identified. As an organization
this is something as essential as
writing invoices from the business to
their clients.
www.intelligentcio.com