EDITOR ’ S QUESTION
Stephan Berner
Managing Director , Help AG
In today ’ s world , Security Analytics is a must have and will become more important than ever before . It is one of the most important parts of information security in the future .
The reason organizations need to get their security data into analysis is that we see more and more changes around advanced hackers ’ motives and the ways they approach their objective ( s ). Whereas malware used to be the common thing to focus on , we now see hackers utilizing legitimate tools in combination with stolen credentials . As a result , today , many threats cannot be detected without deep insight !
Therefore , organizations need to improve their detection capabilities and take incident response and security operations more seriously . Security analytics should be treated as three integrated sections- the capture of critical information from the large number of events generated by security devices such as firewalls , IPS etc ; feeding of this information to security controls ; and finally learning from shortcomings to mitigate future threats .
Whereas in an ideal case , threat intelligence should be leveraged in advance to prevent security incidents in the first place , it must often be used post-event both to mitigate the threat as well as to harden the organizations security posture for the future . Any early breach detection mechanism that is configured with the learnings of security analytics will allow organizations to make informed decisions about relevant remediation actions , which in turn will enable them to take control back sooner than later .
At Help AG , we have invested in our Cyber Security Operation Center ( CSOC ) to offer Managed Security Services . As part of our services portfolio , we address this important subject and provide 24x7 Security Event Management and Incident Response locally in the UAE . This service is based on hundreds of the industry ’ s best use cases combined with the right threat intelligence and allow us to correlate between different events very effectively in a timely manner , regardless of the threat vector identified . As an organization this is something as essential as writing invoices from the business to their clients .
78 INTELLIGENTCIO www . intelligentcio . com