You may have been planning to do some of this anyway but the pandemic has forced several years of change to be carried out in a few months. Here’s some advice for coping…:
[…] Amy Blackshaw, director of product marketing at RSA and Adler’s partner in the session, had five recommendations for security teams working remotely. Some of these shifts are already in process and others are accelerating:
- Automating workflows: Analysts should be able to collaborate and work from the same playbook especially when they are not in the same room.
- Threat detection and response: The SOC should be focused on anticipating attacks that could bypass security controls, especially at the endpoint and the network, and during the reintroduction to working in the office in person.
- Reimagining the corporate network: Analysts should redefine what normal traffic looks like during this work-from-home phase, what it will look like as offices reopen, and what reducing risk means in both contexts.
- Reevaluating behavior analytics and insider threat risk: Analytic models also need to be readjusted to understand how employees are behaving in this work-from-home world to understand what anomalies look like in the current version of normal.
- Visibility into cloud workloads: SOC teams need to understand third-party cloud environments and add that data into existing analytic models.