Three Questions For Empowering Security: From Gartner’s Risk and Security Management Summit Europe

Security Matthias Maier

This week Security Managers from all over Europe met up at Gartner’s Risk and Security Management Summit in London. The key question was ‘how to empower security strategies to prioritize, adapt, transform and scale to the needs of a growingly digitalized world?’

In exploring this, the importance of urgent crisis and threat management was pointed out in Gartner’s keynote; highlighting the starting point as creating visibility into assets and ecosystems, designing for resilience at multiple levels, and using analytics and automation as a force multiplier.

One of the key takeaways for me, was the three questions that every security professional should ask themselves in order to empower their security programs.

When implementing a SIEM solution - these questions are also relevant for selecting and implementing meaningful use cases. By running this exercise, it will ensure an outcome of actionable alerts, and not just noise that leaves you overwhelmed and paralyzed. I’ve demonstrated these key questions with two different examples for your enjoyment ;)

The answers to these questions is where your security focus should be. It’s here that you can start to identify the right log sources to onboard, to establish investigation capabilities, as well as setting up early detection and security monitoring. So for my above examples the following actions could be:

We’ve already seen this executed successfully in practice. Nick Bleech, Head of Information Security at Travis Perkins, shared in his Gartner breakout session how the team heavily utilized the risk framework to move away from a legacy SIEM, to a lean SOC with Splunk Enterprise Security. You can see his presentation below:

Nick highlighted the Travis Perkins’ incident response process and how it ran a fire drill exercise recently. They discovered that management wants regular updates of new findings - sometimes asking every 15 minutes. In those situations it’s important that the team have the right technology to allow them to be agile, and ask questions quickly.

So what do you find when you ask yourself these those questions?

Best

Matthias

Related Articles

Which of Gartner’s 2019 Top 7 Security and Risk Management Trends Are Impacting Your Business? - Part III
Security
2 Minute Read

Which of Gartner’s 2019 Top 7 Security and Risk Management Trends Are Impacting Your Business? - Part III

Last and final part of our 3-part blog series in which we review Gartner's Security and Risk Trends 2019 and give advise on how to tackle them.
Active Directory Lateral Movement Detection: Threat Research Release, November 2021
Security
12 Minute Read

Active Directory Lateral Movement Detection: Threat Research Release, November 2021

The Splunk Threat Research Team recently updated the Active Directory Lateral Movement analytic story to help security operations center (SOC) analysts detect adversaries executing these techniques within Windows Active Directory (AD) environments.
Putting the 'E' in Team: Solution Integration Enablement for Security Build Motion Partners
Security
2 Minute Read

Putting the 'E' in Team: Solution Integration Enablement for Security Build Motion Partners

Cybersecurity requires a strong team – that's why Splunk has developed a new enablement course for our security partners to help create a better team for our customers.