Three Questions For Empowering Security: From Gartner’s Risk and Security Management Summit Europe

Security Matthias Maier

This week Security Managers from all over Europe met up at Gartner’s Risk and Security Management Summit in London. The key question was ‘how to empower security strategies to prioritize, adapt, transform and scale to the needs of a growingly digitalized world?’

In exploring this, the importance of urgent crisis and threat management was pointed out in Gartner’s keynote; highlighting the starting point as creating visibility into assets and ecosystems, designing for resilience at multiple levels, and using analytics and automation as a force multiplier.

One of the key takeaways for me, was the three questions that every security professional should ask themselves in order to empower their security programs.

When implementing a SIEM solution - these questions are also relevant for selecting and implementing meaningful use cases. By running this exercise, it will ensure an outcome of actionable alerts, and not just noise that leaves you overwhelmed and paralyzed. I’ve demonstrated these key questions with two different examples for your enjoyment ;)

The answers to these questions is where your security focus should be. It’s here that you can start to identify the right log sources to onboard, to establish investigation capabilities, as well as setting up early detection and security monitoring. So for my above examples the following actions could be:

We’ve already seen this executed successfully in practice. Nick Bleech, Head of Information Security at Travis Perkins, shared in his Gartner breakout session how the team heavily utilized the risk framework to move away from a legacy SIEM, to a lean SOC with Splunk Enterprise Security. You can see his presentation below:

Nick highlighted the Travis Perkins’ incident response process and how it ran a fire drill exercise recently. They discovered that management wants regular updates of new findings - sometimes asking every 15 minutes. In those situations it’s important that the team have the right technology to allow them to be agile, and ask questions quickly.

So what do you find when you ask yourself these those questions?

Best

Matthias

Related Articles

Staff Picks for Splunk Security Reading January 2023
Security
5 Minute Read

Staff Picks for Splunk Security Reading January 2023

Welcome to the Splunk staff picks blog. Each month, Splunk security experts curate a list of presentations, whitepapers, and customer case studies that we feel are worth a read.
How to Install and Configure Infosec Multicloud
Security
3 Minute Read

How to Install and Configure Infosec Multicloud

Learn how to set up and optimize InfoSec MultiCloud for Splunk to help maximize your cloud security effortlessly in our step-by-step guide.
Detecting Supernova Malware: SolarWinds Continued
Security
7 Minute Read

Detecting Supernova Malware: SolarWinds Continued

Supernova exposes SolarWinds Orion to attack via an in-memory web shell. It needs to be patched and detections below can help identify adversary actions.