An organization that is compliant with cybersecurity regulations and standards is not necessarily an organization that is prepared for cybersecurity threats. Cybersecurity compliance only solves for a subset of risk management, while reasonable cyber resiliency balances the investment into cybersecurity mitigations with the optimum level of risk management for the organization.
Critical infrastructure sectors that are not regulated for cybersecurity are frequently in a more dire position, due to the lack of attention to cybersecurity processes. When it comes to critical infrastructure cybersecurity or risk management, the use of Security Orchestration, Automation, & Remediation (SOAR) may provide a solution as an integrative system platform.
Industry and Operational Challenges
With growing industries and the push toward remote work and digitalization, cybersecurity grows increasingly more complex in response to varying threats. Ongoing risks threatening operational technology (OT), industrial control system, and supervisory control and data acquisition (SCADA) environments include:
- High risk of human error and technical negligence due to many antiquated, proprietary, and outdated systems
- Increasing connectivity through growing digitalization
- Need for automation with heavy manual processes and hidden resource costs
- Networks and systems that are frequently insecure to cyberattacks due to design
- Shortage of cybersecurity professionals equipped with real-time data information
- Too many vendors and lack of integrated systems
One of the biggest operational challenges facing today’s cybersecurity professionals is the lack of resources and information required to combat cybersecurity threats. Cybersecurity Ventures estimates in a 2020 Hiring Report an expected shortage of 3.5 million cybersecurity workers globally by 2021. This number is inclusive of both information technology (IT) and OT environments, but when it comes to critical infrastructure environments, the shortage is exacerbated by the additional skillset requirement common to OT environments.
SOAR is an integrative platform that saves organizations time and expands the reach of their limited cybersecurity professionals by automating processes and integrating systems into a single platform.
Improving Cybersecurity in Critical Infrastructure
Cybersecurity revolves around the people, processes, and technology that interact with cybersecurity measures. Given the global talent shortage, the people part of that equation is difficult to change. However, an integrative platform like SOAR can assist with both the technology and process aspects needed for a successful cybersecurity program. SOAR has the capability to address myriad challenges:
- Automated threat detection and workflows
- Auditable incident and event manager
- Improved metrics for cybersecurity operations
- Leverage investment into cybersecurity measures with integration of key systems and technology
- Provides a cybersecurity command center platform
- Reduction of required OPEX investment
Despite having a high number of disparate cybersecurity products and solutions, organizations can leverage SOAR’s integration library to weave a variety of systems together into an integrative cybersecurity platform. This can lead to a higher return on investment with minimal integration work required by the organization. Some of the types of use cases that SOAR helps an organization integrate and automate include:
- Access and asset management
- Automating indicators of compromise lookups in threat intelligence platforms
- Collecting and centralizing relevant forensic data
- Consolidated security operations
- Custom workflows and use cases
- Email phishing and assessing threats
- Investigating and remediating end-point related alerts
- Investigating security information and event management alerts
- Responding to insider threats
- Threat hunting
By integrating these disparate systems, SOAR enables more efficient cybersecurity operations for an overextended cybersecurity workforce. Cybersecurity professionals may also find that they experience reduced stress due to automating repetitive tasks, and their newfound ability to solve a variety of operational challenges.
With the ongoing COVID-19 pandemic, many organizations are forced to execute mission-critical assignments with reduced staff to accommodate social distancing measures. Remote work is also on the rise with an increasing number of teleworkers completing work virtually. Both factors are leading to a higher level of risk for organizations for the foreseeable future.
SOAR leverages automation to extend the capabilities of the existing security workforce. By integrating across many disparate systems, it enables efficiencies and by codifying existing workflows, the program becomes a force multiplier for our collectively weary security workforce.
SOAR, at its most fundamental element, is an operations platform. It incorporates both technology and the operations process, and a skilled practitioner can codify your existing business or technical processes, or improve them, through a variety of methods. SOAR represents hope in the COVID-19 crisis and burgeoning operational challenges confronting our organizations and the collective security workforce.
You are invited to attend a webinar from 1898 & Co. and Swimlane on Thursday, August 20. Sign up for the webinar to discuss how SOAR can help streamline security operations in critical infrastructure organizations.
A version of this post originally appeared on the Burns & McDonnell blog. It is republished here with the permission of its author.
Interested in reading more articles like this? Subscribe to the ISAGCA blog and receive weekly emails with links to the latest thought leadership, tips, research, and other insights from automation cybersecurity leaders.