National Cyber Security Awareness Month (NCSAM) is in its third week. While NCSAM is a one-month promotional campaign, its main objective is to encourage us to think about cybersecurity year round. At Splunk, we view cybersecurity awareness and action as a permanent mindset that continues to evolve as the threat landscape evolves.
That’s why cybersecurity took center stage at Splunk’s recent user conference, .conf2017. There, the Splunk Security Markets Group hosted the seventh CISO Customer Advisory Board meeting, which in my opinion was the best ever!
We had the privilege of hosting CISOs, many of who use Splunk Enterprise Security, Splunk User Behavior Analytics and Splunk Enterprise or Splunk Cloud as the foundation of their security nerve center to transform their security practices and solve their security challenges.
The CISO CAB was attended by a record number of security executives from higher education, retail, financial services, technology, manufacturing, government, services, healthcare, energy and other verticals.
The CISOs shared their challenges and the following is a short summary of the discussions.
Security Continues to Enable the Business
As we all know, digitization is impacting every aspect of our lives. Digitization also amplifies the inherent risks and potential vulnerabilities in our infrastructure. New technology can also make the mission of protecting enterprises even more challenging.
Digitization is driving CISOs to rapidly transform their security operations at a scale that was previously unimaginable and is accelerating the convergence of Operational Technology (OT) security use cases and management with IT security.
There is a shift away from perimeter-based security to safeguarding and leveraging data from across systems, devices, and cloud for unified visibility and reporting to the board.
CISOs have moved beyond siloed views and now emphasized visibility across an entire ecosystem with insight into who, where, what and how.
These CISOs are positively impacting their business and they are able to provide security posture, risk views and they are also able to quantify the value of security to the board.
Growing Adoption of Automation
With modern tools and the growing adoption of advanced analytics, automation is a high priority for CISOs. Automating repetitive manual tasks, where there is high confidence in the outcome is often the first consideration.
The priority is alert noise reduction and malware detection using run books that have matured based on their system and deployment. There is a wide range in use and sophistication of automation technologies. There is a clear desire to automate across the security ecosystem and related IT tools and apps.
CISOs start with process agreements in place first before starting to automate. There is a clear need for detailed context first before automating actions and responses.
Adopting automation is expected to help alleviate some of the skills shortage and the problem of retaining qualified talent.
Advanced Threat Defense is a Top Priority
CISOs continue to face a prolonged, unbalanced battle against adversaries that are sophisticated, elusive, well-funded and bypass legacy security technologies.
Organizations are understaffed, lack specific skills, and often lack the visibility needed to detect and investigate quickly.
CISOs focus on proactive early discovery and analysis of advanced and targeted attacks. Many organizations have adopted proactive threat hunting.
A wide range of security solutions and tools are used depending on the maturity of the security teams. In addition to preventative tools, security information and event management (SIEM) solutions complemented by user behavior analytics (UBA) and endpoint analysis solutions are common.
What CISOs Are Saying About Their Success
Watch how NASDAQ uses Splunk Enterprise and Splunk User Behavior Analytics to speed security investigations by more than 50 percent and drive massive efficiencies in data gathering across teams.
Find out how Travis Perkins CISO Nick Bleech and his security team were able to reduce its security investigation time from three weeks to less than half an hour using Splunk Cloud and Splunk Enterprise Security.
Over the next several months, I will be sharing additional takeaways from future CISO Customer Advisory Board meetings. Meanwhile, if you have any questions ping me.
Next week, Splunk will host a webinar with Joseph Blankenship at Forrester Research. He and I will spend the hour discussing the latest market trends and threat landscape and how analytics platform can transform your security operations. Register today and save your spot.
Director, Security Product Marketing