Ask Me Anything: Security Operations and Incident Response
Matt Siomos answers all your cyber security questions around operations and incident response.Key Takeaways
- Effective security operations rely on continuous monitoring and layered controls to detect and contain threats early.
- Strong incident response focuses on limiting impact during an attack and strengthening defences to prevent recurrence.
As part of our Cyber Security: Ask Me Anything series, we spoke to a number of cyber security experts in Interactive’s Cyber Security Operations Centre.
One of the topics we discussed was cyber security operations and incident response and our subject matter expert on that is Matt Siomos. Matt is the Cyber Security Operations Manager at Interactive and he has over 10 years experience in the technology space.
This topic is broken into two parts. The first is security operations, which is around the resources and capability in your team to monitor and improve cyber security practices, as well as having the ability to detect the risks when they do appear. They will appear.
The incident response part is pretty self-explanatory, how does your company respond to cyber-attacks? If there is a security breach, what are the processes to limit the damage as quickly as possible? Incident response also touches on the aftermath, how do you make sure you have stopped the attack and are fully protected so it doesn’t happen again?
Like all aspects of cyber security, it’s quite a complex puzzle to put together. In the video below, Matt has some useful tips on getting on top of your security operations and incident response.
Like all aspects of cyber security, it’s quite a complex puzzle to put together. In the video above, Matt has some useful tips on getting on top of your security operations and incident response.
One question we asked him was about the biggest cyber security misconception that IT teams have, here’s his insight.
This would have to be the reliance on old-school antivirus software. With our security operation centre, we often see attacks that evade antivirus software.
It might be a piece of malware that's reached out to a malicious destination or a command and control server that the antivirus agent is none the wiser about.
If you think about that, the piece of malware has had to evade lots of other controls along the way. It might've been a phishing email that came in that wasn't blocked or detected.
It could've been a user who browsed the malicious website or plugged in a USB key or public-facing system that had an exploit of a vulnerability.
And so, it's really important to think about defence in depth and those layered security controls, so that if one of those controls fails you've got adequate coverage across the stack.
Tap the play button in the video at the top of the page to get more insights.