As cyberattacks increase in number and severity, it’s essential that public and private sector organizations not only modernize IT systems and infrastructure — but also stay abreast of the best operating practices. Effective security operations depend on the harmonious use of people, tools and processes to ensure the overall resiliency of an organization.
In a new CyberScoop interview, Synovus CISO Kevin Gowen and Christopher Fielder, field CTO at Arctic Wolf Networks, share insights on the benefits of ensuring security operations for the foundation of an effective security posture is critical.
One of the main challenges is that organizations must break past the traditional, legacy mindset that an effective security program is a tool. “[Arctic Wolf] found that about 60% of organizations define the foundation and the focus of their security program as centralized on their firewall. And that’s a legacy mindset; it’s something that I think a lot of the industry needs to grow beyond,” says Fielder.
“We need to pivot beyond that to a more adaptive and operational approach and say, it’s not the tool that’s going to solve the problem. And it’s not, especially a single tool,” he adds.
Gowen also stresses the importance of bringing together people, processes and technology and says, “[organizations] want to be a resilient, not just defend against the things that are happening. So, you need to improve your speed, improve the integration among your teams, and you need to leverage your talent because I think the people are the key piece.”
The executives highlight strategies for taking this approach and encourage leaders to think of their organization’s security posture as a pyramid, with the foundation being people, whether that’s internal or external service (such as a managed service provider and MDR solution or a marriage of the two) followed by visibility, technology and processes.
Visibility is also essential for having a successful posture. Fielder says, “make sure that you’re looking at every aspect of any area of your environment, whether that’s the network, the cloud, the endpoints to everything that’s being logged, the people, the behaviors, etc. — get visibility into all of that. And then utilize all that data together to observe any potential threats or risks in your environment and build your processes from there.”
Fielder and Gowen explain that security is dynamic and needs to be ever evolving and that it’s a journey, not a destination.
Learn more about driving customized outcomes that improve your security posture.
This video panel discussion was produced by Scoop News Group and CyberScoop and underwritten by Arctic Wolf Networks.