There's no shortage of press and opinions about the emergence of advanced persistent threats (APTs). Amid this hype, it can be difficult to not only get a clear picture of what advanced threats are, but also to translate the APT challenge into actionable steps CISOs can take to prepare the information security organization for the future.
Our research presents how progressive companies have transitioned to a threat-based Information Security function and built more proactive threat management capabilities.
Managing threats requires a new process. Advanced threats have led to a change in Security’s risk profile, requiring CISOs to rethink the structure of their functions. Although Security’s traditional method of monitoring vulnerabilities and controls cannot be abandoned, CISOs must adjust their functions’ focus to include threats.
Prioritize and build new capabilities to proactively manage threats. Security teams must build capabilities that enable intelligence collection and threat detection. Some of the new capabilities include broader threat detection, intrusion hunting, and enhanced intelligence collection. Although determining which capabilities to focus on first may be daunting, CISOs should ensure they have baseline detection capabilities in place before developing more sophisticated operations.
Restructure new teams in a way that allows them to share resources and information. The typical siloed approach won’t work in the threat environment, so teams must work across threat-based processes. Advanced threat attackers work together, and information security functions must do the same. This approach includes sharing resources and information among teams and with other organizations.
Look for opportunities to drive investment in advanced capabilities. Developing new capabilities without additional investment can be difficult. CISOs can drive investment in advanced capabilities by crafting relevant messages and clearly showing the value of initiatives to senior executives and the board.
Fill out your information on the right for more detail on how companies have successfully begun to rethink Information Security for advanced threats.