This is a summary of the Senior Security Leader cohort discussion during the Peer Roundtable on May 15, 2024. This executive summary captures the essence of the discussion, focusing on the major topics, challenges, and potential solutions discussed by the participants.
Flipbook View
• It was commonly agreed that MDM solutions like Intune should be used in the context where VIPs or sensitive data is processed.
• Where-as it was “silent" consensus that Outlook policies are usually an effective way of controlling the regular users.
A: The suggestion is to use MAM policies instead of full Intune enrollment.
A: Intune can be used for company-managed devices, with high-risk users receiving a second company device and lower-risk users being allowed to bring their own device.
A: Microsoft is commonly used as the primary identity provider, but CrowdStrike and third-party providers are also options.
A: Yes, it is possible to use Intune with a third-party identity provider like Okta or IBM MaaS 03:60.
A: Certain applications can be restricted to corporate laptops, while others can be allowed on mobile devices in an Apple shop.
A: Financial applications can be accessed on a laptop using Okta as a device for authentication and certificate validation.
A: Automation and AI can reduce the number of alerts, provide recommendations, and improve the efficiency of security operations.
Petri's recommendation to read: Avanade, the 50 000 employee was able to re-purpose 5 SOC FTEs. See how it was done: How Avanade reduced human cyber-risk and saved 5 SOC analyst FTEs with the Hoxhunt Human Risk Management platform - Hoxhunt in a nut-shell a combination of Crowdsourcing the employees together with purpose build AI was the answer.
A: Implementing proactive measures, having a closed-loop remediation process, and focusing on high-value assets and functions can improve the effectiveness of a SOC.
A: Effective communication within the SOC is crucial for coordinating responses to security events and ensuring smooth operations.
A: The human side of cybersecurity can be addressed by engaging the end-user community, integrating their knowledge into AI engines, and promoting a security-focused culture.
A: A strong policy foundation is essential for implementing effective security measures and ensuring compliance with industry standards.
A: External attack surfaces can be managed by conducting regular assessments, implementing specific controls, and monitoring for any changes or vulnerabilities.
A: Active Directory security can be fortified by implementing immutable backups, ensuring proper restoration processes, and considering the location of backups.
A: Smaller companies face challenges in terms of code security, policy implementation, and resource limitations.
A: Tabletop exercises can help evaluate the performance of a SOC, identify areas for improvement, and test incident response plans.
A: Business continuity and disaster recovery plans are crucial for ensuring the resilience of an organization's operations in the event of a security incident.
A: Effective communication with other departments during a breach can be achieved through clear escalation processes, contact information, and regular exercises.
A: Runbooks can provide standardized procedures for SOC teams to detect and prevent threats, ensuring a consistent and efficient response.
A: A long-term strategic plan is important for setting goals, prioritizing investments, and ensuring the continuous improvement of cybersecurity practices.
A: The risk of code theft can be mitigated by implementing policies and technologies like VDI (Virtual Desktop Infrastructure) for control and work purposes.
Learn as Petri Kuivala walks you through a real-life cyberattack case involving a nation state called Panda, which was related to a larger M&A case between two large companies. See the several-year hacking timeline and a high-level overview of how it happened and mistakes that could have been avoided.
Learn:
How to be prepared when the “s” hits the fan
How to be the successful CISO at the time of the storm
The most important things to do to prevent a cyberattack in the first place
Ask Petri Kuivala about the Cyberthreat Case Study or any of the resources available. He's also open to discuss your current challenges beyond what's provided. Click the button to go to Petri's calendar.
Copyright © 2020- Peer Roundtables. All Rights Reserved