Expert Speak
SOC Modernisation: A Digital Labrador for Next-Level Cybersecurity
Written by Ammar Enaya, Regional Director – METNA, Vectra AI
The Arab Gulf region has a well-deserved reputation for being a frontrunner in technology adoption — a reputation that its governments have retained throughout the Fourth Industrial Revolution. In the digital transformation era, managed services wormed their way onto the agenda of most, if not every, regional organisations, but until recently — cybersecurity remained an afterthought.
However, governments in this region have a way of inspiring others by example. By adopting economic visions with technology pillars that put cybersecurity front and center, GCC leaders pushed digital risk management to a top-priority position in the private sector. And those efforts have paid dividends. Saudi Arabia is second and the UAE fifth, on the International Telecommunication Union’s Global Cybersecurity Index for 2020.
But there’s still work to be done. Security professionals are overworked and under-resourced. This starts in the security operations center (SOC), which all too often is holding on to a legacy that has had its day. Modern complexities of rogue devices, remote employees, and multi-cloud environments have brought previously unseen levels of unpredictability to the SOC. These transformative changes coupled with advanced attack methods used in today’s ransomware and supply chain attacks equal a disaster waiting to happen for any organisation that isn’t thinking about modernizing the traditional approach.
The Old Way Opens Doors for New Attacks
Traditionally, the legacy SOC is centered around prevention (think SIEM and IDS), which for the most part is obsolete against modern threats and attack methods. The tools typically deployed in this scenario equal a high cost of ownership and fail when it comes to the detection and response of in-progress attacks. This is because the technologies used today have grown past the SOC as we’ve come to know it. The perimeter no longer exists, and cloud deployments are outpacing security. Analysts are having to work harder to trawl manually through limited data sources only to arrive at inaccurate conclusions. Ultimately what you’re left with is a lack of visibility and a security team scrambling through inefficient workflows at a high price.
The time for change is now. We’ve seen again and again how prevention techniques fail to detect ransomware attacks. These are human driven attacks — where malware isn’t deployed until the final step — meaning the only chance to stop it, is by detecting and stopping attacker motions inside an environment. Nowadays, attackers are finding all types of clever ways to bypass MFA. And while endpoint detection is important, it’s no match for a crafty attacker with stolen credentials.
But the good news is that defending against today’s attacks doesn’t have to be as impossible as the headlines might lead you to believe.
Moving Towards a Modernized SOC
Before we look at the alternative, it is also worth considering the life of today’s security professionals. Who without, the SOC would be the equivalent of falling trees in an empty forest. While the customer experience was all the rage before the pandemic, organisations must now prioritize the employee experience. The now-established efficacy of remote work means the region’s cyber-talent can work anywhere they want. So, as the region builds SOCs, it needs to design ecosystems that relieve burdens on technologists, or it risks losing the most qualified candidates to foreign employers.
This is all the more reason to modernize and take a futureproof approach that prioritizes visibility and workflow, acting as a kind of digital Labrador retriever — capable of sniffing out and fetching the most evasive targets and dropping them at the feet of threat hunters. It still uses event logs and SIEM tactics but supplements them with richer endpoint and network data. It mixes the disciplines of endpoint detection and response (EDR), AI-driven network detection and response (NDR) and user and entity behavior analytics (UEBA). The new SOC drapes a net across on-prem, cloud and cloud-native apps, allowing it to detect previously unknown suspect processes and lateral-movement attacks.
And if you’re looking for a place to start, meaningful AI can lend an immediate hand in the SOC. Everything from improving alert accuracy, optimizing investigations, threat hunting and adding extra horsepower so analysts know which threats to prioritize, can be achieved with the right AI platform. AI can also help SOCs play to the strengths of its players. For example, AI is incredibly proficient at dealing with large sets of data efficiency and at speeds unmatched by humans. On the other hand, humans are exceptional at dealing with ambiguity and contextualizing information — things they’ll be able to do with AI on their team. An analyst can’t see an attack evolving in the middle of the night, but the right AI can catch and stop it so they can get some rest once in a while.
A Breath of Fresh Air in the SOC
Modernization is the future for any organisation intent on delivering an efficient, sustainable SOC. And while this is becoming an increasingly urgent matter for many organisations in order to defend against today’s attacks, it can also be approached in phases by setting achievable goals. For example, if you lack the visibility necessary to accurately detect and respond to an adversary, you may want to prioritize implementing a solution that can help spot early attack signals like recon, privilege escalation, and lateral movement. Or if your organisation has traditionally been focused on prevention, it could be time to evaluate where security investments need to be made in order to gain coverage throughout the entire environment.
In a region where regulatory compliance keeps a lot of stakeholders up at night, a modernized SOC can greatly enhance governance and instill confidence in regulators, investors, and customers. The ability to detect, score and prioritize threats in real-time ensures swift and effective resolution of issues and prevents costly and embarrassing breaches.
Fewer manhours, better outcomes, lower costs, faster resolution, tighter compliance, and the ability to go up against unknown and stealthy attacks? Now that’s a Labrador that deserves a treat.
Cyber Security
Skills Gap Exposes Organisations to Risks
Written by Rob Rashotte, Vice President, Global Training & Technical Field Enablement at Fortinet (more…)
Expert Speak
Telegram’s Privacy Paradox: The Challenges of Balancing Security and Responsibility
Written by Ram Narayanan, Country Manager at Check Point Software Technologies, Middle East
In the complex and ever-evolving world of digital communication, Telegram has emerged as a platform that uniquely exemplifies the tension between privacy, security, and the responsibilities of tech companies in the 21st century. From its inception, Telegram has distinguished itself from other social networks and messaging apps by offering features designed to enhance user privacy and facilitate large-scale communication. These include end-to-end encryption (in secret chats), anonymous accounts, and the ability to create groups with up to 200,000 members, making it a popular choice for users worldwide. However, this popularity brings significant challenges, particularly in the realm of cyber security.
One of Telegram’s most distinctive aspects is its strong emphasis on privacy. Unlike many other platforms, Telegram allows users to join groups and communicate without revealing their phone numbers, offering a level of anonymity highly valued in an age where digital footprints are increasingly scrutinized. This focus on privacy extends to its encryption practices, with end-to-end encryption available in secret chats, ensuring that messages are accessible only to intended recipients. Additionally, Telegram’s use of its MTProto protocol for standard chats balances speed and security, making it a preferred choice for users prioritizing both performance and privacy.
However, the same features that make Telegram attractive to privacy-conscious users also create vulnerabilities that can be exploited by malicious actors. The platform’s capacity for anonymous communication and its less aggressive approach to content moderation have made it a haven for those engaging in illegal activities. From the sale of illegal goods to the coordination of cyberattacks, Telegram’s infrastructure has, at times, facilitated activities outside the bounds of the law. This has led to growing concerns among governments and cybersecurity experts about the potential for misuse.
The recent arrest of Telegram’s CEO under allegations related to the platform’s use by illegal groups has brought these issues to the forefront. This event highlights the ongoing struggle to balance the protection of user privacy with the need to prevent and mitigate illegal activities online. It also raises important questions about the responsibilities of platform providers in policing content and communications on their networks. In a world where digital privacy is increasingly valued, how can platforms like Telegram ensure they are not inadvertently enabling criminal behaviour? What role should governments and cyber security firms play in monitoring and regulating these platforms?
From a cyber security perspective, Telegram’s challenges are significant. The platform’s distributed infrastructure, spread across multiple jurisdictions, makes it difficult to block or take down, even in countries where it is officially banned. This resilience against censorship is one of Telegram’s key strengths, allowing it to remain operational in regions with restrictive governments. However, it also means that law enforcement agencies face significant hurdles in monitoring and shutting down illegal activities on the platform. The built-in proxy support that allows users to bypass government restrictions further complicates efforts to control the flow of information and activity on Telegram.
Another key issue is the scale at which Telegram operates. With the ability to create groups of up to 200,000 members, Telegram facilitates the rapid dissemination of information, which can be both a blessing and a curse. While this capability allows for the formation of large, engaged communities, it also makes it easier for bad actors to spread harmful content or coordinate large-scale illegal activities. The sheer size of these groups makes moderation a daunting task, and Telegram’s relatively lenient approach to content takedowns has been a point of contention for critics who argue that the platform does not do enough to curb illegal behaviour.
Despite these challenges, Telegram’s rise to popularity is understandable. The platform offers a level of privacy and functionality that is unmatched by many of its competitors. For users who value their anonymity and want to engage in large-scale communication without the fear of being tracked or monitored, Telegram is an ideal choice. The platform’s features are particularly appealing in regions where government surveillance is prevalent, providing users with a means of communication that is resistant to censorship and government interference.
However, as the arrest of Telegram’s CEO demonstrates, the platform’s success comes with significant risks. The fine line between protecting user privacy and enabling illegal activities is one that Telegram, like many other tech companies, must navigate carefully. The challenge lies in finding a way to uphold the principles of privacy and freedom of speech while also taking proactive measures to prevent the platform from being used for nefarious purposes.
For cyber security firms, the situation with Telegram underscores the importance of developing advanced solutions that can address these complex issues. As the digital landscape continues to evolve, tech companies, governments, and cyber security experts need to work together to create an environment where users can communicate freely without fear of their privacy being compromised, while also ensuring that these platforms are not used to facilitate illegal activities. The arrest of Telegram’s CEO is a reminder of the ongoing challenges in this space and the need for continued innovation and collaboration to protect both individual freedoms and global security.
In conclusion, while Telegram offers unique advantages in terms of privacy and scalability, these same features also pose significant challenges from a cybersecurity standpoint. The platform’s resilience, anonymity, and large group capabilities make it both a powerful tool for legitimate communication and a potential hotspot for illegal activities. As we move forward, it will be crucial to find a balance that allows for the protection of user privacy while also addressing the security concerns that come with such a powerful platform.
Cyber security Tips for Telegram Users:
- Enable Two-Factor Authentication (2FA): Adding an extra layer of security to your Telegram account helps protect against unauthorized access.
- Be Cautious with Public Groups and Channels: Always verify the authenticity and purpose of public groups or channels before engaging to avoid potential scams or malicious content.
- Regularly Update Your Telegram App: Ensure you have the latest security patches and features by keeping your Telegram app updated.
- Use Secret Chats for Sensitive Conversations: Secret Chats offer end-to-end encryption, providing an additional layer of privacy for sensitive communications.
- Monitor App Permissions: Regularly check and manage the permissions Telegram has on your device to prevent unnecessary access to your data.
Cyber Security
Is Artificial Intelligence a Boon or Bane for Cybersecurity?
Written by Sergey Belov, Head of Internal Security at Acronis (more…)
-
Cyber Security1 week ago
Global Cybersecurity Efforts Gain Momentum, But More Action Needed
-
Cyber Security1 week ago
Proofpoint Sets New Standard for Human-Centric Security
-
Homeland Security1 week ago
Homeland Security Market is Expected to Surpass $900 Bn By 2032
-
Homeland Security1 week ago
Lockheed Martin Delivers C-130J Super Hercules to Egypt
-
Events1 week ago
GITEX Digi_Health 5.0 Expo-Summit Asia Launches in Thailand
-
Cyber Security1 day ago
UAE and Saudi Arabia Face Unprecedented 70% Rise in Threats: Positive Technologies
-
Cyber Security2 days ago
BotGuard OÜ to Offer Live Demos at GITEX GLOBAL 2024
-
Cyber Security12 hours ago
AmiViz Champions Cybersecurity Innovation at Leading MENA Events