Security Operations (SecOps) is where IT operations and IT security come together. It is one of those few places in the organisation where common interests rise above vested interests for the common good. At least, that’s the theory.
SecOps’ main goal is to improve the security posture of the organisation by identifying, preventing and mitigating threats at the point of entry. The byproducts of an efficient and effective SecOps function are improved operational efficiency, enhanced compliance, and better incident response.
SecOps comprises security information and event management (SIEM), network security monitoring (NSM), endpoint security, vulnerability management, incident response, threat intelligence, access control and security awareness training.
So, given all these technologies and expertise under one roof, why do organisations continue to breach? For one thing, getting these different components to work in unison presents a daunting challenge.
Nick Lim, VP of APAC for Tanium, says SecOps efficiency remains hampered (at least in many large organisations) by security and operations teams prioritising their issues using their independent tools. “This creates a mismatch between departments and the types of solutions when solving cross-departmental issues,” he continues.
“This is a big hurdle that stands in the way of SecOps efficiency, and ultimately a platform approach can help to alleviate this issue by providing departments with a unified tool, overcoming any mismatch and ensuring the most efficient approach.”
Nick Lim
The SecOps operations – post-pandemic
In the Proofpoint, 2023 Voice of the CISO report, 68% of CISOs participating in the survey said they feel at risk of a material cyber attack in the next 12 months suggesting that security professionals are acknowledging the new reality of post-pandemic elevated concerns.
Lim opines that post-pandemic, many organisations are still facing the same issues when integrating security (Sec), operations (Op), and IT development (Dev). “Moreover, development teams traditionally work independently, leading to operational difficulties and security concerns upon deployment. DevSecOps aims to mitigate these issues by fostering collaboration and integration,” he adds.
He concedes that despite theoretical benefits, practical implementation faces numerous hurdles. He suggests a platform approach to facilitate cohesion between security and operations teams, enabling them to operate on the same platform.
“This approach acknowledges the longstanding complexities in aligning Dev, Sec, and Op while offering a tangible step towards unified operations,” he adds.
The AI equation
Asked whether he sees AI can improve SecOps efficiency, Lim says improvement is possible. “But first, understanding what the challenges are and how can AI help, are crucial,” he cautions.
“Security teams already face a daunting task due to overwhelming data, hindering efficient threat detection. AI offers promise with its ability to analyse vast datasets, though data quality remains vital,” he adds.
Lim claims that AI can enhance efficiency, but proper implementation is essential. “In summary, while AI holds potential, utilising it effectively is key to addressing security challenges and improving organisational defences,” he adds.
Integrating AI into SecOps
How does an organisation integrate AI into SecOps without adding further risks with the runaway use of AI tools like GenAI?
Lim believes that as AI becomes readily available, many organisations are exploring it out of curiosity. “However, for effective integration into mainstream operations, organisations must establish robust data governance. Data forms the core of AI, and without proper management, its potential may be limited or even counterproductive,” he elaborates.
He goes on to add that in organisational contexts, where sensitive data is abundant, governance becomes even more critical to prevent mishaps.
“Beyond governance, cultural factors also influence successful integration. Therefore, ensuring a conducive culture alongside strong governance practices is essential for leveraging AI's benefits while mitigating risks in organisational settings,” he went on.
Top 3 considerations before bringing AI into SecOps
For Lim, leaders must carefully consider several factors before integrating AI into mainstream operations. Beyond testing, the first thing to consider is defining the problem to solve is paramount, prioritising and clarifying objectives.
The second is ensuring data governance and quality, preferably with real-time data, as outdated data can lead to inaccurate insights.
“Lastly, fostering a culture that sets realistic expectations, allocates resources effectively, and acknowledges AI's limitations. Addressing these aspects can pave the way for successful AI integration and problem-solving within organisations,” he continues.
Will AI transform SecOps?
Security vendors are hopeful that leveraging AI in areas such as automation, threat detection and data-driven decision-making present real benefits for the organisation, including elevating the efficiency and effectiveness of SecOps.
Lim says “Autonomous endpoint management represents the future of efficiency and collaboration. Analogous to autonomous vehicles, it streamlines operations and enhances security. This innovative approach addresses existing challenges by leveraging AI, promising substantial improvements.”
He acknowledges that the technology is still nascent but is positive that autonomous endpoint solutions will ultimately aid in resolving existing ones.
Click on the PodChat player to hear Lim elaborate on how the security team can enhance the efficiency of SecOps.
- In your view, what are the hurdles to SecOps efficiency?
- Do you see AI (identify which AI variant) can improve SecOps efficiency? Briefly describe how.
- How does an organisation integrate AI into SecOps without adding further risks with the runaway use of AI tools like GenAI?
- What are the top 3 areas to consider before bringing AI into SecOps?
- Summing it up? How do you see AI transforming SecOps?