‘The Defender’s Advantage’ explores the blueprint to intelligence-driven cybersecurity
Cybersecurity incidents are inevitable, but the way organizations prepare for and respond to these events can make all the difference. This notion underpins the content of “The Defender’s Advantage” book, a collaborative effort among 40 contributors that advocates intelligent cybersecurity, with in-depth analyses of key strategies and lessons learned from countless security breaches.
“What we see is organizations that are just doing things, they’ve set up a SIEM, they maybe have some EDR solutions, and that’s all they’re doing,” said Kerry Matre (pictured), head of security services and solutions marketing at Google LLC, and co-author of the book. “They’re not intelligence-led; they don’t know who’s even targeting them. You’re not going to be able to fight unless you have the intelligence to drive it.”
Matre spoke with theCUBE Research’s John Furrier and Savannah Peterson at mWISE 2024, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how companies that prioritize intelligent cybersecurity, practice response strategies and build strong communication plans will be best positioned to weather the storm of a cyberattack. (* Disclosure below.)
Collaboration and intentional action underpin intelligent cybersecurity
“The Defender’s Advantage” draws from real-world insights largely based on the work of Mandiant Inc., a leading cybersecurity company, and subsidiary of Google, that deals with organizations on their worst days. The book details six critical functions, the first being intelligence. It must drive the other five functions of security, helping businesses anticipate and avoid breaches, or at least minimize their impact, according to Matre.
“Another thing that we highlight in there is the response — you can do a response very poorly,” she said. “Doing a tabletop exercise is probably the easiest thing you could do to practice, and not just from the technology standpoint of how you’re going to fix your environment, but how are the executives going to communicate. You’ve got one chance to make your statement to the public; you want to make sure that it’s right.”
Another standout insight from the book is the “mission control” concept. It proposes a central hub for coordinating an organization’s response during a cybersecurity incident. Mission control is an organization’s brain during a major incident, pulling together people and resources from different critical functions to create processes, procedures and communication plans, Matre explained. Importantly, this group within mission control must be empowered to act swiftly and decisively.
“During a major incident, they’re that center, that brain — they need their finger on the pulse, they need to know what’s going on, and they’re the orchestrators,” Matre said. “One of the big things about mission control is making sure that they have the authority to act, because a lot of times, what we can see in breaches is the security team knows that a technical control needs to be fixed, the IT team doesn’t seem to think it has as much urgency as the security team does.”
Organizations often drop the ball when it comes to communicating with the public, either by being too secretive or failing to convey the severity of the breach. Transparency is key, but it needs to be managed carefully. Over-sharing can be as damaging as under-sharing, since the public will eventually find out the full extent of the breach anyway, according to Matre.
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE Research’s coverage of mWISE 2024:
(* Disclosure: Google Cloud Security sponsored this segment of theCUBE. Neither Google nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Photo: SiliconANGLE
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU