Enterprises continue to face a serious onslaught of cyber security threats brought about by pressing factors that cyber criminals are exploiting, many of which will upend even the most prepared of organisations in Asia-Pacific.
These factors are driven by the growth of multi-cloud usage to support digital transformation, the adoption of new digital business models in order to innovate and the advent of hybrid working caused by the ongoing Covid-19 pandemic.
The growth of spending for cloud services in Asia Pacific has increased in 2020, and has risen by over 38% to US$36.4 billion in 2020, according to IDC. The research firm also predicts that the digital economy is expected to accelerate Asia Pacific’s GDP by 65% while spending hits US$1.2 trillion between 2020 and 2023.
Meanwhile, a 2021 EY Global Information Security Survey of more than 1,000 senior cybersecurity leaders notes that 77% respondents say that they have seen an increase in the number of disruptive attacks over the last 12 months, up from 59% a year ago.
Especially troublesome was ransomware in the manufacturing and energy sectors, with 43% of them conceding they had their data leaked, according to the IBM Security X-Force Threat Intelligence team.
Correspondingly, the global cost of ransomware attacks stood at an average of US$4.62 million, according to IBM’s 2021 Cost of Data Breach report. In Asia Pacific, this figure is US$2.86 million, an increase of 14% from the previous year.
Enterprise security challenges
The above observations mean that forward-thinking enterprises, which are already digitally transforming their businesses at an accelerated pace by hybrid cloud technologies, must up their cyber security game.
In multi-cloud environments, resources are being accessed by a growing number of siloed constituents – including employees, suppliers, partners, and customers – all using multiple devices from virtually anywhere. These constituents treat data as a shared resource between users and communities.
This creates a huge challenge for security operations centre analysts (SOCs) as traditional cyber security deployments based on concepts such as “castle and moat” perimeter defence and point products can’t cut it anymore.
SOC analysts are swamped today. They have to receive alerts, handle triage, and investigate incidents at the same time. They can’t cope with the growing threats, both from inside and outside, and in volume and complexity.
SOCs also need to deal with siloed data from different fragmented security systems, which lacks the visibility and context needed for them to gain critical insights to protect the enterprise.
Worse still, an ESG research study found that 60% of companies use 25 or more unique security products, with 44% engaging more than 10 vendors. Exacerbating this is that the global security industry faces a shortage of skilled SOCs, lacking roughly about 3.1million in 2020, notes the (ISC)2 Cybersecurity Workforce Study.
All these means that SOCs are inhibited from effectively detecting, investigating and responding to threats but instead spend too much time manually correlating results or integrating tools.
This situation creates gaps, allows cyber threats to be easily missed and causes SOCs to lack the context to appreciate insights needed to reduce their organisation's attack surface effectively. SOC analysts urgently need help in three areas:
- Prioritising the increasing number of events, alerts and intelligence they have;
- Navigating multiple tools and data sources to investigate threats; and
- Reducing manual processes and consolidating tools to resolve security incidents.
Zero Trust Readiness Assessment
Read this paper to gain a better understanding of what is needed to successfully put a zero trust strategy in place to help increase security across your organization.
Download NowHow Zero Trust helps
The leading methodology to address these cyber security challenges is known as the Zero Trust framework. Based on the concept of “least privilege access,” Zero Trust is about “never trusting, always verifying and always assuming breaches can and will happen, knowingly or unknowingly.”
A Zero Trust approach aims to wrap security around every user, every device, every connection, every time, unifying and integrating security tools to protect an organisation’s most valuable assets while proactively managing threats. It works on the basis that security decisions are able to be applied closer to where the data is created, a concept that greatly accelerates threat detection.
With a Zero Trust framework in place, SOCs can prioritise threat intelligence and apply real-time detection across hundreds of use cases and across multi-cloud environments, something it cannot do under the old perimeter defence concept. It can enable hunting as a priority alongside detection and response.
Zero Trust also helps SOCs gain the capability to investigate events using machine learning tools and enables them to conduct federated searches across any data source, on-premise or in the cloud, without moving the data. SOCs are able to respond to incidents more rapidly with dynamic playbooks, automation, and orchestration across all teams.
Cloud Pak for Security
One such security platform that is based on the Zero Trust framework is IBM Cloud Pak for Security. It is an open, multi-cloud platform that connects to existing data sources to help clients generate deeper insights into threats while enabling SOCs to act faster with automation. This supports detection and response, but at the same time enables threat hunting with a continuous investigation mindset.
IBM Cloud Pak for Security works by securely accessing IBM or any third-party tools to search for threats across any cloud or on-premises location – all while leaving your data where it is. It accelerates orchestrating actions and responses to those threats, and with the data connected, enables true threat hunting.
What’s more, IBM Cloud Pak for Security is built on open source software using open standards. This combination promotes open and interoperable security, avoiding vendor lock-in and a rip-and-replace scenario by working with tools that clients already have in their environment. It combines threat management capabilities and data security into a single, modular, easy to consume solution, and can be deployed on-premise, on cloud, on multiple clouds, or on hybrid clouds. It avoids having to perform custom log collection, tagging, aggregation and rules.
Such features have allowed SOCs to analyse voluminous data without having to be swamped by the thousands of incoming security events, helping them gain a holistic view of the security landscape, which helps them to respond more quickly.
This was what Sogeti Luxembourg certainly experienced. The SOC service provider selected IBM® QRadar® Advisor, a critical offering under IBM Cloud Pak for Security to help its SOCs unify workflow and automate tasks. Typically, SOCs at Sogeti receives on average 10,000 events per second per client and 50,000 flows per minute per client, with larger clients seeing substantially higher volumes.
Sogeti’s SOCs were able to reduce the “noise” they must sift through to identify threats, which ultimately enabled them to more accurately identify false positives and be more productive.
As a result, it was able to accelerate the analysis process by 50% and improve investigation time by up to 60 times over manual investigation. It also gained improvements in root cause determination time from hours to mere minutes.
Meanwhile, Talk Talk, a UK-based broadband, landline, TV and mobile services provider, was able to contain potential threats eight times faster on average by deploying IBM Security SOAR, a part of the IBM Cloud Pak for Security platform.
SOCs at Talk Talk did not need to investigate 10 different systems to evaluate which threats are real and which aren’t. Alerts now are fully contextualised and presented on a single pane, thereby reducing manual labour of sifting out true threats while minimising false positives.
“As more enterprises move to hybrid, multi-cloud environments, security data is spread over such a vast infrastructure that will inevitably create gaps that are difficult to detect without an intuitive, automated, and comprehensive platform to detect, investigate and respond to today’s security threats,” says Mukul Mathur, Vice President, IBM Security, Asia Pacific & China.
“Cloud Pak for Security has been designed from the ground up and not by piecing features together as an afterthought. It gives enterprises a holistic view of today’s modern, connected security ecosystem designed for the hybrid, multi-cloud world. The new IBM Cloud Pak for Security as a Service further simplifies how organisations deploy a zero-trust architecture across the enterprise”
To know more about IBM Cloud Pak for Security explore this interactive demo.
You can also take an Zero Trust eXtended Security Maturity Assessment where you will receive individualised recommendations on where to focus your zero trust journey.
