One of the main challenges when investigating an incident is being able to convert all the raw data (typically logs) that you can gather into TTPs (Tools, Techniques and Procedures), or even better, into operational information.
Gartner has recently published the Market Guide for Security Threat Intelligence Product and Services by analysts Craig Lawson, Brad LaPorte, Ruggero Contu, John Collins and Mitchell Schneider, which provides end users with guidance on how to ensure that they are getting the best value from threat intelligence services.
In a post COVID-19 world the security landscape of many organisations has been radically realigned. In particular, the healthcare sector was facing significant challenges prior to the pandemic, so the current situation has only added to the security burdens they face.
With most employees working from home amid today’s COVID-19 outbreak, VPN and remote access to enterprise resources have drastically increased. This is a huge challenge for the IT and security departments as many security experts believe that the current VPN deployments are designed for a small percentage of employees of the organizations and not for the overwhelming number of teleworkers who now need to access them repeatedly throughout the workday.
In these uncertain times, CISOs are having to deal with an entirely new security profile for their organisations. The ability to control every security facet on end users’ machines has been loosened considerably.