An old proverb says that “when the pupil is ready, the teacher will appear.” Well, when it comes to cybersecurity, tech professionals are more than ready, but where’s the teacher?
In a way, orchestration is “Zen and the art of cybersecurity training.” Knowing how to use different security tools and how they work together — or not, as the case may be — can save an organization a lot of time and money, not to mention grief. Teaching security pros to use the organization’s security tools should be a key part of any training program.
There is no shortage of cybersecurity solutions; the market for hardware, software and services to keep networks safe is forecast to grow about 12.6% a year through 2027. Spending on the best tools looks good on paper, but if your staff is only using a fraction of the defensive firepower you own because they don’t know how to use it, or don’t understand all the capabilities they offer, then you’ve wasted your money. What is worse, if you’re not being effective at protecting the network, your organization is vulnerable.
Adding training orchestration to security training can help your organization get the best return on its investment in cybersecurity, which is a big-ticket item and growing. By 2023, businesses around the world will spend $248.6 billion on cybersecurity.
The gold standard of security, defense in depth, assigns defensive measures in a layered fashion based on the value and risk factors associated with each asset. A hacker who breaches one layer will be stopped by the next one, and will not make off with the most valuable information in the enterprise.
The layered defense model is a best practice, but with the turnover we’re seeing today among security operations professionals, it’s a challenge to maintain the necessary knowledge in-house. Often, staff learns from seeing malware and hacks in the wild, so there is little innate experience built in to deal with the vector until it occurs for real. A consistent approach of practicing the functionality of the security stack in a benign environment allows a practitioner to get more comfortable with the tools at their disposal.
A layered model also relies on pulling together multiple tools that may not have been designed to work together. Many companies have automated old-school network firewalls and antivirus software with endpoint detection and response (EDR) systems and have also added security information event management (SIEM), as well as other tools for monitoring their networks for threats, password management, encryption and software testing.
Needless to say, the more tools deployed, the more training is necessary to make them all work. Vendors can help, but only up to a point, especially since the average organization uses products from multiple different vendors. These heterogeneous tool sets and with the rampant cybersecurity talent shortage — which continues to plague enterprises — can make keeping up feel like running a race on a treadmill.
Security training orchestration can be a coach in that race. There is nothing like hands-on training to keep cybersecurity professionals sharp and ready to head off new attacks. Working side by side with the organization’s senior security analysts would be ideal for training junior staff so they can see what tools are being used and how, but that’s not always possible, especially with low headcounts and personnel now working remotely due to the Covid-19 pandemic.
Security training orchestration can help staff learn how existing tools can best handle different kinds of attacks. Training modules that can be delivered via a browser give remote staff access to real-life simulations that use the specific tools used by the organization to defend against attacks. In addition, bringing red and blue teams together in a range environment with full tool emulation and real attack scenarios drives collaboration and builds resilience. This combined approach of self-paced learning and team events enables users to learn in a hands on environment, while management can see where knowledge gaps exist, based on data collected.
Here are some tips to consider for deploying orchestration-based cyber security training:
1. Give your enterprise defenders great security content that is easily accessible and on demand.
2. Ensure the content matches your organization’s current security stack.
3. Hold team events at least quarterly that foster collaboration.
Orchestration-based training can help your organization build skills in your security operations center at a time when these are in great demand and the best cyber talent is hard to find. It can help your staff improve their skills and keep them engaged. What’s more, it can help you realize the ROI of your investment in cybersecurity tools while improving your defenses.