For most companies, cybersecurity is neither a “one size fits all,” nor an “all or nothing” undertaking but rather a dynamic, nuanced mix of changing goals and solutions. Strategies for evolving security infrastructures, expertise and operations must all progress in phases based on requirements, resources, and results. Netenrich recently asked Sonesta Hotels Security Engineer Dave Borman about the company’s strategy for evolving cybersecurity. With sites spanning seven countries, Sonesta takes a methodic, multi-layered “Defense in Depth (DiD)” approach that includes sequencing processes, mechanisms, and redundancies to defend attack vectors. The company recently upgraded its Security Operations Center (SOC) by adopting Intelligent SOC from Netenrich featuring IBM QRadar SIEM capabilities.
The Netenrich solution quickly overcame challenges associated with real-time monitoring and visibility.
“We were using an application that was kind of kludgy,” Borman recalls. “We would get notifications that an issue existed, but the details and reporting weren’t always there. It was difficult to say, ‘this is something we’ve already seen and don’t need to see anymore,’ and we might go a few months without realizing a certain tool wasn’t reporting into the system.”
Engaging Netenrich to manage alerts, logs, and the SIEM accommodated Sonesta’s maturing cybersecurity needs and infrastructure. “You can’t be afraid to make changes if something no longer fits,” Borman says. “With Netenrich, we get a lot more information and it’s easier to absorb and make assessments as to whether something needs to be fixed right away, and the best way to do it. It’s far and away better than what we were using previously.”
Intelligent SOC helps ensure the right things get fixed at the right time—and stay fixed—and nothing important slips through the cracks. With that handled, the next phase of evolution becomes one of prioritization and becoming more proactive.Rethink SOC Strategies | Download eBook
Defense in Depth: Resolution beyond alerts
“First, we spent a few years addressing challenges around getting a view of our entire environment—are we getting the right amount of alerts? Do we know what our vulnerabilities are?” Borman recalls. “Once you’ve got all this information, the next step is looking at what needs to be fixed, what needs to be fixed first, and of the resources we have on staff, who can get things resolved the fastest.”
Borman distills this down to a simple process: Determine what the issue is, contextualize the issue, get it fixed, and verify that it stays fixed. From there, the strategy evolves toward prioritization and becoming more proactive about things like patching and shrinking the company’s digital attack surface. Here, having rich threat context and deep expertise enables a sophisticated approach to risk management.
The team starts by looking at which systems and applications are most critical, then at what controls are already in place. “If we have a significant vulnerability in one application, we look at whether we’ve already got two or three corresponding controls for it, which would give us more time to fix it,” Borman says. “If we’ve only got one control in place and something fails, we’ve got a problem, so those things get fixed right away just in case.”
Sound risk management controls also take new applications and other changes into account. “Even though we move on and expand to other controls, other tools, we don’t forget about the original problems and what we needed to fix,” Borman adds. “We go back continuously and make sure those things are still fixed and that any changes we might have made since haven’t increased our risk.”CISOs, Looking To Bridge Cybersecurity Skills Gap In 2021? Try Intelligent SOC.
Evolution beyond 2021
With planning for the coming years filled with complex new challenges, evolving cybersecurity strategies must continue to create balance between requirements, resources and results. Intelligent SOC lets Sonesta invest in ongoing optimization and innovation simultaneously.
“Efficiency is always important, but it’s also wrapped inside new initiatives,” Borman says. “We’re efficient, and we’ve outsourced some of the day-to-day things to Netenrich so that our team can go out and investigate new applications, new tools, and integrate all these things together, which is always a major challenge.”
Like most enterprises, Sonesta remains reluctant to have many security issues remediated automatically without first making experts aware. “One question with automation is what kind of testing happens before the change is made?” Borman explains. “If you push out a patch without testing and something happens you’re not going to look very good. Even if you wait a couple of weeks, every patch needs to be tested in all the right environments because you still risk taking down half your network. Most of us have lived through something like that and don’t want to do it again.”
The team would, however, consider turning more hands-on remediation over to trusted managed security service provider (MSSP) partners at some point. “If we find a problem and the partner knows what to do, or it’s something we don’t have the time or resources to fix ourselves, we could let them go ahead and take care of the issue to free up even more resources on our side,” Borman says. “You just have to have a level of trust and a lot of good communication.”Is your SOC Intelligent? | Read Blog
Netenrich Intelligent SOC also positions enterprises to consume new capabilities as needed on a “pay as you grow,” outcome-based basis. Non-traditional SOC capabilities include deeper threat intelligence and external risk management (ASM) using Netenrich Knowledge NOW (KNOW) and Attack Surface Intelligence (ASI) solutions. A complement to pen testing and Red Team exercises, ASI provides ongoing discovery of external digital risk from brand and domain exposure, vulnerabilities and misconfigurations.
“One of the things we’ve seen is that it lets us know about expired certificates,” Borman says. “It’s also good to see any issues with sites belonging to some restaurants located within our hotels though we’re not really in control of those.”
Learn more about Intelligent SOC
With additional functionalities to address the Dark Web, cloud, and breach and attack simulation, Intelligent SOC delivers the flexibility, expertise, and investment protection needed to scale best practices for years to come. Enterprises can get what they need when they need it to continually speed response, retain skills, and reduce run costs while improving their security posture.
Tune into Dave Borman’s discussion with Brandon Hoffman on gaining greater efficiencies in your SOC operations through our Sonesta Hotel’s video series.
Visit the Netenrich site to learn more.
Subscribe To Our Newsletter!
The best source of information for Security, Networks, Cloud, and ITOps best practices. Join us.
Thank you for subscribing!