Managed Security Services and Threat Detection and Response

Trend 11 – Orchestration, automation and response technology revolutionizes incident management

Incident management has traditionally been executed with defined standard operating procedures or playbooks. However, security analysts who were given these playbooks during an investigation provided inconsistent outcomes and delayed responses.

SOAR technology has revolutionized the way security operations work by bringing a standard to playbook development. Playbooks are broken down into smaller incident response task pieces and are defined systematically to automate the response wherever possible. It has created a granular way of looking at the incident to decide how it must be investigated. SOAR platform integration with other technology controls has elevated the maturity of an organization’s security operations program and enabled a mean time to detect, mean time to respond and mean time to resolve in a matter of minutes.

Infosys has helped one of its customers deploy and manage its security operations with SOAR, which has benefited the organization with increased investigation quality and effectiveness. The systemic implementation has led to significant manual workload reductions.

Managed Security Services and Threat Detection and Response

Trend 12 – Cloud-specific protection programs provide advanced security monitoring

Traditionally, an organization’s data resided in its physical data center, where security controls were deployed and monitored. Now, as they move their data to reside in the cloud, its security is in question regarding who is accessing the data, how it is accessed and who is sharing the data. CASB solutions can help by shadowing data and IT.

A CWPP provides multiple capabilities, including:

  • Workload configuration and vulnerability management
  • Network segmentation, firewalling and traffic visibility
  • Workload behavior monitors – essentially EDR for servers (also referred to as host-based intrusion detection systems)
  • Anti-malware scanning
  • System integrity measurement, attestation and monitoring
  • Application control
  • Log management and review

CSPM platforms assess cloud workloads and provide a view of the risk involved in those tenants, such as security misconfigurations, vulnerabilities, lack of encryption, improper encryption key management, extra account permissions and more. With CSPM’s high value, organizations have started integrating it into their DevOps processes.

Infosys helped one of its customers with CWPP implementation and monitoring, which has strengthened the cloud instances and lessened threats. We enabled comprehensive hybrid cloud reviews and threat detection and integrated CWPP with a SIEM platform for incident response.

Subscribe

To keep yourself updated on the latest technology and industry trends subscribe to the Infosys Knowledge Institute’s publications

Infosys TechCompass