Patreon, a crowd-funding site, recently made headlines for laying off their five-person security team. The news broke at an unfortunate PR moment. Several high-profile businesses were breached within the week, barraging social media with tips and tricks to train your employees to avoid social engineering and equip your cyber team for breach mitigation. Technology professionals added to the conversation, predicting Patreon would regret the move.
On an organizational level, Patreon disagreed. A spokesperson from the company reported that in addition to their in-house IT staff, “We also partner with a number of external organizations to continuously develop our security capabilities and conduct regular security assessments to ensure we meet or exceed the highest industry standards.”
So why aren’t vendors, assessments, and software capabilities enough?
The 2022 security landscape resembles a California gold rush: too many shiny things to count, but not enough long-term pay off. At Ascent, we recommend diverse software solving many problems. We champion the Microsoft enterprise office and security suite as best in class, we encourage leveraging the MITRE ATT&CK framework and opensource tooling, we design and customize our own in-house SOAR scripts and dashboards, to name a few. At the same time, each software program or coding language we leverage is useless without a driving brain behind it.
People run the processes that run technology.
Take a security assessment, for example. An Azure Sentinel assessment evaluates your security automation and detection capabilities, rates your in-house CTI, and ensures your alerting system catches relevant detail to your business. Security experts run the assessment, pausing to take stock of the data surrounding your business’s network, cloud, and security technology in a hands-on way an auditor could not. Without process fine-tuning from experienced consultants, the technology and processes your business implements wouldn’t be the best use of your money.
People customize successful software.
There’s a difference between aggregated and redundant software. Aggregate software separates groups or technology modules from each other for access security. Multiple redundant layers within the same software type can frustrate threat actors and disorient their breach process. More than one SIEM (security incident event management) software providing the same redundant service provides more endpoints vulnerable to attack or deception and more investment for your security team’s time.
If a client implements a desktop antivirus and Windows Defender on employee devices, both protect against the same risk and eat a laptop’s storage space, incentivizing employees to bypass or disable both options in favor of a faster browser experience.
SIEM technology like Azure Sentinel must be directly customized to your cloud situation. More than one threat intelligence gathering platform often adds confusion and cost to your security budget. Instead, your organization needs security practitioners with your industry, location, and business model in mind to customize technology tools to your specific needs.
People ask questions essential to shaping process and technology.
Questions are essential to cybersecurity development—something software cannot generate on its own. Our clients frequently ask for a complex technology deliverable: a data sharing system that can cycle temp worker permissions in and out, automation to relieve an overworked team, dashboard views for one software solution similar to the look and feel of a legacy solution.
Along with measurable project results, clients ask for critical thinking—the ability to tackle an environment lacking one-to-one technology plug-ins. Knowing the people and designing a process around their needs necessitates customization for successful security. This means we’re passionate about user experience, but not in an abstract, cerebral way—we truly believe well-implemented technology will make your employees more secure and better at their jobs.
Security success only starts with a smooth implementation. The right people with a good process can properly leverage any technology to secure an organization.