- SOAR 101
Preface: This is the last installment of our three-part blog series called “Stories from the Front Lines”. This installment is slightly different, in that it features three different archetypical characters from different departments. Each of the problems they face is different, but keep reading to get to the part about a common solution.
Story: Kevin, a security investigator, starts his day by opening up an investigation on a long-time staff member. Standard investigative process dictates that one of his first steps will be to run a search on this person, to contextualize current events by examining the person’s history. Unfortunately for Kevin, this means logging into three different systems, to run three separate searches, for each and every case. His department has used three different incident/case management systems during his tenure, and those legacy databases remain siloed from their current tool, creating a time consuming and repetitive process for each and every new case that is opened.
That same morning, three floors down, a fraud investigator named Karen closes down her investigation, frustrated. What a waste of time! 3 weeks of work down the drain! Duplicate person-records created, a messy database, skewed metrics, a ton of wasted time and effort, and it all could have been avoided. If only the Fraud Deterrence team had visibility into what the Loss Prevention team was working on, and vice versa. The operations of these two departments have a ton in common, but collaboration is being sacrificed in favor of privacy and information security. Karen wonders if this is the only way.
At a nearby satellite office, a data loss prevention system kicks up an event to an investigator named Jesse for verification. Upon closer examination, Jesse assesses the event, fills out an Excel template that her department relies on, and decides to escalate by sending an email over to the criminal forensics team for further investigation. She wonders briefly how many of the events she escalates turn out to be false positives, whether there might be room for improvement in her vetting process… if only she had some visibility into the results of the forensic investigation… but no time for that. She has to move quickly to fill out a privacy checklist document, and fire it off as part of yet another email, this time to the privacy team, ensuring this event is on their radar. She needs to do all of this quickly and accurately, so she can get back to wading through DLP events, which are coming fast and furious.
It is probably quite apparent here that these three user stories share a common problem: they all revolve around issues cause by segregation, and/or duplication, of information systems within an enterprise. Here, entering 2017, this problem remains endemic among Fortune 500 companies. The “Silo Effect” is a well-documented problem, even in the realm of academia, as well as in this recent article by Nick Candito at Entrepreneur.com. Large organizations have been acquiring and implementing information systems for almost three decades, often stacking up, one on top of another, into a convoluted-mess.
The consensus for several years has been for organizations to seek systems consolidation, or at the very least, integration. The benefits of systems consolidation are illustrated by cio.com’s 2008 case study on Qualcomm’s migration to a single system of record. Notoriously expensive, and difficult to implement, ERP systems were the first to bring many different departments of an organization together onto a single information backbone. HRIS and CRM systems followed suit, offering lower cost-flexible alternatives that could be molded and configured around the needs of an individual enterprise. The hugely-desirable concept of a “single system of record” thus became more attainable and affordable to more companies, and a wider swath of departments within an organization. The game had changed, and the benefits were real and measurable, but yet some organizational functions have been slow to follow suit. In particular, security, and related functions have tended to put the importance of safeguarding sensitive information ahead of the vast efficiency benefits of collaboration and systems consolidation.
This is a false choice.
Driven by the need to comply with privacy legislation such as HIPAA, leading incident/case management systems have evolved highly effective technologies which can enable collaboration, while maintaining compliant “need-to-know” access policies. Many security professionals are not aware that modern configurable information systems can cater specifically to the needs of many different departments simultaneously; delivering on the needs for streamlined workflow, succinct and tailored information capture, and optimized searchability, while also strictly maintaining the integrity of sensitive information.
D3 recently worked on a major project for a large multi-national bank where 12 different departments (Fraud, Intelligence, Loss Prevention, Investigations, Executive Protection, Cyber Incident Response, Digital Forensics, E-Discovery, Data Loss Prevention, Privacy, Risk, and GSOC) were able to consolidate and streamline their efforts onto a single system of record, replacing a whopping nine point solutions from their tech stack. Information security policies were extremely strict, but by using role based access controls, and ad hoc tools for both sharing, and restricting information beyond organizational pre-sets, the bank was able to drastically reduce duplication, create a climate of collaborative productivity, and improve critical intelligence sharing across the security-elements of its enterprise. Concurrently, after migrating legacy data, they were able to retire eight of the nine legacy systems, resulting in a massive cost savings in both software licensing, as well as server support and maintenance, which all but off-set their initial investment.
The quagmire of siloed systems and departments is real, and is visible in every organization. The ones that are able to outperform their rivals in 2017 will be those courageous enough to embrace modern cross-departmental toolsets, and fully leverage the benefits of information technology while shedding the weighty burden of the redundancies and inefficiencies brought by siloed point solutions.
To learn how D3 Security can help your organization leverage the power of secured streamlined workflows, succinct and tailored information capture and optimize searchability, click on the button below to schedule a demo.
Do you want to see D3 in action? Join us for a 25-minute deep-dive demo and see how our award-winning Security Orchestration, Automation, and Response (SOAR) platform helps security teams accelerate incident response, scale processes, and learn from every incident.REGISTER NOW