Deneen DeFiore, Vice President & Chief Information Security Officer, United Airlines

“Communication and partnership with your providers have to be more collaborative and inclusive.”

We treat our MSSP as an extension of our team and our security operations capability. It’s about ensuring that the MSSP team members understand the priorities, know the threat landscape, are clear about what they should be looking for, and embrace our expectations for a response. All this is especially important now because things have changed so rapidly. Communication is vital, so make sure that you disseminate the changes you’re making quickly. A bit of negotiation may be required, as
well. New requirements that would have been negotiated over a couple of weeks before the pandemic — well, that timeline is probably no longer acceptable. Things need to be done in a day or two now.

When some companies began to allow their employees to work from home, they may have had a couple of virtual private network (VPN) connections. Now, in the new landscape, it’s all VPN connections. That means integrating those log sources having the right threat models, indicators of compromise, and alerts firing; and defining the right thresholds for when escalations are necessary. Such tasks will have to be done in a snap now, whereas before they would have been a project. Timelines are accelerated now. Communication and partnership with your providers have to be more collaborative and inclusive.

This is an excerpt from 7 Experts on Transforming Your Threat Detection & Response Strategy.  This eBook was generously sponsored by Trustwave.