Broaden the Analytical Skills within Your SOC
- Many companies run behavior-analysis tools with out-of-the-box settings. You need to start out of the box, then you fine-tune it to your environment and your baseline.
- An established SOC has many of the necessary skills in place, but it needs to adjust its focus so that analysts understand not only what the malware is doing, but also its impact on the business.
“They need to focus more analysis on how the malware impacts their environment, not necessarily every tiny thing that a piece of malware does.”
For Katrina Biscay, a director of information security and manager of incident response at the University of Cincinnati, a layered approach to security remains the best strategy in an increasingly dangerous cyber environment. “Unfortunately things like fileless malware and polymorphic malware are not new, but a lot of organizations have lacked preparedness,” she says. “Now it’s costing the organization, from ransomware and the fees and recovery costs associated with that, to reputation impact, and compliance fees and reporting guidelines which are much stricter now than they ever were before.”