Adam Brady and I were asked to host one of the round tables at IDC's Annual Security Conference today, I wanted to share some of the key takeaways.
The topics discussed and debated were:
- Accelerating digital business through security and compliance
- Life after GDPR
- Security in a multi-cloud environment
- Integration for automation
- Identity in a privacy-focused world
- Next-generation endpoint
- Compliance measurement
- Cognitive security
Delegate speakers included; Kevin Fielder, CISO of Just Eat. Kevin talked about current threats and how they are dealing with them. Geordie Stewart, head of security governance, risk and controls at Nationwide spoke about the logging journey - from compliance to cloud.
Industry experts included; Lee Fisher, EMEA security lead at Juniper Networks and Jeroen Herlaar, consulting services director, Western Europe at Mandiant (FireEye.) Lee examined whether the security model of today is broken, while Jerome explained that breaches are inevitable so are we ready to deal with them?
Duncan Brown, associate vice president, European security at IDC, led the roundtable session to conclude the event.
We asked: "What does effective Threat Lifecycle Management (TLM) look like for your business?"
Here are the key takeaways from our table:
- Visibility of data, understanding what normal looks like to see deviations - using good technologies and working with key partners to reduce internal workload
- Having processes in place to highlight critical threats to correct people to respond/escalate
- Automation to reduce the amount of time it takes to detect and respond to security incidents
The reality without effective TLM in place echoed common concerns highlighted to me to over the past 13 years by my clients: reputation damage, downtime of a system, loss of intellectual property, financial losses and services not being available to clients.
What was particularly interesting to me was the shift towards looking at change in user behaviour as one of the first indicators as compromise with User and Entity Behaviour Analytics (UEBA).
A great event, I look forward to returning next year!
"Organisations of all types and sizes are charging ahead with their digital transformation (DX) programs. And GDPR compliance remains a priority beyond May 2018. How can CISOs & senior security professionals ensure that they keep the organisation secure, while enabling – or accelerating – DX in a compliant manner?