When
the
vulnerability
in
Log4j
happened,
security
teams
sought
the
answer
to
a
seemingly
simple
question:
Am
I
vulnerable?
Answering
that
question
led
to
a
maelstrom
of
activity.
Security
groups
requested
information
from
vendors
about
their
level
of
vulnerability
and,
in
turn,
had
to
respond
to
their
customers
about
whether
they
were
vulnerable.
In
many
ways,
the
entire
exercise
seemed
more
about
legal
obligations
than
making
people
more
secure.
The
deluge
of
information
—
some
of
it
useful,
some
of
it
useless
—
highlighted
the
need
to
rethink
how
we
are
doing
security
in
the
future.
We’re
living
in
a
chaotic
time.
With
a
possible
recession,
technology
companies
trimming
their
ranks,
and
businesses
pushing
further
into
the
cloud
and
adopting
more
automation
and
AI,
security
teams
need
to
re-evaluate.
Do
they
just
follow
the
traditional
playbook
without
thinking
why?
Or
do
they
improve
what
they
are
doing
to
make
security
better?
Here
are
some
focus
areas
to
reduce
chaos
and
increase
overall
security
effectiveness.
Simplify
for
Greater
Visibility
Gaining
visibility
into
your
applications
and
infrastructure
is
essential.
Companies
expanding
their
use
of
the
cloud
and
converting
applications
to
cloud-native
infrastructure
often
see
initial
growing
complexity
because
of
a
period
of
redundancy
and
hybrid
infrastructure.
Pushing
beyond
that
stage
provides
both
cost
and
security
benefits.
Limiting
the
use
of
third-party
tools
to
capture
and
analyze
data
for
security
teams
is
important.
There’s
really
no
reason
to,
say,
pull
NetFlow
data
off
the
cloud
infrastructure,
when
that
same
data
—
and
more
—
is
natively
available.
Explore
your
cloud
service
provider’s
tools.
Major
cloud
providers
will
often
provide
you
detailed
data,
and
you
can
reduce
the
complexity
of
the
infrastructure
needed
to
analyze
that
data.
Pay
Attention
to
Even
the
“Small”
Breaches
When
NASA
astronauts
start
getting
emails
in
French,
it’s
time
to
investigate.
That’s
what
happened
to
Gavin
early
in
his
security
career.
Turns
out
two
students
in
France
were
using
Telnet
to
get
into
the
NASA
server
and
using
it
to
send
email.
The
incident
ended
up
driving
a
greater
project
around
making
sure
NASA
had
a
robust
data
classification
system
and
better
data
isolation.
Weird
anomalies
can
be
signs
of
an
attack,
but
they
can
also
drive
a
security
team
to
better
understand
their
organization’s
infrastructure.
Investigations
are
time
consuming
but
also
often
worthwhile,
so
even
the
small
stuff
should
be
investigated.
Threat
Intelligence
Can
Help
Usually,
a
security
team’s
most
precious
commodity
is
time.
The
old
method
of
analyzing
every
IT
project
(even
as
they
are
changing)
and
looking
for
security
issues
is
untenable.
Threat
intelligence
can
help
cut
through
the
noise.
By
using
threat
intelligence,
your
security
team
can
take
a
priority-based
approach
to
architecture
based
on
real-world
attack
intelligence.
At
the
same
time,
they
can
deprioritize
other
areas.
Threat
intelligence
can
also
help
refine
your
playbooks
and
increase
the
maturity
of
your
security
team.
Thriving
With
Automation,
Planning
for
Layoffs
Security
teams
are
facing
other
sorts
of
stress,
with
most
economists
expecting
a
recession.
Security
teams
still
need
to
be
able
to
perform,
despite
stressors
and
even
in
the
face
of
losing
some
of
their
headcount.
To
focus
on
the
most
important
aspects
of
security,
even
with
fewer
people,
companies
need
to
adopt
more
automation,
machine
learning,
and
artificial
intelligence.
Every
team
should
be
asking
how
to
speed
up
manual
tasks
with
automation.
Automation,
correctly
applied,
can
free
up
staff
to
be
working
on
the
areas.
In
the
past,
security
teams
have
been
considered
a
roadblock
—
a
bump
on
the
way
to
a
company’s
core
business
of
making
money.
Most
teams
have
moved
past
the
reflexive
need
to
say
no.
We’re
here
to
make
sure
that
the
business
is
taking
educated
risks,
but
at
the
end
of
the
day,
just
saying
no
to
everything
doesn’t
help
anyone.
As
every
security
manager
surveys
the
horizon,
they
need
to
look
at
how
they
have
traditionally
approached
problems.
And
they
should
consider
whether
now
is
time
to
say
yes
to
something
new.
About Author
