A CISO’s Roadmap: Enhancing Detection, Automation, and Empowerment in Cybersecurity

In an era where CISOs grapple with massive amounts of data, complex threats, and automation in security operations, they need adaptive strategies and a solid foundation to maintain a strong security posture.

In episode 78 of The New CISO, Exabeam CISO and seasoned security operations expert Tyler Farrar discussed these challenges and effective ways to address them. This blog post covers Tyler’s insights, focusing on the key areas that CISOs should be aware of in order to stay ahead in this rapidly changing field.

Security operations challenges

Tyler explains that the disconnect between security operations teams’ needs and what security information and event management (SIEM) products deliver can be broken down into three fundamental challenges:

1. The explosion of data volume
2. The manual nature of cybersecurity processes
3. The persistence of attacker techniques exploiting compromised credentials

Addressing these challenges requires CISOs to concentrate on three core capabilities:

1. Scaling and controlling data through log management
2. Implementing behavioral analytics and detecting attacker techniques
3. Automating investigations into detected anomalies

Legacy SIEM solutions often fail to deliver these capabilities, resulting in security operations teams struggling to keep up with threats.

The importance of behavioral detection

Tyler notes that compromised credentials are the leading cause of breaches. Detecting abnormal behavior related to these credentials is the real challenge. While preventative measures like strong passwords and multifactor authentication are essential, he asserts that “if you don’t have the ability to detect when the behavior of the compromised account changes from normal, that’s how and why security breaches are happening.”

The benefits of Outcomes Navigator

Outcomes Navigator, an app now available on the Exabeam Security Operations Platform, visualizes gaps between the data sent to Exabeam and coverage for specific use cases — compromised insiders, malicious insiders, and external threats — mapping events to the MITRE ATT&CK^® framework.

For each use case, a detailed view is available, showing:

• Related use cases within the same category
• Existing log coverage for each category
• The data sources supporting each use case
• How well those data sources are being parsed, analyzed, used in correlation rules, and visualized in dashboards supporting that use case.

Outcomes Navigator offers recommendations to improve use case coverage, such as:

• Identifying additional data sources for increased visibility
• Suggesting improvements in field parsing
• Ensuring that data sources aren’t unintentionally omitted due to filtering

Outcomes Navigator adds value to organizations by reducing costs, bringing in the right data, and enabling SOC teams to resolve investigations more quickly and efficiently. Tyler is a strong advocate for the tool, having contributed to its development and using it daily as a CISO. He considers it a game changer, explaining, “Exabeam uses the ATT&CK framework to show gaps — or lack thereof — across every single threat actor tactic, technique, and procedure out there.”

Fostering a culture of communication and risk awareness

Tyler also emphasizes the importance of cultivating a culture of communication and risk awareness within an organization. Security leaders must be able to openly discuss the organization’s security capabilities and hold decision makers accountable. Implementing a common metrics model can help CISOs achieve this goal by gathering relevant evidence, transforming it into business risk, and reporting findings to leadership, highlighting gaps and providing assurance.

Conclusion

Tyler’s insights offer valuable guidance for CISOs navigating today’s complex cybersecurity environment. By focusing on behavior detection, automating investigations, and fostering a culture of empowerment, CISOs can protect their organizations from threats and maintain a strong security posture. By aligning with both adversaries and defenders, CISOs can transform their organizations, creating a culture of risk awareness and collective responsibility.