5 questions to Renato Campus
1. What is the main reference point for corporate security today?
In today’s highly complex context, companies should be able to identify priorities and to rapidly respond to cyber-attacks. It is therefore necessary to highlight the main areas of intervention through a progressive logic of corrective interventions.
Visibility and Governance of IT assets are the two main reference points around which we can build an effective security posture with a high degree of automation. These two elements, based on solid company policies, are the leading tracks that allow organizations to continue developing their business without having to slow down at each new curve to verify their degree of exposure.
To achieve the adequate level of visibility, today, security managers can rely on the SIEM (Security Information and Event Management) solution. It enables continuous, contextual, timely, and efficient monitoring, and it helps managers understand the width of the perimeter to protect, triggering automation and contextual insights across endpoints, networks, clouds, and applications.
2. In 2021, advanced persistent threats have struck companies across all sectors. What will change in 2022 and how do we prepare for it?
In a highly variable context, there are two aspects that can help protect companies against advanced persistent threats: the right methodology and the ability to react to cyber threats.
In 2022, cybercriminals will continue targeting highly vulnerable companies, and ransomware attacks will become increasingly sophisticated. As a result, the demand for highly specialized cybersecurity professionals will continue to increase.
Those who are working in defense should arm themselves today with advanced monitoring, orchestration and governance solutions, End point protection and access control (On Premise and In Cloud), integrated and used by a team of highly skilled, coordinated and effectively governed cybersecurity professionals.
3. How has SIEM (Security information and event management) evolved?
The SIEM solution, has evolved into the “Security Intelligence” by integrating different capabilities (typical of other technologies): vulnerability and asset management, threat intelligence, risk assessment, ticketing, orchestration, automation and more.
Strategically and conceptually, however, not much has changed, SIEM is still based on the following main capabilities:
- Continuous integration and the widest possible collection of logs,
- Ease of use,
- Out-of-the-box content development
- Extraction and presentation of data
4. How can we guide analyst activities based on customer needs?
Security Intelligence gathers crucial data useful for analyzing and understanding security threats. The SOAR platform is one arm of the SOC (Security Operation Center). It orchestrates the necessary actions and guides analyst’s activities by adapting quality and methodologies with the specific organizational context of each client.
SIEM feeds the SOAR playbook with information, that defines the steps of the analysis, the remediation through automation of data collection, the alerting of groups and the activation of services.
5. Which cybersecurity solutions will be fundamental in the future?
The abstraction of infrastructures in the cloud era has added a new risk factor and has multiplied the attack vectors. But at the same time, security solutions have evolved as well, migrating to the cloud to protect assets wherever they are.
Today these technological areas are facing a strong mutation towards new product families such as:
- eXtended Detection and Response
- Security Internet Gateway
- Cloud Access Security Broker
- Zero Trust Access.
For over 10 years we have continuously invested in skills and certifications for the management of hybrid infrastructures, to be able to provide customers a solid support during their digital transformation. Today, we support highly complex organizations in their evolutionary path by offering the most suitable cybersecurity solutions on the market, as the IBM Security solution, Infosphere Guardium, that allows us to monitor in real time the database’s with software probes installed on server’s. We enable companies to remain secure while adopting the “crest of the wave” technological innovations.
video Security Intelligence