1 minute read
The CISO
The CISO is responsible for information security This means that data, devices, services, network, and nearly everything technology-focused is secure The CISO normally is responsible for the SOC and all of the security analysts
There is a very common issue that exists with regard to technology in nearly every organization
• CIOs want things to run so the company can be profitable, regardless of the overall security
• CISOs want things to be secure, regardless of the overall functionality of the organization
These two conflicting concepts can cause a significant technical and strategic split for the organization
It And The Ad Admin
The AD admin works for the business to ensure that AD and all of the services associated with daily tasks are constantly available. If AD is not available, even for a few minutes, services and applications will fail to authenticate, causing a disruption to users ’ tasks The AD admin knows that many modifications to AD and domain controllers can cause these disruptions, such as:
The AD admin is certainly concerned about security, but this is trumped by the need to have AD running 24x7. Thus, configurations and other vulnerabilities are scattered throughout AD configurations, objects, and object attributes, leaving gaping holes that attackers can exploit CIOs want things to run so the company can be profitable, regardless of the overall security
Security And The Soc
The SOC is filled with numerous tools and security experts that create elaborate rules to detect security issues in nearly every technology that is running on the network. SIEM, SOAR, EDR, XDR, AV, and more provide the SOC with information regarding all devices and activity which could lead to a security issue or even attack With all devices sending information into the SOC, sometimes at GB/sec, the SOC analyst must be quick, efficient, and intelligent enough to know when the logs and rules are telling them a security issue is at hand versus normal behavior With such diverse devices, applications, and services, combined with GB/sec of data, it is impossible for the SOC analyst to know the inner workings of every device, service, and operating system So, the SOC focuses on the most common areas that can indicate a security issue or attack. This leaves various and cavernous holes in the fabric of the network, which can be exploited by an attacker without notice.
