Relationships Matter Series: A CISO’s Perspective on How to Expedite Incident Response in the Cloud

Relationships Matter Series: A CISO’s Perspective on How to Expedite Incident Response in the Cloud

Rich Noguera, VP of Security Services here at vArmour, is back with another episode in the Relationships Matter Series -  this time with expert insight on how to expedite incident response in the cloud with application visibility. 

For all the CISOs and Incident Response teams out there, this conversation is integral to further understanding the blast radius in your cloud environments to remediate what matters. Specifically, by identifying: 

    • Importance of application visibility for efficient and speedy incident response
    • Criticality of understanding the blast radius to remediate what matters
    • Advantages of application visibility to identify key targets of concern and critical assets to quickly react and respond to a security incident

Watch the 3 minute interview here, or see below for the text version of the interview:

 * * *

Q. Why is Incident Response at speed so important for CISOs?

RN: Once the bomb has gone off, you are on a time clock - you have to determine how quickly you can contain the spread of the damage of that explosion, and how quickly you can contain it from spreading or increasing in size. Think of it as the blast radius; you can’t have the blast radius hit its maximum potential. You need to see and respond as quickly as possible. 

Q. As a CISO, what are some challenges of Incident Response in the cloud?

RN: First and foremost, as a CISO, do you know what clouds you are connected to? Do you know what the development teams have brought in from external clouds or external third party code? It is very difficult to respond to events in the cloud that you aren’t aware of.

Q. How can a CISO or practitioner make the Incident Response process more efficient?

RN: Understanding what is important is what helps responders actually get the job done, and knowing how do you stop the collateral damage from spreading to other key systems and key resources.

Q. What are some key questions a CISO should ask to ensure efficient Incident Response?

RN: The most important questions to ask are: What are my applications doing? What are they communicating with? And, how are they behaving? 

Q. How does vArmour make it easier for CISOs to visualize cloud environments?

RN: Establishing visibility and visualization requires a lot of legwork, including log ingestion, normalization and building dashboards.

vArmour, right of the box, has the ability to visualize [with vArmour Security Graph technology] what key targets of opportunity or concerns, critical infrastructure, customer databases and core application platforms are that need to be secured, versus, for example, having to build that manually into a SIEM.

vArmour Security Graph helps qualify and identify crown jewels or critical infrastructure, so you can quickly react and respond to systems that you care about most. In order to determine exactly what you should care about, Security Graph uses ML/AI to identify key databases and critical systems based on their data flow behavior. vArmour helps qualify decisions and enables you to act much quicker than if you had to go through vulnerability reports on your own. 

Q. What additional value does vArmour bring to CISOs and their organizations?

RN: vArmour helps make the Incident Response process easier because as part of the Security Graph function vArmour enables IR teams to prioritize and quickly act on the critical components of infrastructures whether that be core databases or management systems. As we begin to extend our connector reach via Policy Manager, so will our ability to define security group policies and/or activity group policies. In the endpoint space, we are quickly building reach into orchestration layers so that we can quickly push policies that move or isolate systems if they become vulnerable. 

 * * *

If you want to connect with Rich to discuss more about expediting Incident Response with application visibility, send a note here to schedule a meeting, or to see how the Application Controller can visualize application relationships in your cloud, download a free trial

Stay tuned for our next episode on how vAmour makes the compliance process easier with application visibility.

More about Rich Noguera, VP Security Services, vArmour

In addition to being CISO at Yapstone and Gap, Rich held leadership and operational positions at Accenture, Yahoo!, Symantec, McAfee, and Deloitte & Touche LLP. Moreover, as an active proponent of threat intelligence exchange, Rich helped establish the Retail & Hospitality Cyber Information Sharing Center as a founding Board member, and was an active member of the Advanced Persistent Threat Group of the Bay Area CISOs Group.