Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Operations. Show all posts
Vulnerability Operations Center
CISO Cyber Security IT Security Operations Vulnerability Operations Center

The Need For A Vulnerability Operations Center (VOC) in Modern Cybersecurity


 

Many organisations tend to focus on immediate threats, prioritising the detection and mitigation of the latest vulnerabilities. However, this approach overlooks a broader issue: many cyberattacks exploit vulnerabilities that have existed for years. In fact, 76% of vulnerabilities targeted by ransomware were identified more than three years ago, highlighting a critical gap in long-term security strategies.

Why VOCs Matter

To effectively address this gap, organisations should adopt a more centralised and automated approach to vulnerability management. This is where a dedicated Vulnerability Operations Center (VOC) comes into play. A VOC serves as a specialised unit, either integrated within or operating alongside a Security Operations Center (SOC), with the primary task of managing security flaws within the IT infrastructure. Unlike a SOC, which focuses on real-time threat alerts and incidents, a VOC zeroes in on vulnerabilities—identifying, prioritising, and mitigating them before they escalate into serious security breaches.

What Is a VOC?

Creating a seamless connection between a SOC and a VOC is crucial for effective cybersecurity. This integration ensures that vulnerability data is quickly and efficiently passed to threat response teams. The process begins with appointing a team to set up the VOC, overseen by the Chief Information Security Officer (CISO) or another senior security leader. Given the scope of this initiative, it should be treated as a major security operations project, with clear roles and responsibilities outlined from the start.

Connecting VOC and SOC

The initial step involves using vulnerability assessment tools to evaluate the organisation’s current security posture. This assessment helps to identify existing vulnerabilities across all assets. The next phase is to aggregate, clean, and organise this data, making it actionable for further use. Once this dataset is established, it is integrated into the SOC’s security information and event management (SIEM) systems, thereby enhancing the SOC’s ability to monitor and respond to threats with greater context and clarity.

Focusing on Risk

An essential component of VOC operations is moving beyond just technical vulnerability assessments to a more risk-based prioritisation approach. This means evaluating vulnerabilities based on their potential impact on the business and addressing the most critical ones first. Automating routine SOC tasks—such as regular vulnerability scans, alert handling, and patch management—also plays a vital role. By implementing automation tools that leverage the VOC’s data, SOC teams can focus on more complex tasks that require human intervention, improving overall efficiency and effectiveness.

Continuous Improvement

Once the VOC is fully operational, the focus should shift to continuous improvement and adaptation. As new vulnerabilities and trends emerge, the SOC must update its monitoring and response strategies to keep pace. Establishing feedback loops between the SOC and VOC ensures that both teams are aligned and responsive to the incessant development of threats.

Building a Strong Policy

Moreover, a strong policy and governance framework is necessary to support the integration of the VOC and SOC. Security teams need to define clear schedules, rules, and Service Level Agreements (SLAs) for addressing vulnerabilities. For example, vulnerabilities like Log4j, which are widely exploited, should trigger immediate notifications to SOC teams to ensure a swift response.

The Future of Security

While setting up a VOC may seem challenging, it is a critical step towards addressing the persistent vulnerability issues. Unlike the current reactive approach, a VOC allows for a more proactive, risk-based management of vulnerabilities across IT and security teams. By moving beyond the outdated, piecemeal strategies of the past, organisations can achieve a higher level of security, protecting their assets from both old and new threats.


Read more »
Tri-City Medical Center
Cybersecurity cybersecurity specialists Healthcare hospital management Oceanside ongoing cyberattack Operations patient privacy Tri-City Medical Center

Ongoing Cyberattack Hampers Operations at Tri-City Medical Center in Oceanside

Tri-City Medical Center continues to grapple with the repercussions of a cyberattack that commenced on Thursday morning, extending its impact for over 24 hours. In an update issued on Friday afternoon, the hospital management revealed that all elective medical procedures have been temporarily halted as efforts are underway to restore their systems to full functionality. The decision to take information systems offline was made in response to the detection of suspicious network activity.

Although the public hospital on state Route 78 is still receiving patients at its emergency department, ambulance deliveries are being diverted to alternative hospitals through the county emergency medical system.

Tri-City, in its Friday statement, disclosed collaboration with cybersecurity specialists and law enforcement to investigate the cyberattack. However, the hospital has not confirmed whether the cybercriminals responsible for infiltrating their data systems have demanded a ransom, potentially implicating patient privacy.

The hospital's information systems were taken offline promptly upon the detection of suspicious activity on Thursday morning. The delay in prroviding more detailed information about the attack aligns with a common post-cyberattack communication strategy, as explained by Chris Van Gorder, CEO of Scripps Health. Drawing from Scripps Health's experience with a ransomware attack in 2021, Van Gorder emphasized that legal advice often guides organizations to disclose limited details in the aftermath of such incidents.

Tri-City has not clarified whether access to its electronic medical records system, crucial for patient treatment, remains intact. Similar cyberattacks on other hospitals have resulted in a loss of records access, necessitating a return to paper record-keeping by frontline caregivers.

Tri-City emphasized its commitment to prioritizing the health and wellness of patients despite the ongoing challenges. Meanwhile, Chris Van Gorder underscored the complexity of cybersecurity in the healthcare sector, describing it as a war against international terrorists. He argued that even with significant resources, government entities are not immune to successful cyberattacks.

In the wake of the cyberattack, emergency department traffic at Scripps Memorial Hospital Encinitas has reportedly increased. However, it remains unclear whether Palomar Health, operating two inland North County hospitals, has experienced notable spikes in patient traffic.
Read more »
Security
Cyber Attacks Cyber Data Data Operations Safety Security

The ALMA Observatory has Suspended Operations due to a Cyberattack

 

Following a cyberattack on Saturday, October 29, 2022, the Atacama Large Millimeter Array (ALMA) Observatory in Chile has suspended all astronomical observation operations and taken its public website offline. 

Email services are currently limited at the observatory, and IT specialists are working to restore the affected systems. The organization announced the security incident on Twitter yesterday, saying that given the nature of the incident, it is impossible to predict when normal operations will resume.

The observatory also stated that the attack did not compromise the ALMA antennas or any scientific data, indicating that no unauthorized data access or exfiltration occurred. In an attempt to learn more about the security incident, BleepingComputer contacted ALMA Observatory, and a spokesperson shared the following comment:

"We cannot further discuss the details as there is an ongoing investigation. Our IT team was prepared to face the situation and had the proper infrastructure, although there is no flawless defense against hackers. We are still working hard on the full recovery of services. Thanks for your understanding." - ALMA Observatory.

The ALMA observatory is made up of 66 high-precision radio telescopes of 12 m diameter arranged in two arrays and is located on the Chajnantor plateau at an elevation of 5,000 m (16,400 ft). The project cost $1.4 billion, making it the most expensive ground telescope in the world, and it was created through a collaborative effort involving the United States, Europe, Canada, Japan, South Korea, Taiwan, and Chile.

Since its normal operational status in 2013, ALMA has contributed to a pioneering comet and planetary formation studies, participated in the Event Horizon project to photograph a black hole for the first time in history, and detected the biomarker 'phosphine' in Venus' atmosphere.

The observatory is used by scientists from the National Science Foundation, the European Southern Observatory, the National Astronomical Observatory of Japan, and other organizations from around the world, so any interruption in operations has ramifications for multiple science teams and ongoing projects.

For the time being, users should keep an eye out for status updates on the NRAO's website or the ALMA Observatory's social media channels. Observers can seek assistance from the organization by using this online portal.
Read more »
Subscribe to: Posts (Atom)