As the digital and threat landscapes continue to evolve, cybersecurity and operations teams play a pivotal role. Yet in many organizations these teams are compartmentalized, preventing effective communication and thorough data analysis. Companies are likely reevaluating this model with an eye toward implementing fusion centers to help integrate these functions and enhance security.
Why you should have a fusion center
For too long, organizational silos have hindered effective information sharing. These challenges persist — and are often exacerbated by the prevalence of third-party applications, used in core business operations, that can be exploited by bad actors.
Expanding your view of operations beyond traditional cybersecurity log sources can allow you to respond faster and enhance your ability to safeguard your organization and its assets from emerging threats. Fusion centers allow cybersecurity, fraud prevention and other operational teams to work collaboratively — reducing duplicative efforts and providing richer, contextual information to help harden data security.
While fusion centers aren’t an entirely new concept, we are seeing the advantages of bringing them to the cloud as maturing data architectures become more agile and adopt new log formatting standards.
The ability to effectively manage and access large volumes of data is not just an advantage, but also a necessity. To help gain actionable insights, data architectures should go beyond integrating a data lake into a larger digital estate. They should unify information across your assets, including on-premise and multi-cloud environments. One seamless architecture enables centralized governance and streamlined data movement to help enhance visibility and proactively prevent attacks.
Leveraging modern architectures and cloud-native services on platforms like Amazon Web Services (AWS) enables organizations to move faster, using broad, deep collections of purpose-built data services integrated within Amazon Security Lake. This can help drive insights and action by enabling training grounds for various generative artificial intelligence (GenAI) foundational models so they can improve and confirm accuracy and automation through unified data access, security and governance.
Fusion centers demonstrate their necessity as data volumes surge at an unprecedented rate. Traditional on-premises data analytics approaches tend to falter in the face of ballooning data volumes because they can’t scale quickly or affordably. Some solutions also have limitations on the data storage lengths (for example, 90-day log retention), which can hamper advanced threat detection and modeling driven by machine learning.
PwC is helping companies address these challenges affordably by aggregating siloed data into a single repository powered by Amazon Security Lake. This allows them to conduct analytics and machine learning directly on this data, while other data is stored in purpose-built data stores for quick insights from structured and unstructured data.
Essential factors to anticipate
Your cybersecurity operations require a thorough evaluation of your organizations’ infrastructure, policies, processes, and personnel. Take these points into consideration:
- Does my existing solution have limitations for my desired use cases?
- What is our roadmap for incorporating GenAI to help enhance detection and prevention use cases?
- Are we leveraging machine learning algorithms to help automate anomaly detection for potential fraud?
- What is the plan for automation of manual, swivel-chair tasks?
- Are there cost-effective opportunities between teams handling various response functions (e.g. cybersecurity and fraud)?
- Do we have data sitting across on-premises and multi-cloud environments that could be used to help enrich our response process?
- Is there an opportunity to enhance metrics and reporting to help demonstrate value to executive leadership?
This is where a cloud-native fusion center built on AWS can demonstrate its value. By bringing together data from different sources, a fusion center allows for an enriched, holistic view of activities, effectively bridging the gap between cybersecurity and fraud detection. Using this approach, organizations can take advantage of the centralized data platforms present in many security information and event management (SIEM) solutions, fraud systems, and the data lakes that chief information security officers (CISOs) have at their disposal. Having a holistic view of potentially vulnerable data, along with the ability to automate security checks, helps organizations enhance their data security and avoid the potentially staggering financial and operational losses caused by breaches.
A new era of cybersecurity
In response to the need for improved information sharing and holistic data analysis, PwC created a fusion center built on AWS to help take advantage of the platform’s substantial compute, storage and transformation capabilities. This platform utilizes the Open Cybersecurity Schema Framework (OCSF) for security log data normalization and streamlined analysis provided by Amazon Security Lake.
OCSF provides a standard schema for common security events, defines versioning criteria to help facilitate schema evolution, and includes a self-governance process for security log producers and consumers. Most cybersecurity vendors are either OCSF compliant or have a roadmap to become compliant, which makes it easier to make use of the fusion center from day one. Where given log sources have not yet adopted OCSF, PwC has a process to help normalize that data so it is usable.
Further, this system is designed to deploy in a client’s AWS footprint in many regions. The result is ultra low latency and high availability in near real-time, offering a powerful solution for organizations looking to better safeguard their assets and help streamline their operations.
Fusion centers have the potential to help revolutionize how businesses operate, resulting in more productive and effective communication and helping reduce financial losses caused by cyber attacks. By combining cybersecurity, fraud prevention and operational data in a fusion center, you can stay ahead of potential threats, protect your assets and remain resilient in an ever-changing digital landscape.
Learn more about how a fusion center powered by Amazon Security Lake could benefit your business.
Read the full article here