Bridging the Effectiveness Gap: A CISO's Perspective on New-Scale SIEM with Tyler Farrar
Episode 783rd November 2022 • The New CISO • Steve Moore
00:00:00 00:43:56

Share Episode

Shownotes

In this episode of The New CISO, Steve is joined by Tyler Farrar, the CISO at Exabeam.

With malware-free attacks becoming increasingly common, Tyler understands the best ways to bridge the effectiveness gap. With this in mind, he shares his SOC philosophy and the importance of threat detection. Listen to the episode to learn more about the act of prevention, the pillars of a SIEM product, and why attackers gravitate toward credential techniques.

Listen to Steve and Tyler discuss the steps to success in an age of constantly increasing data :

Meet Tyler (2:06)

Host Steve Moore introduces our guest today, his colleague, Tyler Farrar. Before working at Exabeam, Tyler was a customer.

With his impressive background in the security field, Tyler explains Exabeam's perspective on "defender behavior" and balancing incident response and crisis management with prevention.

The Focus On Prevention (5:50)

Steve presses Tyler on how you should balance your methods to increase prevention. Tyler lists different preventative tools, such as firewalls, and stresses the importance of detecting suspicious activity early on.

Tyler gives his take on how response becomes prevention in crisis management. Preventative tools can fail, so being able to detect suspicious behaviors is critical.


Addressing The Gap (10:36)

Addressing the gap in analytics, Tyler recognizes that there is a difference between what the security team needs and what the SIEM product delivers. 

Every company faces an immense volume of data, an inefficient manual cyber process, and software that can fail to detect the attacker's behaviors. Tyler lists the solutions that can counteract these problems, including behavioral analytics.


The Rise Of Malware-Free Attacks (14:32)

Steve points out how 71% of cyber-attacks are credentialed and malware-free. Tyler explains that attackers use the compromised credentials approach because it is easy. CISOs can miss the mark because legacy software can be ineffective at detecting threats.


New-Scale SIEM (20:43)

According to Tyler, new-scale SIEMs would be able to securely ingest data from anywhere, parse through that information quickly, and then store that information and make it searchable.

Tyler also explores his philosophy on how to design a SOC. One example of a productive SOC is conducting risk assessments throughout the organization to identify gaps and then acting on those results.


Life Of The Analyst (28:52)

Steve presses Tyler on how the experience of the investigation factors into meaningful work for the analyst. 

Tyler stresses the importance of SOC leadership to make the team effective. A stressed SOC can lead to the loss of talented workers and affect the company's security.


New Software Ahead  (33:16)

Tyler discusses the products he is looking forward to on the horizon. Every CISO's goal is to keep their company safe. Being able to show all the threats and vulnerabilities in place would be hugely valuable, which is why Tyler is interested in Systems Navigator.


SOC Philosophy (49:55)

Tyler's top SOC philosophy is to be aligned with your adversaries and learn how they think in addition to your defenders. Understanding both perspectives can create a culture of empowerment and protect the organization from threats.


Links mentioned:

LinkedIn


Follow

Links

Chapters

Video

More from YouTube