How cross-operational teams can improve security posture

Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.

To borrow a phrase, cybersecurity takes a village. 

Or, as Joe Levy, chief technology and product officer at Sophos, put it: “modern cybersecurity is becoming a highly interactive team sport.”

And, some organizations are making this official by establishing cross-operational — or cross-functional — security teams. 

Sophos, for one, recently launched Sophos X-Ops, a cross-operational unit that leverages artificial intelligence (AI) and links three established teams: SophosLabs, Sophos SecOps and Sophos AI. 


MetaBeat 2022

MetaBeat will bring together thought leaders to give guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.

Register Here

Cyberattacks, “…have become too complex for any singular threat intelligence team to go at it alone,” said Levy. “Defenders need the breadth and scale of a collaborative group to provide multi-faceted, 360-degree views of attacks for optimal defenses.” 

Not just goalies

In a new research study commissioned by data management company Cohesity, 81% of respondent IT and security operations (SecOps) decision makers agreed that, at the very least, IT and SecOps should share the responsibility of their organization’s data security strategy. 

However, nearly a quarter reported that collaboration between the groups was not strong. Furthermore, 40% of respondents said collaboration between them has remained the same even in light of increased cyberattacks.

This continues to be the case across industries, according to experts. But multidisciplinary teams should be an imperative — they can discover, gather and analyze predictive, real-time, real-world, researched threat intelligence. This allows them to more quickly respond — and at scale — to evolving, well-organized, persistent, increasingly sophisticated threat actors.

“The adversary community has figured out how to work together to commoditize certain parts of attacks while simultaneously creating new ways to evade detection and taking advantage of weaknesses in any software to mass exploit it,” said Craig Robinson, research vice president of security services for ICD.

Robinson emphasized that cross-collaborative teams are “stealing a page from the cyber miscreants’ tactics.” 

Cross-operational teams also take a page from the federal playbook. In March 2022, FBI Director, Christopher Wray, discussed the FBI’s plans to partner with the private sector to counter cyberthreats. 

“What partnership lets us do is hit our adversaries at every point, from the victims’ networks back all the way to the hackers’ own computers,” he said. He added that “trying to stand in the goal and block shots isn’t going to get the job done.”

By partnering with private enterprise, “we’re disrupting three things: the threat actors, their infrastructure and their money,” Wray said. “And we have the most durable impact when we work with all of our partners to disrupt all three together.”

The SOC of the future

Levy agreed that effective, modern-day cybersecurity requires robust collaboration at all levels, internally and externally. 

Cybersecurity experts are obsessed with improving detection and reaction times — and for good reason. Along the attack chain, there are many spots that can be breached and/or hidden within the network. 

“We’re against a clock to detect and stop attackers at multiple points along the attack chain,” said Levy. 

Sophos X-Ops, an advanced threat response joint task force that launched in July, helps teams make discoveries faster while also providing more comprehensive layers of protection, said Levy. By integrating and sharing information and expertise, they can more easily thwart attacks and jointly analyze them. They are procedurally enabled by common systems, synchronized methods of program and project management and shared playbooks. 

The concept of an artificial intelligence (AI)-assisted security operations center (SOC) anticipates the intentions of security analysts and provides relevant defensive actions, said Levy. Effective AI requires not just access to massive amounts of data, but curated or well-labeled data, as well as continuous feedback loops between models and the operators they’re designed to benefit. 

He called it the “SOC of the future,” and added that the security software and hardware company plans to publish research, technical papers, and intelligence to serve as templates for others in the industry.

Healing security pain points

All told, Levy said, scalable end-to-end security operations should include software developers, automation engineers, malware analysts, reverse engineers, cloud infrastructure engineers, incident responders, data engineers and scientists — establishing an organizational structure that avoids silos. 

“A serious pain point within cybersecurity  — and really any intelligence operation — is the challenge of having the right intelligence but struggling to get that information to the right people at the right time for the right use,” agreed Alexander Garcia-Tobar, CEO and cofounder of Valimail. 

The San Francisco-based has developed a Domain-based Message Authentication, Reporting and Conformance (DMARC) tool to help mitigate certain types of fraudulent mail.

As Garcia-Tobar noted, huge amounts of data move through organizations every day — business, industry and personal data, financial information, “just an absolute wealth of valuable information ripe for hackers to exploit,” he said. 

Multidisciplinary teams combine IT operations, security operations (SecOps) and other relevant departments to help prevent this. 

“Think of it like security working at devops speed,” he said. 

While those ultimately sitting at the table depends on an organization’s size as well as its industry, when building an effective cross-functional team, think about all the stakeholders associated with your organization’s data compliance, said Garcia-Tobar. 

This can include personnel from logistics, as well as a chief compliance officer, chief HR officer, CIO, CISO, chief privacy officer, chief risk officer and general counsel. 

Tying the group together is someone to “as its champion” that can set clear goals and clearly communicate expectations. Executive support is essential, as ultimately, each collaborator has its own goals and priorities, he said. 

“When they’re at odds with the success criteria of another team, you get friction,” he said, describing executive leadership as “the beacon guiding what’s best for the organization as a whole.”

Trust, communication, diversity

Another fundamental ingredient for cross-functional teams to work effectively? Trust. 

“When it’s lacking, cross-team efforts stutter and often fail,” said Garcia-Tobar. 

Therefore, it is incumbent upon executives and individual team leaders to establish trust — and foster buy-in — across all stakeholders. This is a matter of “building bridges and championing competency, transparency, openness and fairness,” he said. 

Also critical is effective communication via regular touchpoints, providing everyone the opportunity to solicit feedback, provide input, reinforce priorities, and keep everyone informed and up-to-date. This helps to keep organizations in compliance with regulation, and they can use collected data to understand how different areas of the organization impact one another.

Building a diverse team gives organizations the advantage of multiple perspectives operating from facts and hard data and shared insights to drive innovation and more informed decision-making. And, thus, “more insightful, well-reasoned outcomes.” 

“Everyone is responsible for security. Cross-team collaboration enables teams to respond more quickly to cybersecurity threats, improve resilience, reduce risk — and above all, cultivate dynamic partnerships that drive innovation,” said Garcia-Tobar. 

All told, executive leadership must prioritize security, set security goals, present them to boards who hold them accountable, and continually review progress. 

“When companies prioritize a security culture — that is, a robust, rigorous people-first risk management strategy — they’re better equipped to ward off cybersecurity threats,” said Garcia-Tobar. 

He added that, “implementing a cross-team approach generates more open conversations around security, empowering teams to reinforce priorities and drive accountability from all departments and stakeholders.”

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.