Many organizations still rely heavily on prevention and log aggregation. But today’s cloud-first reality makes that model incomplete. In this conversation, Jason Norred, CISO and security practice leader at Solutions II, explains why incident readiness has become essential and how Cloud Detection and Response (CDR) technology is helping teams respond faster and more effectively.

Featuring: Jason Norred
CISO and Security Practice Leader, Solutions II

Jason Norred:

Today we see many organizations focused on prevention and sending some log data to a SIEM or some kind of logging solution. This is really insufficient in today’s modern threat landscape. The need to be prepared from an incident response capability standpoint is extremely critical to an organization’s continued success.

Cloud detection and response technology is becoming a must-have in today’s landscape.

I’m Jason Norred. I’m the CISO and security practice leader for Solutions II. We’re a solutions provider and a managed services provider headquartered in Denver, Colorado, servicing clients large and small, coast to coast.

As a managed services organization, we see organizations facing threats in the cloud all the time. Very frequently, it’s due to the ever-expanding attack surface that clients are not even aware they have—through their expanding identity silos, SaaS applications, and cloud adoption, both through known cloud adoption and unknown shadow IT.

Incident prevention—I feel like that’s kind of the “left of boom,” where organizations are laser-focused on preventing bad things from happening. The reality is, bad things are going to happen. And with that ever-expanding attack surface, it’s just almost a surefire thing that bad things will happen.

So, while organizations should not ignore the left of boom and prevention, focusing on and investing time, energy, and tooling around incident response—the ability to react to an event when those bad things happen—is critically important. That’s probably one of the largest areas we see gaps in as we talk to organizations, from SMBs all the way up to very large global enterprises.

Organizations are consuming cloud, typically multicloud. They have multiple identity repositories, and they have a plethora of SaaS applications. It’s extremely important, if you’re building a response capability, to be able to incorporate and gain visibility into all of those silos.

Organizations should consider a CDR like Mitiga due to the fact that today, you need tooling and technology that’s going to allow you to gain visibility across all of your silos—your multicloud, your identity, your SaaS applications—and do threat detection and event correlation across all of those areas.

Mitiga provides a way to potentially decrease the cost of log containment and ingest cost, and ultimately get your return—security business value—back to the business in a faster, more efficient manner. It also allows security teams to operationalize and execute on that data and response activities faster.