Andrew Goodall, from Elastic, explains how organisations can prepare for new legislative obligations by upgrading their threat detection capability.
As the Critical Infrastructure Bill moves through parliament it has the potential to dramatically change the security landscape in Australia.
The bill will introduce additional positive security obligations for critical infrastructure assets and require providers responsible for delivering critical infrastructure to disclose a data breach within 12 hours.
To disclose a breach within as little as 12 hours, technology can play a vital role in the threat detection process and enable the timely exchange of threat intelligence between trusted partners.
However, for critical infrastructure providers who manage operational technology (OT) systems that are built on legacy technologies, implementing effective security controls to mitigate risk remains a challenge. Detecting anomalous behaviour across IT and OT layers to enhance detection and response capabilities requires a solution that can analyse huge volumes of data at speed, which is a challenge for most security information and event management solutions.
However, there are new solutions that can act as a powerful cog in enhancing legacy systems, unifying siloed data, and accessing critical information at speed – without a rip and replace transformation.
For example, extended detection and response (XDR) solutions that complement or consolidate existing threat detection and response tools, offer insights across cloud, on-premises IT, and OT domains in seconds and at petabyte-scale to give instant insight into contemporary and historical exposure.
These XDR solutions have the power to unify data stuck in silos to look around “data corners”. They can also be “dropped in” to legacy IT infrastructure to get a unified view across the entire IT and OT infrastructure, enabling faster detection and response to threats.
Introducing an XDR solution can eliminate the manual processes inflicted on security teams that are created by siloed detection and response technologies and empower them to respond to threats at machine speed. In turn, the reduced time-to-insight enabled by XDR allows for more rapid sharing of threat intelligence with security stakeholders in the government and industry partners.
If critical infrastructure providers are to detect threats quicker, it will not suffice to adhere only to the parameters of the bill. They will need new solutions that can instantly help identify the root cause of a cyber issue, before it becomes a bigger, more serious problem.
Andrew Goodall is the federal director at Elastic.