There are parts of every business considered to be critical to its ability to function. Email, accounting, and customer service are a few. Indeed, if email went down, accounts receivable stopped, or customers couldn’t talk to anyone, the business would suffer. There is another critical function of business that isn’t widely viewed as such: security monitoring.
If you’re not hands on with security day-to-day, you might have just read that and thought, “…whaaaatever.”
Yet, what would happen if your company was hacked and you suffered a critical, prolonged outage? Or if your company was featured in the next credit card breach headline? Would you reconsider the importance of security monitoring in the aftermath of these events?
Yes, security monitoring is a critical business function because it is a vital element of any meaningful cyber security strategy. Without a doubt, a sound monitoring capability can prevent and minimize loss of revenue, data, value, and trust associated with a breach. Why then, is it one of the most under-funded and under-resourced functions in many businesses?
More often than not, it is because organizations fail to approach it with the rigor and discipline applied to other core business functions. And when you fail to take that approach, there will be inevitable shortcomings in the implementation and operation of the security monitoring program. This is part of the reason so many businesses continue to fall victim to cyberthreats, costing an estimated $3B in losses every year.
Frequently, we’re called into a company because a breach has already occurred. In those moments, budgets are out the window, as all hands are on deck to assess and contain the threat, and to recover critical business operations. In the aftermath of damage control, the focus shifts to an introspective post-mortem. We seek to understand the vulnerabilities, gaps, and even attitudes that gave way to such havoc, and to implement the necessary practices to help prevent such a breach from happening again.
Almost always, we find that the prior security monitoring effort could much better be defined as a “concept” rather than a “program” or “capability”. We routinely see clients with a few generalists from their IT or security departments overseeing the effort, but not full time, and with little (if any) training in the practice. Security monitoring is a specialty, and it requires well-trained analysts to perform the job correctly.
There are countless manifestations of threat activity that a seasoned analyst knows how to spot and investigate. This ability comes with training, experience, and often the support of a broader team that can provide their own insights and guidance. Even then, these folks need standardized processes to ensure the consistency and effectiveness of the operation.
No matter how capable they may be, even the most skilled generalist is at a constant disadvantage in knowing what to look for, how to investigate it, and getting it right time-after-time. Moreover, budget constraints and competing priorities dictate that these individuals are seldom provided ample time to perform their work thoughtfully and thoroughly. Given these realities, most organizations will find that building a strong monitoring program in-house is an uphill battle.
Unless you are among the fortunate few who can afford to acquire, train, and retain the talent to staff a SOC, you may want to consider a partner who can bring the SOC function to you.
Want to learn more? Watch the webinar “Why Companies Move to Managed Security Monitoring” to hear me talk about the benefits — performance and financial — of hiring a managed security partner to monitor your environment.
- How to think holistically about security monitoring
- Common pitfalls of operating your own Security Operations Center (SOC)
- The performance and financial upsides of hiring the right managed security partner