Why security monitoring falls short and what can be done about it

September 27, 2019 | Aaron Sierra

picture of a pretty keyboard in the dark

Photo by Emmanuel on Unsplash

There are parts of every business considered to be critical to its ability to function. Email, accounting, and customer service are a few. Indeed, if email went down, accounts receivable stopped, or customers couldn’t talk to anyone, the business would suffer. There is another critical function of business that isn’t widely viewed as such: security monitoring.

If you’re not “hands on” with security day-to-day, you might have just read that and thought, “…whaaaatever.”

Yet, what would happen if your company was hacked and you suffered a critical, prolonged outage? Or if your company was featured in the next credit card breach headline? Would you reconsider the importance of security monitoring in the aftermath of these events?

Yes, security monitoring is a critical business function because it is a vital element of any meaningful cyber security strategy. Without a doubt, a sound monitoring capability can prevent and minimize loss of revenue, data, value, and trust associated with a breach. Why then, is it one of the most under-funded and under-resourced functions in many businesses?

More often than not, it is because organizations fail to approach it with the rigor and discipline applied to other core business functions. And when you fail to take that approach, there will be inevitable shortcomings in the implementation and operation of the security monitoring program. This is part of the reason so many businesses continue to fall victim to cyberthreats, costing immense losses every year.

Frequently, we’re called into a company because a breach has already occurred. In those moments, budgets are out the window, as all hands are on deck to assess and contain the threat, and to recover critical business operations. In the aftermath of damage control, the focus shifts to an introspective post-mortem. We seek to understand the vulnerabilities, gaps, and even attitudes that gave way to such havoc, and to implement the necessary practices to help prevent such a breach from happening again.

Almost always, we find that the prior security monitoring effort could much better be defined as a “concept” rather than a “program” or “capability”. We routinely see clients with a few generalists from their IT or security departments overseeing the effort, but not full time, and with little (if any) training in the practice. Security monitoring is a specialty, and it requires well-trained analysts to perform the job correctly.

There are countless manifestations of threat activity that a seasoned analyst knows how to spot and investigate. This ability comes with training, experience, and often the support of a broader team that can provide their own insights and guidance. Even then, these folks need standardized processes to ensure the consistency and effectiveness of the operation.

No matter how capable they may be, even the most skilled generalist is at a constant disadvantage in knowing what to look for, how to investigate it, and getting it right time-after-time. Moreover, budget constraints and competing priorities dictate that these individuals are seldom provided ample time to perform their work thoughtfully and thoroughly. Given these realities, most organizations will find that building a strong monitoring program in-house is an uphill battle.

Unless you are among the fortunate few who can afford to acquire, train, and retain the talent to staff a SOC, you may want to consider a partner who can bring the SOC function to you.

Want to learn more? Join Alagen’s webinar on September 30 to hear me talk about the benefits — performance and financial — of hiring a managed security partner to monitor your environment.

You'll learn:

·       How to think holistically about security monitoring

·      Common pitfalls of operating your own Security Operations Center (SOC)

·       The performance and financial upsides of hiring the right managed security partner

Aaron Sierra

About the Author: Aaron Sierra

Aaron Sierra, Sr. Security Architect at Alagen cybersecurity services firm, is a passionate cyber security leader and consultant with nearly two decades of developing, leading, and advising diverse security programs. Leveraging this deep experience, Aaron advises security programs of all sizes and maturity levels with highly-differentiated security solutions that address the most daunting security challenges of each unique organization. He is also an avid surfer who strives to make regular appearances on the waves near his home in southern California.

Read more posts from Aaron Sierra ›

‹ BACK TO ALL BLOGS

Get the latest security news in your inbox.

Subscribe via Email

Watch a Demo ›
Get Price Free Trial