When I speak to customers about the adoption of a more mature security strategy, a common challenge that we often encounter is the trade-off between improving visibility of vulnerabilities, risks, and threats, and the risk of overwhelming the IT team who receive these reports and alerts. Put simply, the more security intelligence you receive, the more work you have to do to understand what is going on and to respond. As the first challenge of addressing security is visibility, it is well worth looking at security intelligence tools.
What is SIEM?
The place to start is with Security Incident and Event Management (SIEM) tools. These tools give organisations estate-wide visibility of what is happening across the IT estate. It takes both expected and abnormal events from multiple systems, and correlates this to give a bigger picture. For example, if a Softcat employee were to swipe into our Manchester office using an RFID card, and then five minutes later swipe into Marlow, this alone may not cause an alert within a system that cannot connect the two events. Individually both are acceptable occurrences; the same employee has legitimate and authorised access to both offices. It is only by bringing these events together, through correlated log analytics, that we can see the bigger picture.
What are the challenges?
Whilst of course this visibility is incredibly useful, each time the SIEM picks up an abnormal series of events, someone needs to investigate, work out if any action is required, and if so remediate the situation. Of course, this means that the business either needs to invest in the people to make the most of the information, or accept the risk that things might be missed. That's an acceptable stance, of course, but needs to be a business decision based on the organisation's attitude to risk, rather than a simple budgetary one.
What if I simply don't have the resource?
But what if you could have the visibility and agility delivered by an expertly deployed SIEM, managed by experts, at a reduced cost, with minimal resource required? There are two key advantages of such a service: firstly, you would receive the service at a consistent and predictable cost, backed by service level agreements and delivering peace of mind; and secondly that you would have a security partnership in place. No longer is your company's security a matter solely for your business; your partner has got your back and will be there to support you if the worst happens. And of course, you don't have to concern yourself with recruitment, staffing etc!
Where do I find such a solution?
Fortunately, such services do indeed exist! The industry acronym is MDR – short for Managed Detection and Response. Softcat offer just such a service, which provides multi-layered analytics, proactive threat hunting and real-time notifications of anything you should be concerned about. We also provide a dedicated dashboard for you to view and manage these alerts.
Get in touch
So, there is a way to have your cake and eat it! You can get the benefits of a log analytics platform without having to employ a load of expensive cyber security experts on staff. This provides a valuable safety net for your IT team, to help ensure that you have visibility of all potential security events – which is an important part of your wider security strategy. If you'd like to know more, our team of security specialists can talk you through your options – just ask your account manager or click on the button below.