3 Reasons you Need Managed Security MONITORING

Managed Security Monitoring

The goal of strong or compliance level security is nearly unobtainable for small to medium sized businesses. Regulations require 24×7 managed security monitoring as does “best practices”, but who can afford the experts that can staff that level of effort.  You cannot have strong security without threat detection and response capabilities.

 

The following are three reasons why companies need to adopt managed security monitoring. Then we can discuss how businesses can obtain this level of security without hiring a team of 10 people just for this one important security effort.

 

1. You Need to be Regulation Compliant

  • Your customers are demanding it
  • Your partners are demanding it
  • You in a regulated industry like financial, healthcare, government, retail,
  • You sell Internationally

 

2. You Want to Upgrade to an Integrated Security Solution

  • An integrated security solution Incorporates threat intelligence from ALL your security & IT (servers, network etc)
    • Versus islands of security that don’t share threat information
  • Correlating threat and attack information into one place allow you to see patterns
  • Analyzing using AI/ML and trained security analysts lets you see attacks developing
  • Your individual security solutions and IT systems may not see the big picture

 

3. You Want to Catch Threats and Attacks Before they Become Breaches

  • Individual security solutions are good at analyzing isolated threats
    • Such as endpoint, gateway, access control, data usage, Web app usage etc
  • Today’s attacks are multi-step attacks that slowly wind their way through your IT systems
  • The only way to catch these attacks is by correlating threat information from ALL your systems and security
  • By applying AI/ML and advanced correlation rules using a SIEM, attacks can be caught early

 

How to Acquire Managed Cybersecurity Monitoring?

  • The most effective way to acquire complete security monitoring is by deploying and managing a SIEM (Security Information and Event Monitoring) solution.
  • To get the results that you need from a SIEM, you need 24×7 security monitoring and management by a team of experts.
  • Since most companies cannot afford to staff that, most companies outsource SIEM monitoring to a 3rd party company with a 24×7 SOC (Security Operations Center).

 


 

For more information on 24×7 Managed Detection & Response Services

 

Contact Us to Discuss Solutions for Your Company

 


 

Confused by Terms & Acronyms Used by Security Vendors?

To achieve a regulation compliant security monitoring solution, what is needed is 24×7 monitoring provided by a Security Operations Center (SOC) using a SIEM (Security Information and Event Manager). This enables a complete view of all security and IT threats. This is commonly referred to as an MDR solution.

  • MDR (Managed Detection and Response) – This normally refers to a managed service that detects threats and attacks and to responds to them by blocking and remediating. This is usually associated with a 24×7 SOC solution as described in this article. Unlike old security solutions that only attempt to prevent attacks, this is a more realistic approach to security and is required by most security regulations.

 

Industry Terms that may confuse what is needed or available. Here are a few of those terms.

  • EDR (Endpoint Detection & Response) – These are enhanced endpoint security products that add detection, analysis, threat hunting and mitigation for servers and other endpoints.
  • XDR (Extended Detection & Response) – Vendor specific detection and response tools that integrate multiple security products. The most prominent examples are endpoint security products (like EDRs) that also integrate other security information from email security or perhaps firewalls into one pane of glass for viewing and analyzing. Endpoint security vendors specifically have tried to extend EDRs into something mimicking what a 24×7 SOC with a SIEM can do, but XDRs are mostly endpoint centric, may not be managed and limit the threat information that is used for detection and response. These are not a substitute for a complete MDR as delivered by a 24×7 SOC using a SIEM.

 


 

REGULATIONS THAT REQUIRE MANAGED SECURITY MONITORING

Here are several examples of security regulations that the security monitoring they require. A general statement about security regulations is that they all want companies to have security monitoring of all your security and IT infrastructure. So, in that sense if regulations are important to your company, then overall security monitoring should be used.

 

HIPAA Administrative Safeguard Monitoring Requirements

Log-in monitoring
  • Security Awareness & Training
Ongoing monitoring
  • To determine adequate protection

 

Financial Regulations – As defined by FFIEC and related federal agencies

Risk Monitoring and Reporting
  • A risk mitigation requirement
  • Security Awareness & Training
Monitoring is a core control requirement and includes monitoring of these areas
  • log monitoring and network traffic inspecting systems
  • Network device detection and monitoring
  • Patch management/monitoring
  • Network threat monitoring
  • Anomalous threat monitoring
  • Access Control monitoring
  • Supply chain 3rd party (software/hardware, access) monitoring
  • Risk monitoring, threat monitoring,
  • Incident detection and response (threat hunting, containment & mitigation)
  • Reporting

 

NIST – 800-53

Heavily used standard. Can be used to define HIPAA security. Is U.S. government standard and framework.

Requires Security Continuous Monitoring
  • Continuous monitoring is an overall detection requirement
  • Info. system and assets should be monitored to identify cybersecurity events and verify the effectiveness of protective measures.
  • Requires that these areas are monitored:
    1. Networks
    2. Personnel Activity
    3. External Service Provider Activity
    4. Unauthorized personnel
    5. Connections, devices, and software
  • Rules also apply to HIPAA requirements when using NIST as a standard

 

ISO 27000

Internationally used standard. Extremely comprehensive.

Objectives
  • Monitoring, measurement, analysis, and evaluation are core objectives
  • Evaluate the information security performance and the effectiveness
  • Create evidence of compliance using logging and monitoring
  • Systems should be monitored, and security events should be recorded.
    1. Operator logs and fault logging
    2. Check the effectiveness of controls and to verify policy conformity
  • Security Incident & Improvement Management
  • A process of continual improvement should be applied
  • Use risk monitoring is part of the Risk Management process
Satisfy these 27000 Security Monitoring Controls
  • Monitoring of the security of mobile and teleworkers (A6.2)
  • Network security management (A13.1)
    • Which may span organizational boundaries
  • System Availability (A12.1)
  • Record events and generate evidence of compliance (A12.4)
  • Information Leakage (12.5)
  • Vulnerability monitoring generating Alerts, Detect Attacks, Incident response (A12.6, A14.1)
  • Access control (Personnel, Suppliers/partners) (A15.2)
  • Supply Chain risks (A15)

 

PCI/DSS

Constantly monitor access to cardholder data
  • Part of Security Awareness & Training
Regularly monitor and test networks

(for access and security)

  • Find and Fix vulnerabilities
  • Monitor all network traffic at perimeter of Cardholder data
  • File integrity monitoring & alerts
  • Monitor 3rd party providers with Cardholder data access
  • Monitor security controls, periodic reviews

 

Contact Us to Discuss a Managed Security Monitoring Solution for Your Company

 

X