In a series of blogs, we cover why a modern SIEM and SOC are essential in fighting today's cyber threats. Here is a summary from a discussion between Ben Harrison, Director SOC and Security Services, Cygilant and Jake McCabe, CISSP, Presales Director, LogPoint.
The cornerstone of a modern SOC and modern SIEM is that the basics are not forgotten.
The essence of good security is doing the basics well.
It doesn’t matter how advanced your tools get or how much your machine learning engine has started to identify threats you’ve never seen before, if you don't cover the basics, advanced activity won’t work. It’s like leaving the gates open and unguarded to the world’s strongest fortress.
Experts believe the majority of data breaches can be avoided if businesses focus on the following:
- Asset management - before businesses can protect themselves, they have to know what is going on in their environment. Malicious apps, insider threats, and vulnerabilities can be lurking that could cause a data breach. It’s impossible for an organization to protect themselves from threats they don’t know are present.
- Security monitoring - If a tree falls in a forest and no one hears it, it doesn’t matter if it makes a sound. The same holds true for security. Businesses need someone watching for problems 24x7x365.
- Don’t neglect your endpoint solutions - remote work has introduced a variety of potential security threats to small and mid-size businesses. For instance, businesses are now relying on the security of their employees’ home networks and have little oversight into their day-to-day activities. Smart businesses are focusing on securing employees’ endpoints to ensure they are properly patched and performing well while out of the office.
- Proactive security planning - when something happens (because it’s not if, it’s when), you need to have a plan already in place. Businesses that don’t have an incident response plan are more likely to react slowly, poorly, and do long-lasting damage to their brand.