Request a Demo
Cygilant Blog

SANs In Your SOCs

Posted by Security Steve on Apr 17, 2015

EiQ_SOCIronically, whether you are an IT professional or not, security, cyber risk and data breaches have hit the mainstream.  Recent headlines show that “Data security breaches have only gotten larger, more frequent and more costly. The average total cost of a data breach to a company increased 15 percent this year from last year, to $3.5 million per breach, from $3.1 million.”
 
Rather than becoming another statistic, companies are taking action and learning how to cut the possibility of risk down significantly with the right controls in place.  There are plenty of control sets on the market today. Security controls are safeguards and counteract or minimize security risks relating to digital property. They focus on technical aspects of information security with the primary goal of helping organizations prioritize and automate their efforts to defend against the most common and damaging insider and outsider attacks.

 

With SANS Critical Controls leading the way, (other examples include ISO/IEC 27002 and NIST) the Twenty Critical Security Controls have already begun to transform security in government agencies and other large enterprises by focusing their spending on the key controls that block known attacks and find the ones that get through. And by now it’s clear that the automation into your Security Operations Center (SOC) of these top 20 controls will radically lower the cost of security while improving its effectiveness.

 

For example, these controls can be incredibly useful tools to guide blocked traffic, allowed traffic, and traffic that cause alerts. And the more you can automate a control (via SOC), the better off you will be. For example, if Internet Protocol (IP) 123.45.678.9 generates an alert, then every time a packet from that specific IP address comes across, a block will be executed. This process will continue to repeat at every firewall control point.

 

The challenge for many organizations is in the actual execution.  Because the reality is that assembling an SOC that monitors those critical controls is no easy task, and it can be expensive, which is one of the primary reasons companies decide to outsource security operations.  If you do choose to outsource, we recommend that you look for a partner that will provide 1) continuous monitoring of well-accepted security controls and best practices; 2) automate assessment of what systems are noncompliant with important security controls; and 3) receive guidance for remediating at-risk systems.

 

We’re proud to say that EIQ’s SOCVue, a cost effective security monitoring service, can be the ideal solution for resource-constrained organizations.

Tags: Security Operations Center, Security as a Service, Cybersecurity

Subscribe to Email Updates

Experience how Cygilant SOCVue and 24x7 GSOC Team can help detect threats, prioritize vulnerabilities and apply patches.

Request a Demo

Most Recent Posts

Posts by Topic

See All