Let’s face it everyone wants to keep things as simple as possible. n a perfect world, there would be a “single” cyber security technology that protected every organization from all cyberthreats. but, unfortunately, the complex nature of building and managing an effective cyber security program cannot be done with a single technology…simply stated there is no “easy” button.
There is good news for organizations that want to maximize cyber protection and resource utilization. When viewed through a lens of best practice security principles, three core technologies maximize visibility and protection for organizations large and small:
- Next-Generation Endpoint Protection – historically referred to as antivirus, a new breed of technology has evolved in this space. Traditional antivirus relies on signatures (a historical list of all known versions of malicious software) to protect against attacks. The new (next-generation) versions leverage A/I algorithms to predict the malware variants that may exist, provide much improved protection, and serve as the first layer of defense.
- Vulnerability Management – the old security adage states, “you can’t protect what you don’t know exists.” By scanning networks on a recurring basis, organizations gain visibility into what assets are part of the enterprise and a clear understanding of software vulnerabilities and device configuration status. This detail is important because 60% of all data breaches come from an existing vulnerability that had a known fix. So scanning networks (internal and external) every month provides insights and detail required to mitigate growing risks.
- Security Monitoring – one of the most common responses from executives who are reluctant to engage in cyber security practices is, “we’ve never had an issue so far.” But, of course, if they are not monitoring their environment to look for issues, they will never be aware of them. Think of security monitoring as a virtual security camera watching access for users, data, and systems across the enterprise. These technologies collect information every time a transaction occurs and use rules-based algorithms to identify anomalies for reveiw. A common example could be a salesperson who logs into corporate systems at 3 am for the first time and begins copying large volumes of data to a remote computer. Alerting on this type of transaction allows support staff to investigate if there is a valid reason for doing so.
When considering security monitoring offerings, organizations can purchase the monitoring as a turnkey service or buy a Security Information and Event Monitoring (SIEM) technology and hire/develop the staff to manage it. There are so many variables around the decision that a separate article is needed just to cover all the details. As a rule of thumb, organizations with less than 1000 employees are best served to go the turnkey route.
The cyber security industry offers a myriad of different products and solutions; sorting through all the features and benefits can be a daunting task. For organizations that really want to reduce risk, evaluating and implementing these three core solutions will profoundly decrease risk.