Find your fit: How to select a security monitoring solution?

Aleph Tav Technologies_Managed_Security

Competitors Company X and Company Y, both have corporate networks to protect from cyber attacks. Company X opts for a certain security analytics feature for their public-facing website linked to database servers. Company Y follows suit even though they don’t have a similar system architecture. When asked why, Company Y responded saying, “We thought it was an industry best practice”.  

Don’t be like Company Y.

We get it. The journey towards finding the right security service provider and the appropriate mix of tools for your organization can be quite disconcerting. Many a detour later, you might be tempted to stop short and just tell the IT guys to do what their peers are doing. But wait, don’t call the IT guys. Take a deep breath and remind yourself that Security Management is a business problem, not an IT problem.

CTOs find it hard to plan security budgets because measuring the ROI for a security tool isn’t as straightforward as it is in the case of enterprise software. But refocusing on your very own set of security goals can go a long way in helping discover what you need and where to seek it. 

Here are some key aspects often neglected. We hope they help your decision-making process.

Define your goals

Listing your security visibility and defense goals will help you identify precisely what is needed and what you will lose without it, thereby establishing priority for those goals. Security monitoring is a multi-faceted asset that must be equipped to support the information needs of security analysts, internal and external auditors, and CIOs or CSOs. Define your success criteria. If your business requirements and objectives have evolved, or your operating norms have changed, interface with relevant departments to understand situational information and specifications. You will then have well-planned purchase criteria.

1. Convergence: One or Many-in-one?

Getting the most of out of your security expenditure does not mean adding more tools. It is more about making generally independent and isolated controls to work in a concerted manner. This is the principle behind security monitoring solutions like SIEM where security data from different sources are integrated and points of leverage are milked for insight.

As your organization grows and expands, scalability of your security solutions becomes a concern due to challenges in adaptability across different technological platforms. Moreover, one must also consider the cost of purchasing individual licenses for a product intended for higher scale or a wider scope. These complexities can be avoided if you plan ahead while making a purchase. Seek to know how scalable the product is and what benefits it offers in terms of reducing license costs.

Do not hesitate to go for more than one vendor. Like we already mention, the only thing to keep in mind is Convergence. It is highly unrealistic to expect that one firewall or traffic monitoring tool will suffice and be effective in providing thorough visibility. Whether you have existing tools and want to add something new or want to replace them all with a comprehensive platform, unified management must be your ultimate objective. Take the help of Managed Security Consultants to identify the right mix based on their intrinsic value. Just make sure that they interact in a way that does not give the IT department additional responsibilities. Commonly, the most indispensable capabilities like Vulnerability Management and File Integrity Monitoring can be trussed under a security monitoring platform as they have more to offer about vulnerabilities and threats together than segregated.

2. Your location and deployment options

Do you have multiple corporate networks and operational units situated in different places? Do you expect additions or changes in the future? A clever move is to examine the deployment model of the security provider and available options for easy future modifications. Whether the solution you are planning to purchase is software-based appliance-based, it is important to evaluate how the data will be handled. Depending on your needs, you may prefer a centralized set up wherein different locations communicate to a parent server via VPNs and sensors. Or, your choice may be a fully cloud-based solution. You might even need a hybrid of cloud and on-premise. Your service provider must offer these options and a robust environment with the capacity to handle your data retention needs.

3. What are your BYOD goals?

BYOD has greatly impacted the security monitoring challenges of its adopters and the focus of security solution vendors. If you have an extended enterprise or a BYOD program, you will need to vigorously protect your sensitive data from the dangers of negligent use and rogue devices. If you have NAC, look for the ability to monitor it simultaneously along with flow-level visibility and a sweeping view of connections, services and file system changes.

4. Compliance and Threat Intelligence

Let your compliance requirements direct your decisions with respect to the most vital security components you will invest in. But be sure to include within the purview of compliance, issues beyond what is mandated by regulating authorities and standardization agencies as ‘risks’. Find out how a security solution can incorporate industry and location-centric threat information, statistics and experiences. It is important to choose a product that has an active, widespread community of security professionals from whom you can gain knowledge of the threat landscape.

Engage perceptiveness

The value that you initially expect to derive from a security monitoring product may be shaped by what has been promised by the vendor and perhaps by what other users have gained out of it. But the true value of a security tool, as is realized only much later, completely rests on how well it is configured, adjusted and primed. Simply put, a non-optimized resource has very little to offer and, misdirects expenditure and labor.

The person or persons who will set up and manage monitoring systems for your assets must have the ability to ‘discern’ and ‘diagnose’. They must be well aware of the mutating security needs and goals and have the insightfulness to judge the adeptness of controls and policies at every stage. Refinement is a key element in making a tool bespoke and context-aware. The Plan-Do-Check-Act cycle is a critical component of continuous infrastructure monitoring and requires experience not just for the analysis of alerts, but more importantly for the refinement of the functions of the tool. Such personnel must have prior knowledge of how the tool functions in different scenarios and how it must be manipulated for the company-specific issues and scenarios of interest.

How much prescience has gone into the evaluation and administration of policies? That is what will determine how well a threat monitoring tool has been put to use. After all, even the most powerful threat signature needs to be applied in the right way, anticipating the threat it is designed to detect.

Need help analyzing requirements or want to pilot leading security monitoring tools?  Reach out to us:

Leave a Reply

Your email address will not be published. Required fields are marked *

* Please enter the Characters - [Case Sensitive]