Are You Just Monitoring the Front Door While Your House Gets Raided?

There have been fundamental shifts in the world of cybersecurity that have left most companies unprepared for today’s threats. The proliferation of malware, for example, has reduced the risk mitigation value of traditional security solutions, such as firewalls and anti-virus software. If you do not update your cybersecurity technology to stop today’s threats, it’s like monitoring your front door for a break-in while someone comes in through the back window.

Even companies that have taken cybersecurity seriously have not always been led the right way by cybersecurity companies. Five, ten, and even fifteen years ago, organizations that wanted to take the threats seriously were told that they needed cybersecurity professionals to monitor their systems 24x7x365, watching the alerts and events as they happen in real-time. This relied on mostly on human review, not machine intelligence, at a cost most companies could not afford.

When customers were asked why they don’t need to pay for comprehensive monitoring of their systems, they would talk about how their home security system only has motion detectors near the front door and “choke points” within the home eliminating the need to monitor every room, door, and window. “As long as you are monitoring the choke points, you are safe,” they would say. So, while it is expensive to monitor just a couple of devices, if we place those devices in the choke points of the network, you are safe. This was adequate 5+ years ago but this is not enough for today.

Imagine being sold the idea that choke points are enough and then having your child kidnapped through a bedroom window. No choke point security system would detect that, allowing the worst-case scenario to happen without your security system even tripping. Home security systems relied upon a few choke points in the home because it was very expensive to run wires to every area of the home (especially after it was already built).

Today, if you look for a home security system, wireless technology has made it possible to place multiple sensors throughout the house without the use of wires. This makes the cost of securing the entire home from multiple threats much more cost effective than the traditional use of wired systems. Now, if you talk to home security specialists, they will tell you about all the advantages of a system that can monitor every window, every door, and every room for multiple threats like motion, water, carbon monoxide, and fire – all because the technology finally allows them to do this cost effectively.

The same evolution has happened with cybersecurity. Cost prohibitive cybersecurity professionals with a 30-1 cost ratio was always going to require organizations to rely on choke points. Thankfully, technology has evolved, as well. Automated correlation and analytics from a properly deployed, configured, and tuned Security Information and Event Management (SIEM) technology can increase the ratio of devices per cybersecurity professional exponentially. With the old technology, there was very little normalization, correlation, and threat feed integration to accurately detect malicious behavior. Cybersecurity professionals would need to troll through event after event and alert after alert, looking for a needle in a haystack. Today, SIEM technology can quickly and efficiently find those needles with far less human interaction. This dramatically reduces the number of cybersecurity professionals needed for a traditional Security Operation Center (SOC) which means a lower cost per device for organizations. With a lower cost to monitor each device, we can now monitor more devices. Rather than just monitoring choke points, we can monitor all the windows, doors, and rooms, which is really what was needed all along.

When all the critical devices are being monitored and correlated, you can stitch together bits of information across different systems and areas of the network to give you a much more accurate picture of what is happening. In other words, the more devices that you monitor, the more accurate the monitoring becomes and, therefore, the better economies of scale can be achieved.

So, what should an organization monitor? Certainly, it is a good idea to monitor the firewall and intrusion detection systems (IDS), but we need to go beyond that and focus on today’s threats. Routers, servers (especially active directory servers), and wireless access points should all be monitored. With current SIEM technology you can monitor all these systems for about the same price as you used to be able to monitor just the firewall, IDS, and intrusion prevention systems (IPS).

Monitoring choke points and limited devices or smaller areas of a network will not protect your organization from today’s threats. Monitoring is more important than ever, but real risk mitigation comes with a holistic and cost-effective approach to monitoring all the possible security events from every possible device. Stop only monitoring your front door for a break in and assuming that your business is safe… your back window is open.

NOTE: Do the three-letter acronyms of cybersecurity confuse you? Download our ABCs of Cybersecurity.


Contact us to evaluate your business' cyber protection strategy, complete the form below.

© 2020 Flagship Networks, Inc. All rights reserved.