• June 18, 2020
We’re hearing about layoffs from many of our contacts, increasing the strain on IT organizations that were already struggling to manage the operations bandwidth of handling newly virtual employees. Your IT staff is being strained to support all these additional users, user desktops, user profiles and people’s unique needs based on where they are working. Each employee now represents a new challenge because if their remote device dies, it might be because kids accidentally downloaded malware and that’s still your employees’ responsibility. Having them focused and working on security issues is an even greater challenge because their IT scope of support has increased significantly. If you look at your organization and see people wearing many hats, it’s unrealistic to believe your staff will be able to keep abreast of the new vulnerabilities hackers and hacktivists have been exploiting and protect you.
Continuous monitoring, the required security standard for many industries including government, healthcare and financial services requires companies to have a process for finding and remediating vulnerabilities, constantly update those policies for any findings requiring major changes against your users, tracking those change logs and then repeating the cycle. In short, continuous monitoring requires you to collect an overwhelming amount of information from each of your end systems and sift through it for potentially threatening findings. Most organizations don’t employ the type of security specialists that can pick out the real threats from the noise, then communicate to your IT team what needs to be done to protect your company.
When Travelex was recently hit with a ransomware attack, they had much more than business interruption to worry about. New privacy regs in Europe (GDPR), New York and California have expanded the type of data considered protected from social security numbers and financial information to include usernames and passwords. A loss of any of this type of data incurs serious fines and the bad actors know it, so when they ransomed Travelex, they threatened to release batches of protected data to the dark webs if the company was too slow to pay them. So, not only was Travelex crippled by the inability to access their company data, they would have been hit with millions in privacy-related fines. So they paid the hackers $2.3 million instead. No one wants to be the next Travelex and that makes the ability to act on the security data you collect even more critical.
You can have a 24×7 web cam in your rental properties, but if you’re not reviewing the footage, it’s of no value to you. One of the challenges too is that a lot of the security monitoring tools – and there are very good ones out there – are designed to report on everything because everything could be a potential problem. It takes a security engineer with the required experience and background to wade through all that information and give you insight and action in a reasonable amount of time. The SOCaaS differentiates itself because it has the ability to look at of your security toolsets, tie in all the information, and have qualified security engineers analyze them to provide your IT team with the actions they should take. Taking it a step further, some providers (like Arctic Wolf, who Mavenspire partners with) approach SOCaaS from a concierge perspective. Their clients have an assigned account manager who understands their business and organization, so Arctic Wolf security recommendations support desired client business outcomes. Since Arctic Wolf’s security engineers understand their clients’ business, the recommendations they’ll make to your IT team are the few that will help you address the majority of your security risk.
Log Event Management (LEM) is a science all its own and can be an expensive consumption model for many organizations because you pay for the amount of data processed. Allow Arctic Wolf to remove the heavy lifting and expense of licensing, configuring and managing your own tools like Splunk. As an add-on service, Arctic Wolf provides clients with the insights of unified log collection to look beyond security and help them answer questions about their data, usage and outcomes.
In short, the stakes are too high and your resources are too strained to rely on your IT staff for security monitoring and analysis. It’s a better use of resources to retain a concierge SOCaaS to help protect your organization.