Our cyber security products span from our next gen SIEM used in the most secure government and critical infrastructure environments, to automated cyber risk reporting applications for commercial and government organisations of all sizes.
For today’s companies, whatever their core business, reliance on IT systems almost certainly means that they have become a technology company. Digital transformation is everywhere – from looking to improve customer experience to businesses seeking performance metrics to manage by.
Many will have remote workforces, use zero trust approaches and elastic computer models – they probably won’t even have networks or even servers. Application functions will appear as are needed, there will be no endpoints for agent installation and potentially no infrastructure or perimeter to monitor.
As businesses expand globally, access to customer facing systems or to employee applications could be from anywhere. This wider attack surface means there are new types of systems, access points and traffic flows to defend.
Fundamentally, businesses need monitoring solutions that support and work across all of their cloud-native IT operations and highly variable endpoint estates to detect an increasing range of threats. It’s not an unreasonable ask – it just reflects the architecture of these newer IT systems, how they are organised and so, how they could be attacked.
One challenge is cultural. Just as infrastructure architecture is changing, so too are users; and it’s not all down to the WFH phenomena that has sustained many businesses during the pandemic. “Digital natives” too, tend to assume company laptops/phones become “their laptops” and they get used as such rather than being a corporate machine to be only used for work purposes. This has implications for how systems are secured, monitored and supported.
Security managers, particularly those responding to how their changed IT architecture continues to operate in the security operating environment, often find that their existing security baselines are quite low. IT platforms, applications and cloud services may have very little security protection in place or enabled, and not in any kind of coordinated way. Or where IT systems have been set up for some time, even if they were initially correct and compliant, have drifted over time to a less tight, less secure configuration. For example, over time more and more people get added to administrative groups, and if they are not removed as people and roles change, eventually this becomes a vulnerability.
Additionally, it is not uncommon to find a plethora of solutions all doing the same thing across different sets of systems or parts of the business – making it difficult to monitor and maintain consistent security settings. For example, having different anti-virus technologies for different groups of systems, offices or business units and hence multiple management consoles to monitor and maintain currency.
In particular, security monitoring at its most basic is a process that is often manual at best and informal at worst. Engineers get to it when they get a chance or aren’t busy with other things – they spend a couple of hours, a couple of times a week looking at various logs or consoles for signs of abuse/incidents/misuse/attacks.
This only works – manually spotting issues – if there is time available. Like anything else, with a lack of a formalised process, as soon as the team does get busy, important security work gets neglected. With the lack of systematic procedures, the detection effort can easily be distracted and the promise of swift and reliable detection or resolution gone.
It is also too slow, both in effort required and elapsed time. If something serious happens the problem may not be picked up until some time later, next time someone looks; most likely when it’s too late to make a difference.
When Huntsman Security talks to its customers and prospects, we find that these issues and concerns are often a big part of what the organisation is trying to solve.
Businesses often need support and assistance from a vendor who is willing to work with them and suggest approaches that work and are flexible. A solution provider that will listen to their needs and offer solutions.
This is particularly important when it comes to security solutions for monitoring and threat detection. Flexibility and ability to adapt to fit with their strategy and match technology environment is key.
Speed and ease of use matter; being able to switch from dashboards to investigations and back again, seamlessly, is important. Cosmetic features may be pretty, but if they make it harder to get to the details behind the alert, they can become tiresome. Customers obviously look for security technologies that support their existing solutions and services as well as, where possible, technologies that have the ability to connect to new data sources they might want to adopt in the future.
What has emerged as a requirement for customers is to be able to monitor events much more frequently and make operational processes more efficient.
Dashboards and queries that run automatically and quickly are an increasingly common request. Systems that run in the background and alert the user rather than having to be driven by analysts to initiate an outcome are becoming more popular. Access to useful interfaces whether they are out-of-the-box or ones easily created from templates means more time to manage security rather than the technology. The ability to share created queries and dashboards removes duplication of effort, as content views and searches are available to the whole team.
Systematic processes and intuitive workflows, can limit the pressure-cooker environment that prevails in many SOC teams, introduce order and actionable outcomes to ensure that the security and risk teams can operate in the most effective manner.
Security teams can correlate activity data with other sources such as endpoint security and Active Directory logs to pick up connections to strange web sites or unusual locations etc. Having all this data automatically collated together is a huge benefit. So analysts can query/analyse/report on security threats more easily and, as a result, more quickly enforce policies for specific systems like point-of-sale systems, and improve defences.
As a consequence, security managers can provide an adaptable and responsive service to the business, allow the enterprise to operate the way it needs to in order to be competitive and forward looking, but without compromising the protection of sensitive data or exposing systems to attack.
See our latest Enterprise SIEM case study that highlights a number of these important issues.
<<< Part 2a: Australia’s Essential Eight: Beyond Endpoint Control <<< Part 2b: Activating UK NCSC & US NIST Guidelines: Beyond Endpoint Control Part 4: Systematic Measurement of Cyber Controls >>> As much as we invest into cyber security controls, external threats are inevitable. In a recent Notifiable Data Breaches Report from the Office of the […]Read more
Keen campers, scouts and even the Swiss Army know – that a good penknife is indispensable. This simple device has mitigated many a disaster at one point in time or another. Whether it’s to cut through a bit of string, tighten a screw or simply to solve the problem of no bottle opener in the […]Read more
Supply chain risk is an area of cyber security that demands the ongoing attention of every enterprise; because it can make the difference between being resilient or not. It’s no surprise that insurers warn that the vulnerability of supply chains is potentially a systemic risk that can quickly propagate across supply chain dominated industries. Organisations […]Read more
It took a “tripartite cyber assessment” by the Australian Prudential Regulation Authority (APRA) to identify that a sample of financial organisations had inadequate cyber security: poor security control management, a lack of business recovery planning and inadequate 3rd party risk assessment. Why were there gaps? Where is the failure? Clearly the common practice of unsubstantiated […]Read more
The discussion over data-driven vs qualitative cyber security assessment has been going for some time. Nowadays, it is at the top of the priority list for many security and senior executive teams. Managing cyber security has always been a noble ambition but without reliable measurement, the lack of actionable information makes evidence-based management decisions almost […]Read more
Attack Surface Management (ASM) characterises a business’s security risks as the monitoring and risk mitigation of a constantly changing and vulnerable “risk-surface”. Importantly, this attack surface extends to both internal and external assets and services. Some ASM solutions deliver clear visibility across both Internet facing and internal assets. Others do not. Instead, they assess external […]Read more
The UK Government has released its annual “Cyber Security Breaches Survey 2023”. It provides some valuable insights into how cyber security is currently being managed in the UK, by a range of organisations. It also speaks to how current competing economic priorities are impacting the effectiveness of some cyber security management efforts. The full report […]Read more
Solving the mismatch between cyber security reporting and directors’ requirements You are undoubtedly familiar with the headlines; you may have even become in part desensitised to them: ‘Cyber-attacks are increasingly damaging’, or ‘large amounts of personal data are most at risk’. The important take-away, however, is that modern day thieves can easily gain access to […]Read more
A system to address the untrustworthy security environment Zero trust approaches to security have been talked about for a while; but in recent times they have certainly gained more currency. As a model for protecting data and services, the simplicity of the concept is its biggest strength – assume, as a default position, there is […]Read more
The ongoing protection of Critical Infrastructure from cyber-attacks has implications for us all – whether it’s supporting our health, well-being or simply our way of life, there is good reason to reflect on the effectiveness your cyber security. Cyber security risks are nothing new and the vulnerability of critical infrastructure to them (and the heightened […]Read more
Read by directors, executives, and security professionals globally, operating in the most complex of security environments.