Security Monitoring 24/7 – Just a dream or reality for everyone?

Petri Heinonen, Security Advisor, Secure Cloud Finland Oy

The awareness of information security has grown very rapidly. In the corporate world, ransomware operated by cyber criminals has become a formidable business risk. The war in Ukraine has brought to the media the nation state operated cyber war. However, the risk of cybercrime for the business of one company is difficult to assess. How much and what measures should be invested in security to control business risks?

Security is simple
Security is based on the same trinity as any business. The recipe is simple; people are needed to run processes that require technology. It is useless to mystify the matter any further.

Technology
The ear does not hear security risks and the eye is poor at detecting security breaches. The task of technology is to identify these problems and address them faster than people. We need technology to fill people’s shortcomings. There is vast number of security technologies available. Everyone can study and choose their favourites from evaluations made by different analyst companies.

Processes
Policies and processes need to be defined and described; how to monitor and fix vulnerabilities or manage changes and disruptions, approve access permissions, when to take backups, how to monitor security and how to respond to anomalies.

People
It’s hard when you start thinking about who would do the security work? Common consensus is that there is currently a global shortage of security expertise for millions of people. You have certainly noticed the same thing when recruiting security experts. At what salary and for how long will the employee be committed to the company?

Risk to business
The security risks to businesses are so great that every business should have the security technologies, processes, and human resources in place. Companies should invest in a Security Operations Center (SOC), which runs their operational security 24/7. Cybercriminals do not sleep when the factory is closed. However, the business is completely disrupted if someone encrypts the data with which the business should run.

DYI SOC
Real 24/7 SOC consists of a large pile of technology, a few processes, and about a dozen experienced security experts who actively monitor the situation, investigate anomalies or breaches that have already occurred, and take care of tuning and maintaining existing security tools.

It may be possible and profitable for giant companies to set up their own 24/7 SOC that uses security tools owned by the company. However, the security requirements of smaller organizations are the same as those of larger ones.

It is not economically feasible for Finnish small and medium-sized companies to start building their own Security Operations Center. The costs of a real 24/7 SOC are so high in relation to the size of most companies that they cannot be accepted by any management team. Still, it is the responsibility of each CEO, Chairman of the Board, and company owner to enable, demand and monitor the implementation of information security in their company. What to do?

SOC as a Service
Finland is one of the leading countries in IT services. SOC as a service has been available for more than 10 years in Finland. A very viable option are the global SOC service providers. The SOC service we are familiar with is called worldwide as MDR – Managed Detection and Response and XDR – Extended Detection and Response. MDR / XDR services are well suited for Finnish companies. For the price of about one security expert, a medium-sized company gets the support of world-class expertise, processes, and tools. Read more about Cloud SOC as a Service.

International players have commercialized their services very well. Deployment of services is done standardized manner quickly, economically, and efficiently. It only takes weeks from the signing of the contract to the start of the service. Large players also have the resources to respond quickly to new threats and continuously develop their services based evolving security landscape.

XDR or not – organizations still need security skills
Security cannot be outsourced completely. Organization must still have their own security expertise. The company must have awareness, procedures, and policies on how to deal with security breaches. The company must also maintain the ability to purchase and monitor the activities of suppliers and to manage the security responsibilities between suppliers.

Meet us

Come and discuss about your security needs at our booth Si4.

Petri Heinonen
Security Advisor
Secure Cloud Finland Oy

Security Monitoring 24/7 – Just a dream or reality for everyone?

More on the topic

Cyber resilience is a shared priority

Edessä historiallinen Cyber Security Nordic konferenssi!

Email encryption & cloud: 5 tips for secure information sharing (SIS)