Today we are pleased to welcome guest blogger Tony Bradley, Senior Manager of Content Marketing for Alert Logic, INAP’s trusted managed security partner and expert in cloud security for financial services customers.
– Wendy Williams, Product Manager, INAP
In an increasingly complex business environment, cybersecurity challenges have become more urgent as organizations accelerate their digital transformation. Rapid changes in technology and an ever-expanding threat landscape add extra strain to businesses that are already challenged to focus on productivity and customer needs. Working with a managed detection and response (MDR) provider is an effective way to address cybersecurity, but there is confusion about the value that MDR delivers, and the capabilities that solid MDR requires. Most importantly, effective MDR requires comprehensive visibility and 24/7 monitoring.
No matter how large or small an organization is, where it’s located, or what industry it is in, there are some simple truths when it comes to cybersecurity: You can’t protect assets you’re not even aware of, and you can’t do security part-time.
Most attacks are not targeted efforts to specifically compromise a given company or network. They use automated utilities that can identify, and then exploit, vulnerable platforms and services. It’s the same with attacks against end users, where many of the most successful malware campaigns are highly automated, even where social engineering is involved. As a result, most systems and users are always potential targets, illustrating the need for insight.
Even with the right preventative tools and processes in place, organizations are still vulnerable without comprehensive visibility. No CIO or security team will ever assert that they are 100 percent secure, and activities like vulnerability scans, timely patching and network monitoring are great, but it will be the systems you don’t patch or monitor that become your Achilles’ heel. Without a holistic view of the environment, there are likely devices on your network with open ports or critical vulnerabilities waiting to be discovered and exploited by attackers. Even if everything is locked tight today, without full visibility, that level of protection can change quickly—and without warning—if there are configuration errors or new vulnerabilities discovered in deployed software.
When partnering with an outside vendor for security, it is important that the vendor has an understanding of your environment and your business objectives to ensure they understand the scope and context of an event. They must be able to identify new systems, detect vulnerabilities and inform your patching strategy and security best practices to protect you.
Another crucial capability of effective MDR is 24/7 monitoring. Comprehensive visibility is imperative, but attackers don’t keep office hours. Cyber attackers live and operate around the world—when it’s 3 a.m. for you, it’s 1 p.m. somewhere else. Equally important, as mentioned above, most campaigns and tools are automated and executing around the clock.
Sophisticated attacks do not occur as simple moment-in-time events, either. A campaign or exploit can be triggered at any time, and different elements of a complex campaign may execute at delayed time intervals designed to evade triggering alerts and avoid detection. Effective managed detection and response requires 24/7 effort to gather and analyze intelligence and expert insight from security professionals to continuously monitor the environment and ensure quick response to suspicious activity and security incidents.
On May 5, Jack Danahy, Chief Evangelist for Alert Logic, Jennifer Curry, Senior Vice President, Global Cloud Services for INAP, and Fran Howarth, Practice Leader, Security for Bloor Research participated in a webcast titled, “Are You Providing Always-on, Pervasive Coverage and Visibility to Keep Your Entire Infrastructure Environment Safe and Secure?”
About the Author
Tony Bradley is Senior Manager of Content Marketing for Alert Logic. Tony worked in the trenches as a network administrator and security consultant before shifting to the marketing and writing side of things. He is an 11-time Microsoft MVP in security and cloud and has been a CISSP-ISSAP since 2002. Tony has authored or co-authored a dozen books on IT and IT security topics, and is a prolific contributor to online media sites such as Forbes and DevOps.com.