In the words of Yeats, the state of cyber security in Ireland has “all changed, changed utterly”.
The attack on our HSE was a national wake-up call to the potential of cybercrime and to the destruction it can cause.
Specifically, the phrase “ransomware attack” now carries the weight of fear and uncertainty for many Irish businesses. Even non-IT folk are aware of ransomware and the fundamentals of its devious process.
Cyber-attacks and cybercrime have a long history and its evolution has been dramatic. Cybercrime is said to be more lucrative than traditional crime, and the lure is too great for both cybercriminals and insider threats alike. What once was a form of cruel intension, is now a professional business. The attack is no longer coming from a bored teenager’s bedroom, instead criminal gangs and nation states are involved in creating advanced malware and hacking tools, which are often available to the highest bidder. Only recently, Microsoft exposed a phishing-as-a-service operation available to wannabe cyber criminals.
Attacks come in many forms and take advantage of employees and IT systems. These systems provide a broad and varied attack surface, and nothing is immune to attack.Added to this, the cyber security industry has now accepted, it’s ‘when’ and not ‘if’ a company will be attacked.
Mitigation follows risk and there are multiple products for multiple vectors of attack. Certainly, these individual solutions increase the security for individual areas of IT infrastructure. The approach is comparable to plugging holes in a dam.
Unfortunately, every security vendor admits that no solution is 100% effective against the sophistication of new and emerging attacks. So how about taking a different approach? Let’s consider casting a net over the entire dam…
Security Incident and Event Management (SIEM) flips the defensive role on its head and instead focuses on the attacker mindset. SIEM watches every aspect of your IT environment; devices, firewalls, users, cloud, and everything in between.
SIEM looks at every angle – the good, the bad and the (seemingly) indifferent. Every SIEM deployment is tailormade to an environment. It sets a baseline of normal behaviour, which makes it easier to spot any unusual or suspicious behaviour. SIEM uses threat intelligence feeds and attacker frameworks, such as MITRE ATT&CK®, to recognise attacker behaviour and the different stages of an attack. SIEM then rolls this information into one dashboard where alerts are prioritised and managed.
WHAT ARE THE BENEFITS OF SIEM:
- Visibility of your IT estate in a single portal
- A defined understanding of “normal” in your environment
- Ability to review and mitigate areas of risk
- Clear insight for how you are being attacked or primed for an attack
These benefits are no longer a “nice to have”, they are now essential in you defence against cyber-attacks. It gives businesses the vision and opportunity to react to an inevitable attack and greatly reduces the blast radius.
WHAT TO DO NEXT
At Commsec, we provide an experienced team of security analysts within our Security Operations Centre (SOC).Our analysts work with SIEM technology to proactively respond to security alerts in a customer’s environment. Customers are notified of top priority incidents and reports are presented on findings. The team focus on precise remediation of alerts and provide continuous monitoring to hunt for potential threats and vulnerabilities.
The SIEM and SOC partnership is essential and provides the wholistic approach to security. Commsec offer a tailormade, low cost, high-value solution for your environment. Our SOC is also certified to international standards and enables a strong Return on Investment for our customers.
Yeats also said, “Do not wait to strike till the iron is hot; but make it hot by striking”.
– Talk to our team and find out how our solution will benefit you.