Find your fit: How to select a security monitoring solution?

1
Find your fit How to select a security
monitoring solution?
2
Contents
Define your goals ..... 3 1.
Convergence One or Many-in-one? .3 2. Your
location and deployment options4 3. What are
your BYOD goals?.......................5 4.
Compliance and Threat Intelligence..5 Engage
perceptiveness..5
3
Competitors Company X and Company Y, both have
corporate networks to protect from cyber attacks.
Company X opts for a certain security analytics
feature for their public-facing website linked to
database servers. Company Y follows suit even
though they dont have a similar system
architecture. When asked why, Company Y responded
saying, We thought it was an industry best
practice. Dont be like Company Y. We get
it. The journey towards finding the right
security service provider and the appropriate mix
of tools for your organization can be quite
disconcerting. Many a detour later, you might be
tempted to stop short and just tell the IT guys
to do what their peers are doing. But wait, dont
call the IT guys. Take a deep breath and remind
yourself that Security Management is a business
problem, not an IT problem. CTOs find it hard to
plan security budgets because measuring the ROI
for a security tool isnt as straightforward as
it is in the case of enterprise software. But
refocusing on your very own set of security goals
can go a long way in helping discover what you
need and where to seek it. Here are some key
aspects often neglected. We hope they help your
decision-making process. Define your goals 1.
Convergence One or Many-in-one? Getting the
most of out of your security expenditure does not
mean adding more tools. It is more about making
generally independent and isolated controls to
work in a concerted manner. This is the principle
behind security monitoring solutions like SIEM
where security data from different sources are
integrated and points of leverage are milked for
insight.
4
As your organization grows and expands,
scalability of your security solutions becomes a
concern due to challenges in adaptability across
different technological platforms. Moreover, one
must also consider the cost of purchasing
individual licenses for a product intended for
higher scale or a wider scope. These complexities
can be avoided if you plan ahead while making a
purchase. Seek to know how scalable the product
is and what benefits it offers in terms of
reducing license costs. Do not hesitate to go
for more than one vendor. Like we already
mention, the only thing to keep in mind is
Convergence. It is highly unrealistic to expect
that one firewall or traffic monitoring tool will
suffice and be effective in providing thorough
visibility. Whether you have existing tools and
want to add something new or want to replace them
all with a comprehensive platform, unified
management must be your ultimate objective. Take
the help of Managed Security Consultants to
identify the right mix based on their intrinsic
value. Just make sure that they interact in a way
that does not give the IT department additional
responsibilities. Commonly, the most
indispensable capabilities like Vulnerability
Management and File Integrity Monitoring can be
trussed under a security monitoring platform as
they have more to offer about vulnerabilities and
threats together than segregated. 2. Your
location and deployment options Do you have
multiple corporate networks and operational units
situated in different places? Do you expect
additions or changes in the future? A clever move
is to examine the deployment model of the
security provider and available options for easy
future modifications. Whether the solution you
are planning to purchase is software-based
appliance-based, it is important to evaluate how
the data will be handled. Depending on your
needs, you may prefer a centralized set up
wherein different locations communicate to a
parent server via VPNs and sensors. Or, your
choice may be a fully cloud-based solution. You
might even need a hybrid of cloud and on-premise.
Your service provider must offer these options
and a robust environment with the capacity to
handle your data retention needs.
5
3. What are your BYOD goals? BYOD has greatly
impacted the security monitoring challenges of
its adopters and the focus of security solution
vendors. If you have an extended enterprise or a
BYOD program, you will need to vigorously protect
your sensitive data from the dangers of negligent
use and rogue devices. If you have NAC, look for
the ability to monitor it simultaneously along
with flow-level visibility and a sweeping view of
connections, services and file system
changes. 4. Compliance and Threat
Intelligence Let your compliance requirements
direct your decisions with respect to the most
vital security components you will invest in. But
be sure to include within the purview of
compliance, issues beyond what is mandated by
regulating authorities and standardization
agencies as risks. Find out how a security
solution can incorporate industry and
location-centric threat information, statistics
and experiences. It is important to choose a
product that has an active, widespread community
of security professionals from whom you can gain
knowledge of the threat landscape. Engage
perceptiveness The value that you initially
expect to derive from a security monitoring
product may be shaped by what has been promised
by the vendor and perhaps by what other users
have gained out of it. But the true value of a
security tool, as is realized only much later,
completely rests on how well it is configured,
adjusted and primed. Simply put, a non-optimized
resource has very little to offer and, misdirects
expenditure and labor.
6
The person or persons who will set up and manage
monitoring systems for your assets must have the
ability to discern and diagnose. They must be
well aware of the mutating security needs and
goals and have the insightfulness to judge the
adeptness of controls and policies at every
stage. Refinement is a key element in making a
tool bespoke and context-aware. The
Plan-Do-Check-Act cycle is a critical component
of continuous infrastructure monitoring and
requires experience not just for the analysis of
alerts, but more importantly for the refinement
of the functions of the tool. Such personnel must
have prior knowledge of how the tool functions in
different scenarios and how it must be
manipulated for the company-specific issues and
scenarios of interest. How much prescience has
gone into the evaluation and administration of
policies? That is what will determine how well a
threat monitoring tool has been put to use. After
all, even the most powerful threat signature
needs to be applied in the right way,
anticipating the threat it is designed to
detect. Need help analyzing requirements or want
to pilot leading security monitoring tools?
Reach out to us alephtavtech.com Our
services include Ethical Hacking, Managed
Security Services, Application Security, Network
Security, Security Testing, Enterprise Security,
Security for IoT, SCADA Security, Digital
Forensics
engage_at_alephtavtech.com
alephtavtech.com
blogs.alephtavtech.com
Assess. Monitor. Secure.