Best Practices, Managed Detection and Response, SOCs and SIEMs
Todd Thiemann

Debunking Cybersecurity Myths: Part III—24×7 Security Monitoring IS Essential

In our last blog article we debunked the recent myth that the cloud keeps you automatically safe, and explained the need for SaaS application monitoring across on-premises and cloud infrastructures for a comprehensive view of a your overall cybersecurity risks.

Now, it’s time to debunk another myth about monitoring. Because hackers operate around the clock from all over the world, even as you sleep.

Myth #3—We Don’t Need 24×7 Security Monitoring. Our Offices Are Only Open 9 to 5!

During the good old days, brick-and-mortar businesses such as law-firms, banks, and retail stores relied on security guards to protect their facilities during working hours. And surveillance cameras monitored in and around the facility at off-hours.

Most companies today, however, conduct much of their business online so physical security alone is not enough. Running an online business is akin to having a brick-and-mortar store located in the rest area on an interstate highway: it’s completely exposed to anyone passing by. That’s why, as your business moves online to scale up and scale out, it becomes necessary to implement 24×7 security monitoring to address the myriad risks you face when doing business on the internet.

Who’s Watching Your Network in the Middle of the Night?

How would you detect a ransomware attack striking one of your servers at 2:00 AM? Does your IT organization or your managed services provider monitor your network infrastructure 24×7? Is there anyone on your IT staff who can contain malware from spreading across your network during the wee hours?

Most small to midsize enterprises (SMEs) have limited IT staff. These staff members generally have few cybersecurity skills and are often overwhelmed by thousands of security alerts they have to investigate in addition to all of their typical IT responsibilities. It can be hard for them to know how to contain ransomware, let alone find it. As a result, many SMEs lack the necessary staff to monitor their network 24/7, 365 days a year.

A NOC Is Not Enough, You Need a SOC

Many businesses begin with a network operations center (NOC), which is usually staffed by IT personnel. NOC tasks include managing data backups, ensuring network availability and performance, and rolling out patches. NOC staff is typically not focused on security tasks.

Bottom line: Your NOC is not a security operations center (SOC). A SOC is focused on detecting and responding to security threats, and combines technology, people, and processes. The core technology of a SOC is a log aggregation and correlation platform, intrusion detection/prevention tools, and threat-intelligence feeds. Personnel include security analysts, who monitor the SOC dashboard 24/7, triage and investige incoming alerts, and identify security incidents that could affect the business. Processes include repeatable forensics analysis and incident response processes called “run books.”

An In-House, 24/7 SOC Is Expensive to Build and Maintain

Most of the cost involved in building an in-house SOC (the DIY approach) is in its staffing—it takes eight to 12 people with cybersecurity skills to run a 24/7 SOC. Typically, the SOC team consists of security analysts, who are the first responders and triage the alerts; security engineers, who apply threat intelligence, reduce false-positives, and identify high priority incidents; and a security manager, who manages the SOC team.

In a recent total cost of ownership (TCO) analysis conducted by Frost & Sullivan, the consulting firm concluded that it costs up to 8.8 times more over a three-year period to build a 24/7 SOC in-house versus subscribing to a SOC-as-a-service. This is largely due to the challenges of finding and retaining the right security talent required to operate and manage an in-house SOC.

SOC-as-a-Service to the Rescue

If the expenses sound overwhelming, don’t worry—there is a solution.

A SOC-as-a-service delivers 24/7 monitoring with the people, processes, and technology needed  to manage your security posture and reduce business risks on limited budgets. It enables you to focus your IT staff on solving business related issues, while outsourcing threat detection and incident response to cybersecurity experts. Plus, it’s an affordable alternative for many organizations since it doesn’t require investment in additional hardware, software, or staff.

Don’t fall for the myth: All businesses need 24/7 monitoring—and SOC-as-a-service makes that possible for organizations that lack the resources of large enterprises.