IT security in medium-sized companies needs helping hands

24 January 2022
| No comments
IT security in medium-sized companies needs helping hands

Share post

IT security in medium-sized companies needs helping hands. More protection thanks to external experts from the Security Operation Center - SOC, as cyber attacks are becoming increasingly complex and require security specialists. A comment from Bitdefender.

There is no such thing as XNUMX% security in IT. There will always be vulnerabilities such as unpatched software, leaked passwords or shadow IT that resourceful hackers can use to penetrate corporate networks. And as long as the attackers are human, they must be met by competent flesh-and-blood defenders. These experts are now also within reach for medium-sized companies via external MDR services (Managed Detection and Response) and Security Operation Center (SOC). They offer not only safety technologies, but also knowledge, experience and intuition.

The complexity of the attacks overwhelms SMEs

Cyber ​​attacks are becoming increasingly complex. More and more medium-sized companies have long since been targeted by criminals: Keyword Advanced Persistent Threats (APT). In order to protect oneself adequately against the increasingly complex attacks, it is no longer sufficient to build the digital defense walls higher. For example, it is important to actively close security gaps and look for attackers who are already in the network unnoticed. Smaller companies in particular with limited technological resources and a lack of human resources find it difficult to prevent such an intrusion, let alone combat it.

SOC: Qualified team of IT security experts

Many companies do not have the necessary budget to employ a team of IT security experts who are qualified to deal with this dangerous situation. And even if the financial resources for your own SOC (Security Operation Center) and the appropriate staff are available, the necessary specialists are difficult to find. The shortage of skilled workers in this area means that even large companies find it very difficult to set up a competent team and keep it in the long term. More and more organizations are therefore using external services as part of managed detection and response (MDR) services. Depending on the agreed scope of service, an SOC is part of such an MDR. This opportunity to bring in someone else's expertise is no longer a utopia, even for medium-sized companies.

External help is also within reach for medium-sized companies

What is the added value for companies that use an external SOC as part of an MDR? The specialists in a security operation center base their work for these customers on information from a wide variety of sources: Firstly, this includes data that an endpoint detection and response (EDR) solution collects in the company, secondly that in a security system Information and Event Management (SIEM) aggregated data or threat intelligence from telemetry from other endpoints interpreted with machine learning, and thirdly, information from other sources. Fed with this, they specifically recognize abnormal behavior, such as a fileless attack, and prevent greater damage as soon as an attack is successful. With their help, companies can also clean up their own network more quickly. They also advise their customers in order to continuously improve their defenses.

Various teams of experts are available to the customer via an external SOC. The first point of contact is the Security Account Manager, an interface between the customer and the entire team of experts. He controls the overall defense, evaluates all information based on knowledge of the company networks and, if necessary, starts additional research. His advice to customers is based on the work of other specialists who create individual risk profiles and create up-to-date security alerts. The experts also take into account the industry-specific IT risk situation.

Sustainable security

The longer and better the expert teams know the customer, the better they can protect their IT. The starting point is the detailed inventory of the customer's IT and its digital processes at the beginning of the cooperation with an SOC. This is not only about the respective risk situation, but also about drawing a picture of the customer's normal IT operation in as much detail as possible in order to distinguish normal behavior from deviating behavior.

A continuously effective IT security service is based on four pillars:

  • Prevention: Basic defense technologies filter out known malware and suspicious activities in advance. This gives security analysts time to focus on unknown threats and custom designed APT campaigns undetected by the tools. The experts also keep an eye on whether employees are adhering to their company's security guidelines.
  • Detection: Endpoint protection technologies (such as XEDR) help mitigate, while teams of experts actively look for new attacks that specifically target the customer, their technology, and their industry. Above all, they check processes that deviate from the known behavior.
  • Response: In an emergency, fast response times are crucial. SOC experts already carry out measures before reporting a hazard. These measures were coordinated in advance by the customer and service provider: For example, they block IP addresses, reset passwords, isolate or remove systems from the network at the beginning of a ransomware attack. Of course, what an external service provider is allowed to do without consultation in an emergency never affects the basics of the infrastructure to be protected.
  • Reporting: It is important to report, especially with a view to the documentation requirements of the European General Data Protection Regulation. It's good to know that customers are not cut off from the information and can also tune in themselves: they can log into the systems of the MDR service and see the same information as the external experts. In addition, past activities can be traced in order to draw forensic conclusions.

Conclusion: Added value through human experts

Dangerous, targeted cyber attacks in particular are planned and carried out by humans. And as long as the attackers are flesh and blood, humans play a crucial role in the defense. Because: They act differently than machines. Artificial intelligence and machine learning help to detect attacks more quickly - for example by detecting anomalies in user behavior. But in order to use all available information and to recognize the often well-disguised intentions of the attackers, you need well-trained and experienced analysts.

Organizations that don't have the budget to set up their own security operation center - or want to support their existing SOC with experienced security experts - can rely on MDR services that offer such an expert team and the human added value. In this way, they not only significantly increase their IT security, but also add a decisive factor to their arsenal of technological defense solutions: the support of competent security analysts.

More at Bitdefender.com

 

About Bitdefender

Bitdefender is a leading global provider of cybersecurity solutions and antivirus software, protecting over 500 million systems in more than 150 countries. Since it was founded in 2001, the company's innovations have consistently ensured excellent security products and intelligent protection for devices, networks and cloud services for private customers and companies. As the supplier of choice, Bitdefender technology is found in 38 percent of security solutions deployed around the world and is trusted and recognized by industry experts, manufacturers and customers alike. www.bitdefender.de

 

Matching articles on the topic

Cybersecurity platform with protection for 5G environments

Cybersecurity specialist Trend Micro unveils its platform-based approach to protecting organizations' ever-expanding attack surface, including securing ➡ Read more

IT security: NIS-2 makes it a top priority

Only in a quarter of German companies do management take responsibility for IT security. Especially in smaller companies ➡ Read more

Cyber ​​attacks increase by 104 percent in 2023

A cybersecurity company has taken a look at last year's threat landscape. The results provide crucial insights into ➡ Read more

Mobile spyware poses a threat to businesses

More and more people are using mobile devices both in everyday life and in companies. This also reduces the risk of “mobile ➡ Read more

Crowdsourced security pinpoints many vulnerabilities

Crowdsourced security has increased significantly in the last year. In the public sector, 151 percent more vulnerabilities were reported than in the previous year. ➡ Read more

Digital Security: Consumers trust banks the most

A digital trust survey showed that banks, healthcare and government are the most trusted by consumers. The media- ➡ Read more

Darknet job exchange: Hackers are looking for renegade insiders

The Darknet is not only an exchange for illegal goods, but also a place where hackers look for new accomplices ➡ Read more

Solar energy systems – how safe are they?

A study examined the IT security of solar energy systems. Problems include a lack of encryption during data transfer, standard passwords and insecure firmware updates. trend ➡ Read more

Bitdefender, Stories
, , , , , ,