Finding security zen

Man holding an orange cloud

Imagine if every time you sneezed, stubbed a toe or had a slight itch, you reacted in the same way as if you had broken your arm, rushing to the doctor and raising the alarm. Aside from annoying your GP, you would also be wasting money and making it harder for anyone to realise when something is actually seriously wrong.

Thankfully, for the most part, we ignore these minor things, with our own immune system springing into action. This isn't just more convenient, it's also more cost effective and means that when something really has gone wrong, everyone can act appropriately and quickly.

In many ways, this is what information security in businesses should be like, with IT professionals focusing on preventing bigger (and, indeed, real) threats, while the more routine monitoring and resolution is automated.

Getting to know what's normal

One of the most important things when it comes to monitoring the security of a company's systems is knowing what normal looks like. As each business is different, even if they are direct competitors operating in the same field, this baseline will vary from organisation to organisation. What's more, even within the same business, systems can look different from day to day the number of connections being made to corporate systems and data being accessed or transferred on a Saturday evening will look markedly different to a Monday morning.

But getting to know these patterns of normal behaviour isn't easy and a human could easily miss a small blip that's the first indicator of something more serious on the horizon, or take it to be an emergency when it's a harmless anomaly.

What's more, it's time-consuming, tedious and inefficient for organisations to pay an IT professional to monitor systems for signs of security breaches or breach attempts, not to mention impractical to have a person monitoring all day, every day.

Much like the immune system is the body's automated monitoring and defence system, risk intelligence delivered through security information and event management (SIEM) tools can establish what's normal, monitor system operation 24/7, and raise the alarm when something is wrong - all without human intervention.

Increasing business value

Security monitoring automation tools do more than just improve efficiency and reduce tedium, however they also improve the value of IT staff to the business.

Instead of focusing on whether all systems are functioning as normal and there is no suspicious behaviour going on, IT departments can instead focus on more strategic security initiatives. This could include developing and enforcing security rules and procedures, acting in an advisory capacity for new security investments, and preparing for and responding to large-scale attacks, such as a sustained DDoS or APT, should such an event be detected by the SIEM risk intelligence system.

In most organisations, the IT professionals who deal with security are, in the main, not full-time IT security staff, so they are also given more time to attend to the other parts of their jobs.

There when you need it

The mantra that it's not a case of if a company will suffer a breach, but when, still holds true and this is as important a part of risk intelligence as the day-to-day automated monitoring. SIEM tools provide an early warning system, yes, and they do allow businesses to deal with a potential data-loss situation as quickly and efficiently as possible. But, equally importantly, they provide an audit trail.

This vital for audit purposes, but it also gives IT departments the ability to easily determine where, when and how the compromise happened, and work out how to prevent it happening again.

So when investing in risk intelligence and security monitoring automation systems, the question is not really can you afford it, but can you afford not to?

Want to learn more about security monitoring automation? Click here to download a whitepaper.

This is an independent article written by IT Pro, sponsored by SolarWinds MSP to celebrate thought leadership in IT. Learn more about SolarWinds' MSP Risk intelligence and enjoy a free 14 day trial by clicking here .

Jane McCallion
Deputy Editor

Jane McCallion is ITPro's deputy editor, specializing in cloud computing, cyber security, data centers and enterprise IT infrastructure. Before becoming Deputy Editor, she held the role of Features Editor, managing a pool of freelance and internal writers, while continuing to specialise in enterprise IT infrastructure, and business strategy.

Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.