Did you know….
It takes between 1,5 and 2 years to decide next steps for cybersecurity monitoring. Keep reading this second security pill to get started quickly with a minimal investment.
Probably you’ve heard of monitoring, blue teaming and Security Operations Center (SOC) regardless of your cybersecurity maturity level. Organizations of all types struggle to identify the right time to kick off cybersecurity monitoring.
- Are we big enough to start with monitoring?
- Should we execute a security gap or posture analysis first?
- Should we implement all the recommendations from the audit before doing monitoring?
But it doesn’t end there:
- What’s the best tool for us?
- XDR, NDR, MDR, SIEM, EDR, SOC… What do these acronyms mean?
Understand that cybersecurity monitoring doesn’t immediately require additional technologies and services to get going. Your can start today with the following iterative process which is applicable to companies of all sizes.
Most solutions (Antivirus, Firewalls, Routers, Databases, Servers, etc.) have embedded monitoring and alerting capabilities. A good first step is to identify which of your current solutions have these capabilities.
Check if your logs are safe from security attacks or tampering.
Ask your vendors what are the top 5 security logs of their solutions and start reviewing these in a weekly or bi-weekly basis.
Identify 3 behaviors per solution that you want to track. Check if you have the required logs, document gaps. Ideally you want to activate alerting for the defined behaviors.