Security

Operations

We’re used to phoning the emergency services when something goes wrong, such as if we have an accident in our car or someone breaks into our home. When we call someone they can stop, prevent and investigate what has happened. In cyber security we have the same concept, however, rather than the emergency services, we call them ‘Security Operations’.

Matt White, CEO XaaS Ltd

In a bit more detail:

Security operations is the blend of security and IT operational activity, focussed on prevention, detection and response.  It ensures potential disruptions are reviewed and if necessary, acted upon as quickly as possible and comprises of three building blocks: people; processes and technology for managing and enhancing your business’ security posture.

Here are 4 quick wins to start you on your cyber-health journey to improve in security operations; click on the icon or scroll down to see more detail:

Capture logs for important systems

Detect, review and triage cyber security events, e.g. alerts from anti-virus or EDR

Make sure you have a mechanism to respond to cyber security incidents

Take out cyber insurance for your company

Capture logs for important systems

The heart of understanding the cyber threats within your business is to capture logs from as many sources as possible.  Logs are the ‘intelligence’ feeds that can be used to identify suspicious behaviour.

Ideally logs should be centrally stored, be immutable (i.e. the logs cannot be altered) and you should have a way to review them.

Some simple steps you can take to capture logs are:

Detect, review and triage cyber security events

Now that you have captured your logs, they need to be looked at.  Depending on the resource you have available, you may only be able to review the logs that are marked as high criticality by the system that produced the logs (such as antivirus).

Modern EDR (Endpoint Detection and Response) solutions provide an automated way to triage logs from your endpoints and turn them into useful and actionable information, especially if you don’t have a security operations platform to collate logs for you.

Some simple steps you can take to detect and triage security events are:

Make sure you have a mechanism to respond to cyber security incidents

Incident response is the mechanism that allows your business to respond to cyber incidents that you detect.

This may require different parts of your business to work in a coordinated way, since an incident can span many different areas of the company structure.

Some simple steps you can take to respond to cyber incidents are:

Take out cyber insurance for your company

Just like car or home insurance, cyber insurance protects your business against financial loss in the event of a cyber-attack that causes harm to your company.

As well as providing financial compensation, some cyber insurance policies give you access to various resources that you may need, such as data recovery services, legal services and incident response help and advice.

Some simple steps you can take to buy cyber insurance are: