Modern SIEM and SOAR platforms are enriched with user and entity behaviour analytics, monitoring user accounts and devices active in the network, which can benefit African businesses explains Tony Walt at Port443.
Security monitoring technology continuously logs and analyses data from network points and nodes, enabling security teams to detect and respond to incidents faster. This is crucial, but not the full extent of its usefulness. By offering continuous intelligence from across the network and connected devices, security monitoring also offers a range of benefits to other teams in the business.
Comprehensive cyber security monitoring includes security information monitoring, SIM and security event monitoring, SEM, generally combined as SIEM. It observes areas such as network traffic, endpoint devices, users, and multiple other sources to identify anomalies and raise security alerts.
In addition, the implementation of Security Orchestration, Automation and Response, SOAR capabilities further enhances the value across all areas of the business.
Modern SIEM and SOAR platforms are enriched with user and entity behaviour analytics, and monitor user accounts and devices active in the system. But the data gathered from continuous monitoring also gives organisations insight into patterns of user and network behaviour, allowing various departments to improve efficiencies and potentially reduce the costs of doing business.
There are multiple departments, other than IT security, that can benefit from security monitoring:
HR – time and attendance for hybrid teams
Comprehensive monitoring of network and endpoint behaviour offers transparency to support HR’s time and attendance tracking, allowing for better monitoring of time spent in office or working remotely. It also better secures remote workers and supports the trend to offer more personal employee support, without exposing sensitive data.
IT – identify shadow and rogue IT
Accounting for 30%, 40% of IT spending in large enterprises, rogue or shadow IT is increasing, thanks in part to the ease with which cloud solutions can be procured. Gartner reports that over 40% of employees acquired, modified or created technology outside of IT’s visibility last year. Undocumented APIs are proliferating too.
This increases the risks and costs associated with IT. With comprehensive visibility into what is running in the environment, IT can reduce vulnerability, improve endpoint detection and response, and shut down unauthorised applications and services.
Finance and business – cut unnecessary costs
With some surveys estimating that up to half of all software licences are not being used, monitoring and analysing systems and software usage can support IT and software asset management by helping uncover redundant systems, unnecessary subscriptions, wasted licensing and non-compliance with software agreements. Ultimately, this supports compliance and can help control costs.
Marketing – support campaigns, improve data quality
Marketing departments can harness the visibility provided by security monitoring to measure responses to campaigns, and check for valid responses. Getting added visibility into the volumes, patterns and types of traffic can help marketers understand whether responses are valid, or whether they have been generated by bots, Walt notes.
Operations and site management
Automated monitoring and alerts can support operations and site management by giving an early warning when sites are up or down due to loadshedding. Visibility of every device on the network also helps site managers to identify insecure connected devices and IoT sensors, and take steps to reduce the risk associated with these.
These use cases illustrate that cyber security can no longer be seen as an isolated department within the business. Security is the modern business enabler: it touches every department and the right cyber security tools offer benefits to the entire organisation.
Named for the standard IP network port for HTTPS traffic, Port443, is a software development house that specialises in security automations and integrations. Through its custom platforms and OneView dashboards, Port443 gives management and technical teams at-a-glance views of the status of their security estate, to help them actively manage vulnerabilities and respond to breaches.
OneView is also useful to companies that have outsourced their security operations, as it gives them a third-party view, which bolsters governance and compliance. Inherent in the platform are automations that regularly review policies and configurations of perimeter controls where such controls are not configured according to best practice frameworks such as NIST, PCI and CIS.
