Monitoring is often referred to as post-breach detection, its strength lies not in looking for things that may cause harm, but rather by assuming that something or more likely someone, has already managed to sneak in.
Monitoring can take many forms, from anti-malware Endpoint Detection & Response solutions looking at the behaviour of users and processes on endpoints, to SIEM (Security information and event management) and SOC (Security Operations Centre) solutions that monitor telemetry from a range of disparate devices across the entire infrastructure (on-prem and cloud).
Each has its own use and each forms an invaluable part of your overall security strategy.
When selecting a monitoring product it is important to consider the needs of your business, if you are not running huge database instances, web servers and vast amounts of network infrastructure then a full SIEM solution may be unnecessary – utilising a robust endpoint and network monitoring solution may provide you with sufficient confidence that you are watching what is going on in your environment
Want to know more about your Cyber Security posture?
Solutions that can Help your Business with Logging & Monitoring
SIEM
SIEM stands for – Security Information & Event Management – and is a solution that combines legacy tools; SIM (Security Information Management) and SEM (Security Event Management). Modern SIEM solutions such as LogPoint also include technology such as SOAR to automate threat response and UEBA to detect threats based on abnormal behaviour. Together they provide accelerated detection and response to security events or incidents within an IT environment. It provides a comprehensive and centralized view of the security posture of an IT infrastructure and provides cyber security professionals with insights into the activities within their IT environment. Solutions such as Logpoint SIEM and UEBA make light work of monitoring events and information from multiple event sources.
Endpoint Detection & Response (EDR)
EDR or sometimes now called XDR (eXtended Detection & Response) is arguably a simplified version of a SIEM solution, it performs a similar function but instead of drawing security and event telemetry from multiple different sources and solutions it uses information from the vendors end-points (Sophos Intercept X or Micrososft Defender for Endpoint).
Sophos differs slightly to the MS offering in that telemetry from the vendors other network appliances such as firewalls, switches and wireless AP’s – hence the eXtended moniker – in doing so a more complete picture can be compiled.
Managed Detection & Response (aka Threat Hunting)
An extension of EDR/XDR capabilities is to employ threat specialists to both monitor the dashboards for signs of possible compromise. Typically Threat hunters are individuals with years of experience in cyber security fields, often associated with ethical hacking or penetration testing, their level of experience in conjunction with the AI of the XDR solution allows them to use both visible evidence together with a degree of intuition to actively combat potential threats before any damage is caused, it is a 24/7 service offered by Sophos and provides round the clock peace of mind that systems are being effectively policed.
Need advice, support or more information?
At Chess, we have a dedicated team of Cyber Security specialists and are backed by our award-winning vendors with decades of experience in most deployment scenarios. If you would like to discuss your cyber security needs, please book your free consultation.