Security Logging Isn't Enough

Over the last several weeks, I've spoken to the costs of a breach, the costs of Security Architecture, and the perils of relying on Cybersecurity insurance alone.  But really what it comes down to is that most current security models are based around this idea of building out security that is based on the idea of success being the inevitable conclusion of every security event.

Most of the time that isn't the case.  A security event not followed up on, or a security event that gets past security elements... leads to a breach.  That is what the evidence shows us.  When a security event isn't followed up on, and it manages to gain access to information or elevated privileges... that is the first step in a larger breach.

What this means, is that Security Organizations are expected to get it right 100% of the time, through policies or automation or daily security review.  This would include reviewing logs.  This isn't realistic.  The entirety of security events an organization can experience numbers in the millions.  Human oversight of each individual security threat is completely unrealistic.  This is why we use technologies to show us actionable information instead.  Those logs or components of a breach can be linked to security policies to prevent breaches.

But what about the miscellaneous events that could be malicious, but aren't correlated due to their frequency?  Are you following up on every account being created? Are you following up every time an account is created with administrative credentials? Or where all admin accounts are logging in constantly?

These are all individually non-malicious actions... but if combined with the right opportunity or the right combination of actions - could be an indicator of a breach or malicious action.  And humans aren't always available to catch those combination of issues and link them together in that fashion.

London Security has been working with companies for years that use various forms of Machine Learning or AI technologies to approach preventing security events before they happen.  This becoming harder and harder as the attackers get more and more sophisticated.  And even the most advanced machine learning algorithm is going to sometimes make a mistake - which requires human intervention.

Ideally, this means we need solutions that combine security technology and automation, with human review - especially review during the hours we don't always have employees monitoring for events.  The late evenings, the weekends, the holidays... or having coverage when someone goes on vacation - are all potential avenues of risk for your Security Organization.

This is one of the reasons London Security partnered with Blackpoint Cyber in order to provide Security Operation Center services (SOC) that are 24/7/365... with the value of having automation and actionable capabilities.  You can't rely on a security event being flagged at 1 AM on a Saturday or Sunday Morning - you need a full security platform or capabilities to lockdown a potentially infected system before that event turns into a full blow infection or outage for your organization.

Contact London Security today to find out more about what we can do to help you with finding the right SOC solution to cover vulnerabilities your Security Organization may still have.