Cyber Security in 2021: SIEM Systems & Managed SOCs

After a challenging year in 2020, businesses are now busy preparing for whatever 2021 might bring. Cyber Security is no exception. In 2020, cyber threats increased and became more malicious and sophisticated than ever before, taking advantage of the vulnerabilities linked to remote and home working.

I sat down with Cyber leaders to discuss some of the challenges and topics they think have become fundamental to their business’ information and cyber security as we wade through 2021. Below is a brief overview of the key points, but if you would like the full PDF whitepaper, please get in touch.

SIEM Systems

A SIEM system uses machine-generated data to get operational insights into threats, vulnerabilities, security technologies, and to identity information. SIEM platforms used to be something everyone was eager to invest in, but is this still the case?

From the discussion it became clear that most businesses seemed to still rely on some form of SIEM platform, and the real difference came with business requirement and preference. The platforms that came up most frequently were Splunk, Dark Trace, and Rapid7’s InsightIDR tools, which all vary in their levels of cost, automation, and training requirements.

Whilst SIEM can definitely add value in terms of enabling instant response to threats and attacks, it’s worth considering the architectural complexity of your network, your requirements, topologies and available resources before deciding on a tool. Each company will have different requirements

Managed Security Solution (Managed SOC)

Managed SOC, also known as SOC as a Service, is a subscription-based offering whereby organizations outsource threat detection and incident response. It can sometimes be seen as a good option for those without an in-house security team.

Benefits include:

·      Saves time and money

·      Frees up your employees to focus on other priority tasks

·      Can alleviate stress during periods of cuts, redundancies, or short staffing

However, a Managed Security Solution (or SOC) can also have disadvantages:

·      Lack of business understanding (they are not part of the company

·      Because they work with different businesses, you won’t necessarily always be priority.

·      If you opt for a provider from a different country, there may be language and cultural barriers that make effective communication much more difficult

Automating as much as possible is often preferable to using managed SOC’s, as it allows you to maintain full control and visibility, whilst most of the work is done with minimal manual input.

COVID & Team Size

COVID-19 has affected businesses in different ways, so it’s no surprise that each cyber security function will have been impacted differently, depending on the business and sector in which they sit. Some businesses will have been lucky enough to continue with a “business as usual” mindset, whilst others will have faced mass redundancy or furlough.

Managed SOC’s and automation have proved popular as solutions for limited staff resources.

Embedding Security Testing into App Development

Embedding security testing into agile software development, means that quality isn’t just tested afterwards, it is built in and tested constantly throughout the full development lifecycle. With the right practices and the right set of tools, you can make sure that you build secure apps in a frictionless way and eliminate unpleasant and expensive security surprises that may affect your applications usability, security, and reputation after the release.

Whilst embedded security testing can help prevent security issues with the live application, it does pose a number of challenges around hardware dependency, defected ratio, unreproducible defects, and software updates. There are also the common challenges faced when implementing any new processes, and it can take a while for teams to get up to date with what their roles are in a new environment.

Get in touch for the full PDF whitepaper.

If you’d like support building or maturing your cyber security function or would like information on upcoming cyber events and roundtables, please get in touch today.

Jake Adshead

Senior Cyber and Information Security Consultant

[email protected]