Celerity Street: Why defending your business is like protecting your home

Celine Williams is the Senior Cyber Security Presales Consultant at Celerity, helping our clients to achieve continuous innovation and protect their businesses. With years of experience within IBM's various security operations teams, she is passionate about enhancing clients' security maturity through the combination of her extensive knowledge and delivery of innovative solutions.

In this article, she shares her thoughts on how a comprehensive cyber security strategy can be compared to how you would defend your own home.

Introduction

A comprehensive cyber security strategy protects your business' entire IT ecosystem, so that unauthorised individuals can't cause harmful disruption and help themselves to your sensitive data and information. Just like we protect our homes (and our valuable possessions inside) from burglars, you should always make sure that your business (and the valuable information within) is protected from cyber criminals.

Now, clearly cyber security is a more complicated operation than simply making sure that your front door is locked, but you can draw parallels between the two that make understanding where each piece of the security puzzle sits.

SIEM (Security Information and Event Management) – CCTV

CCTV allows its user to keep a watchful eye over an entire physical space, looking for individuals trying to break in or behaving against the rules. In the event that CCTV catches bad behaviour, a security team can quickly respond in the right location to remove the offender. These events are also recorded for future use and reference, such as police investigations.

SIEM solutions do the same, but within the virtual space. SIEM continuously monitors your IT network, acting as a central point of information for the rest of your security needs. Instead of visual data, SIEM collects and analyses data from your network logs, system activity, and application behavior, playing a crucial role in identifying anomalies in network traffic and system behaviour; a typical indicator of potential security threats. These insights then facilitate a rapid, accurate response to any potential risks, making them integral components of a comprehensive security strategy.

EDR (Endpoint Detection and Response) - Guard Dog

I know, it's not very often that you visit a house with the stereotypical Rottweiler wearing a spiked collar in the front garden. However, if you did try to break into a property defended by a guard dog, you'd quickly find yourself chased off premise with nothing to show for it - except a nasty bite on the rear end.

In the realm of cyber security, your EDR solution acts like the vigilant guard dog, acting as a deterrent whilst scrutinising the behaviour of all your individual endpoints (laptops, desktops, and servers). If a potential threat is detected, they'll instantly alert the user and security teams of the potential breach - like a barking dog. Endpoint Detection solutions ensure that your digital perimeter remains secure, robust, and responsive.

However, an EDR solution is not simply a sensor. They're a dynamic, responsive tool that can stop a potential breach in its tracks: if suspicious activity is detected, they can isolate compromised endpoints, initiate scans for malware, and even quarantine suspicious files or processes, all in real-time.

XDR (eXtended Detection and Response) - The Control Centre

Physical security solutions require a control centre to be effective - somewhere that everything is kept in one place, so that the identification and response to trespassers can be kept simple and quick.

This is the role that XDR platforms play. XDR collects all of the event information from your security solutions such as your SIEM and EDR tools and correlate the alerts to keep your security swift and accurate, leveraging advanced analytics so that you can focus on the alerts that matter the most.

Exposure Management - Checking for entry points

So, directly in the face of cyber threats your organisation should be equipped with monitoring security solutions such as SIEM, EDR, and XDR solutions, in order to monitor any untoward activity. However, these solutions are reactive tools in the event of an attack. It is important to be safe in the knowledge that you have secured your estate to the best of your ability.

This is where exposure management comes in. Exposure Management is how I like to group a number of different capabilities such Attack Surface Management (ASM), Breach and Attack Simulation (BAS) and Phishing services.. All of these capabilities help you to make sure that all of your digital doors and windows stay shut and locked - denying threat actors any means of access to your virtual estate. 

I choose these 3 capabilities as they help limit the external, internal and human exposures of your organisation. Just like a burglar scoping out their next target, attackers conduct reconnaissance on your estate. They'll drive past the house to see if the lights are on (scanning of your environments), test to see if the front door is unlocked (seeing if you have unpatched vulnerabilities, looking for misconfigurations, trying default usernames and passwords on your publicly accessible attack surface) and then look to see if they can get in the easy way - through the front door (can they get someone to let them in).

As an organisation it is important to know this information so that you can put proactive measures in place to limit your exposure points and put in mitigations where you can't close those gaps (i.e. put detection rules in place, do employee training to help them spot phishing attempts etc.). By removing security gaps and minimising your exposure to cyber threats, you can enhance your overall security posture and significantly reduce the risk of a cyber attack.

Incident Response - Dialing 999

Unfortunately, there is no cyber security strategy in the world that can 100% guarantee protection. There is always going to be the risk that someone is able to break in, and when you do, sometimes you need independent, calm experts to be able to assist you in your response and recovery - just like how the police would help in the event of a break in.

Incident response guarantees a structured approach to addressing and managing a security incident or breach, typically involving a series of coordinated activities that identify, mitigate, and help recover from security incidents that can compromise an organisation's digital assets, data, or operations.

Post-incident analysis and reporting helps victim organisations learn from the incident, generating plans to fine-tune their security defenses and mitigate the risk of a repeat. Incident response plans are critical in minimising the impact of security breaches, ensuring regulatory compliance, and maintaining the trust of customers and stakeholders.

Comprehensive cyber security turns your house into a fortress

A comprehensive security strategy is an incredibly powerful way to protect your organisation from the risks of cyber crime. All of the above components play their own extremely valuable role in the protection of your virtual estate, from denying cyber criminals an open door to providing a quick support line in the event of a cyber attack.

The powerful benefits of a consolidated cyber security strategy can be further augmented through managed services. Placing your security strategy in the hands of Celerity's team of experts is a valuable way to enhance your consolidated security, adding further value and business outcomes to your security technology investments. Our skilled analysts will secure your organisation, improve its cyber security posture, and advance its maturity, as well as supporting your recovery to full health should to worst happen.

Get in touch with Celerity today to learn how our Cyber Security service portfolio can help to fortify your cyber defences and improve your recovery.