Streamlining Technology Security for SMB
Compliance Scanning vs Constant Monitoring
Finding a way to secure your network can be challenging. Do you focus on staying up to current standards or do you try to keep an eye on everything that occurs? Both provide different actionable information and can provide different details and information on how to improve your security. Compliance scanning and constant monitoring are broad categories that include a variety of benefits, so we will explore both and discuss which may be the best choice for your company.
Companies that work with sensitive information are often required to meet certain security standards to conduct business. For retail, healthcare and financial verticals, the following standards that are critical to ensuring compliance: Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), and the Payment Card Industry Data Security Standard (PCI DSS). Audits and/or scans are a great starting point to identify what is up to compliance standards and what needs to be improved. These standards are designed to keep the data more secure and help keep individuals’ information safe from theft or abuse.
Performing a compliance scan or audit can involve several technologies and, often, the work of a trained auditor. The auditor will review documentation, check technological baselines (such as encryption levels and how many people have access to the data), and perform scans of the security appliances and data containers. If a less thorough review is required of the internal network, an auditor can perform a scan from the outside of the network to check the security of the firewall and other perimeter devices. There are other tests that can take places, such as penetration testing of the network or the physical building. These practices are generally considered to be more aggressive tests of security, as a trained analyst attempting to breach your network’s security, rather than an automated tool. But there can be more actionable data from this sort of test if you are interested in more ways to secure your network.
Unlike a compliance scan or audit that may take place once a year, constant monitoring of your network can provide real-time information about what is happening to your users each and every day. Threats like ransomware and worms are fast-moving and can infect a whole environment without proper monitoring. When a team is brought in to monitor a network they will use technology devices such as SIEM (Security Information and Event Management) to provide real-time analysis of security alerts. These alerts can provide actionable data to your IT staff about which users may have had their account compromised, who is accessing certain information on your network when malware is downloaded onto a device and more. There may be some recommendations from the security team about improvements to the security of the network, but predominantly they will block active Indicators of Compromises and provide information about possible attacks as they happen.
Some companies choose to have their in-house staff handle security monitoring, but it has become increasingly common to have security monitoring outsourced. This is because it is exponentially more affordable to have outsourced security staff, especially if you are looking for 24/7/365 monitoring. Monitoring can take place just during business hours, with after hour alerts being resolved the next day or by an on-call person. However, hiring an out-sourced security staff to monitor 24/7/365 is often more affordable than having a single analyst monitoring just during the day. It is beneficial to have someone watch alerts from your environment at all hours of the day to provide the much-needed response time against aggressive malware such as ransomware.
So, which do you choose? Compliance scanning or constant monitoring? At Intrinium, we are big believers that both security tools are necessary for a company to be truly secure. Scanning, whether security or compliance, can provide actionable data to keep your network secure and up to date. Constant monitoring provides you a jump start against attackers trying to get into your network. No matter what happens, you know that someone will be there watching for anomalies. The next step, though, no matter which you decide you need first, is to find a team. And that can be quite a decision., that we will explore in Part 3 of this blog series. If you are interested in learning more about the Compliance and Audit Scanning and Penetration Testing that Intrinium does, please check out more on our website here.