10 Steps to Cyber Security
Logging and Monitoring
The strengths of monitoring, often referred to as post-breach detection, lies not in looking for things that may cause harm, but rather in assuming that something, or someone, has already managed to sneak in.
Monitoring can take many forms, from anti-malware Endpoint Detection & Response solutions looking at the behaviour of users and processes on endpoints, to SIEM (Security information and event management) and SOC (Security Operations Centre) solutions that monitor telemetry from a range of disparate devices across the entire infrastructure (on-prem and cloud).
Each has its own use and each forms an invaluable part of your overall security strategy.
When selecting a monitoring product it is important to consider the needs of your business, if you are not running huge database instances, web servers and vast amounts of network infrastructure then a full SIEM solution may be unnecessary – utilising a robust endpoint and network monitoring solution may provide you with sufficient confidence that you are watching what is going on in your environment.
10 Steps to Cyber Security
Episode 7: Logging and Monitoring
Episode 7 of our 10 Steps to Cyber Security series explores why logging and monitoring are essential to detecting modern cyber threats. It highlights how continuous visibility across your systems helps identify suspicious activity early – especially when threats bypass traditional endpoint protection or stem from insider actions.
Solutions for Logging and Monitoring
Security Information & Event Management
SIEM is a solution that combines Security Information Management and Security Event Management. Modern SIEM solutions such as Logpoint also include SOAR technology to automate threat response and UEBA to detect threats based on abnormal behaviour.
Together they provide accelerated detection and response to security events or incidents within your environment, as well as a centralised, comprehensive view of the security posture of your IT infrastructure and gives cyber security professionals insight into the activities within their environment.
Solutions such as Logpoint SIEM and UEBA make light work of monitoring events and information from multiple event sources.
Endpoint Detection & Response
EDR, sometimes now called XDR (eXtended Detection & Response) could be considered a simplified version of a SIEM solution.
It performs a similar function, but instead of drawing security and event telemetry from multiple different sources and solutions, it uses information from the vendor’s endpoints (Sophos Intercept X or Microsoft Defender for Endpoint).
Sophos XDR differs from the Microsoft offering in that it is able to analyse telemetry from other Sophos appliances such as firewalls, switches and wireless access points – hence the eXtended moniker – in doing so a more complete picture can be compiled.
Managed Detection & Response
An extension of EDR/XDR capabilities is to employ threat specialists to both monitor the dashboards for signs of possible compromise.
Typically, threat hunters are individuals with years of experience in cyber security fields, often associated with ethical hacking or penetration testing.
Their level of experience in conjunction with the AI of the XDR solution allows them to use both visible evidence together with a degree of intuition to actively combat potential threats before any damage is caused.
Managed Detection & Reponse is a 24/7 service offered by Sophos and provides round the clock peace of mind that systems are being effectively policed.
10 Steps to Cyber Security:The Checklist
To enhance our ’10 Steps to Cyber Security’ series, we’ve consolidated all the essential steps into a single, comprehensive checklist.
This streamlined resource is designed to provide you with a clear and actionable framework to bolster your organization’s cyber defences.
Once you’ve explored the checklist, take your understanding further with our in-depth video series below, where we break down each step in more detail.
Speak With an Expert
Enter your details and one of our experts will be in touch.
Whether you’re looking to implement basic cyber security best practice, improve your existing defences, or introduce a new system or solution, our team of expert consultants, engineers, and ethical hackers are here to help.
Our team specialise in creating bespoke security solutions and testing packages to improve and maintain your security posture.
We are 100% vendor agnostic and will only ever recommend the best products and solutions for your requirements.
