Logging & Monitoring
10 Steps to Cyber Security
Logging and Monitoring
With cyber threats becoming increasingly advanced and increasingly adept at avoiding detection, anti-malware protection on the endpoint is not always going to be enough, especially from insider threats.
This is why monitoring forms a key area of modern cyber defence.
Monitoring
The strengths of monitoring, often referred to as post-breach detection, lies not in looking for things that may cause harm, but rather in assuming that something, or someone, has already managed to sneak in.
Monitoring can take many forms, from anti-malware Endpoint Detection & Response solutions looking at the behaviour of users and processes on endpoints, to SIEM (Security information and event management) and SOC (Security Operations Centre) solutions that monitor telemetry from a range of disparate devices across the entire infrastructure (on-prem and cloud).
Each has its own use and each forms an invaluable part of your overall security strategy.
When selecting a monitoring product it is important to consider the needs of your business, if you are not running huge database instances, web servers and vast amounts of network infrastructure then a full SIEM solution may be unnecessary – utilising a robust endpoint and network monitoring solution may provide you with sufficient confidence that you are watching what is going on in your environment.
Solutions for Logging and Monitoring
Security Information & Event Management
SIEM is a solution that combines Security Information Management and Security Event Management. Modern SIEM solutions such as Logpoint also include SOAR technology to automate threat response and UEBA to detect threats based on abnormal behaviour.
Together they provide accelerated detection and response to security events or incidents within your environment, as well as a centralised, comprehensive view of the security posture of your IT infrastructure and gives cyber security professionals insight into the activities within their environment.
Solutions such as Logpoint SIEM and UEBA make light work of monitoring events and information from multiple event sources.
Endpoint Detection &
Response
EDR, sometimes now called XDR (eXtended Detection & Response) could be considered a simplified version of a SIEM solution.
It performs a similar function, but instead of drawing security and event telemetry from multiple different sources and solutions, it uses information from the vendor’s endpoints (Sophos Intercept X or Microsoft Defender for Endpoint).
Sophos XDR differs from the Microsoft offering in that it is able to analyse telemetry from other Sophos appliances such as firewalls, switches and wireless access points – hence the eXtended moniker – in doing so a more complete picture can be compiled.
Managed Detection & Response
An extension of EDR/XDR capabilities is to employ threat specialists to both monitor the dashboards for signs of possible compromise.
Typically, threat hunters are individuals with years of experience in cyber security fields, often associated with ethical hacking or penetration testing.
Their level of experience in conjunction with the AI of the XDR solution allows them to use both visible evidence together with a degree of intuition to actively combat potential threats before any damage is caused.
Managed Detection & Reponse is a 24/7 service offered by Sophos and provides round the clock peace of mind that systems are being effectively policed.
Protect Your Data. Secure Your Organisation.
How To Prevent Cyber Attacks with Logging and Monitoring
Adam Gleeson, Vendor Alliance Manager at CyberLab, explores how logging and monitoring can help your organisation in the detection of cyber threats and securing your digital landscape. He covers:
- Why do we need logging and monitoring?
- How do we do logging and monitoring?
- Identifying the right solution
- Our Recommendations
Our Vendor Partners
We work alongside the most reputable vendors in cybersecurity to ensure your people can work safely from anywhere.
Speak With an Expert
Enter your details and one of our specialists will be in touch.
Whether you’re looking to implement basic cyber security best practice, improve your existing defences, or introduce a new system or solution, our team of expert consultants, engineers, and ethical hackers are here to help.
Our team specialise in creating bespoke security solutions and testing packages to improve and maintain your security posture.
We are 100% vendor agnostic and will only ever recommend the best products and solutions for your requirements.