With cyber threats being a key risk for most businesses, interest in ‘always on’ security monitoring services continues to rise.
But is a Unified Security Management (USM) service right for your business, and what can you expect to get in return for your investment?
According to research conducted by IBM, the mean-time-to-identify (MTTI) a breach is 197 days, and the mean-time-to-contain (MTTC) is 69 days. That’s a long time for your business to be vulnerable.
Being prepared, knowing what to protect in the first place, and knowing how to prevent, respond to, and recover from a cyber-attack is crucial. And that’s where USM can help.
When considering USM, there are three important questions to ask:
- Do you have the ability to detect a breach?
- Do you have the ability to respond to a breach?
- Do you have an incident response plan?
If the answer to these questions is no, then USM could be a good solution.
So, what can you expect from USM?
When you implement a USM service, you’re ultimately gaining the following:
- Dedicated security resource – Our Security Operations Centre in Auckland is manned 24/7 by a minimum of two employees. That means that when you’re sleeping, someone is always keeping an eye on things. And, with most attacks originating overseas and in different time zones – this means that when it’s an attacker’s peak time, the fact New Zealand is in ‘downtime’ isn’t going to hinder your defences.
- Instant detection – when an alarm is tripped, our team jump into action to analyse and investigate the threat and alert you the customer. They’ll also provide practical advice on what safety measures need to be put in place.
- Proactive not reactive support – As part of USM, we also look out for potential vulnerabilities in your environment to stop an event before it occurs. We do this through asset discovery scans, regular vulnerability assessments and by deploying behaviour analysis rules.
- Five essential security capabilities in a single console – USM gives you everything you need to manage both compliance and threats in a single dashboard with pre-set reporting.
- Incident response planning – as part of the USM process, you’ll also work alongside a senior Aura consultant to develop an incident response plan. This plan will cover six key steps
1. Preparation: Preparing users and IT to handle potential incidents in case they happen (and let’s face it, we know they will).
2. Eradication: Finding and eliminating the root cause (removing affected systems from production).
3. Identification: Figuring out what we mean by a “security incident” (which events can we ignore vs. which we must act on right now?).
4. Recovery: Permitting affected systems back into the production environment (and watching them closely).
5. Containment: Isolating affected systems to prevent further damage (automated quarantines are our favourite).
6. Lessons Learned: Writing everything down and reviewing and analysing with all team members so you can improve future efforts.
Still not sure? Why not come take a look behind-the-scene at our Security Operations Centre (SOC) in Auckland? Get in touch and we can set up a viewing time.