Who Is Watching The Watchers?

Small and large businesses have been subject to successive waves of malicious cyber-attacks and accidental data breaches, which have spurred heightened spending and hasty decision-making on cybersecurity.

Weak cybersecurity practices or relying on a provider in its entirety aren’t wise. Even if you have the “gold” package, you should still perform vendor assessment, internal review, and further validation of your security.

Are you watching the watchers?

With no signs of stopping, the number of data breaches and ransomware attacks is increasing, and the number of entrants in the space is soaring. Since the Covid-19 pandemic outbreak in March 2020, 15 new unicorns have emerged in the cybersecurity sector, six last year and nine this year. Gartner predicts $150bn will be invested in cloud cybersecurity in 2021.

Clearly, there is a need for greater cybersecurity (as well as venture capitalist funding), but are we in the best position to judge how well third-party cybersecurity providers are protecting clients and themselves?

Although we assume our cybersecurity vendor is highly competent, secure, and effective, we should not forget that vendors also have vendors. The supply chain ecosystem has become more complex and interconnected as X-as-a-platform and software companies have enabled outsourcing and simplified various processes for businesses of all types.

Outsourcing part or all of your proactive cybersecurity efforts should still be considered with the understanding that all activities are ultimately under your scrutiny. Regardless of how capable a vendor appears, it only takes one slight, barely noticeable kink in the process for everything to come crashing down, meaning claiming ignorance is no longer an option.

The security gaps and the scramble to cover them

Businesses are scrambling to find add-on solutions for the latest malware protection and opting for the enterprise-grade tier features, but these still do not render a system impenetrable.  

Security gaps will forever remain because there is no perfect technology. Continual updates and system changes can lead to new bugs that hackers might exploit or a data leak that goes undetected. Add-ons can create complexity within a system, potentially causing other security measures to switch off without explicit instruction. 

It can be common for organizations to rush the implementation and deployment of new security tools in response to industry news and stakeholder panic. Still, even the most expensive solution will be useless if the configuration hasn’t been followed correctly.  

In light of this, it’s essential to thoroughly test your defensive perimeters for any gaps after deployment so you get there before any attackers do. 

How to know if your cybersecurity vendor is protecting you

Most organizations have a Security Operations Centre (SOC), which comprises teams, processes and technologies. Their primary focus is to detect, prioritize and mitigate cyber incidents and risks. 

In its simplest form, a SOC should:

  • Monitor and manage: firewalls and unified threat management technology, Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS), web and email gateways.
  • Conduct short-term analysis and logging of real-time data feeds for potential cybersecurity threats.

A business’ SOC may be entirely in-house, entirely outsourced, or a hybrid of the two. However, the most critical aspect of a SOC, no matter its makeup, is its appropriate and relevant services to the organization it serves. 

Here is a good way to check and review this: 

  1. Determine which cybersecurity controls exist but are not being effectively employed. There might be technical difficulties, a lack of expertise, or even failure to deploy.
  2. Identify the services your organization wants (i.e. threat intelligence) but can’t implement due to a lack of qualified staff or an inability to meet the scale needed. 

Using this quick two-step analysis will show the gaps you have, so you can start moving towards filling them in. You might find, as a result, that more advanced settings are needed, such as: 

Getting back to the credibility of a SOC vendor and assessing their own security and client security, here are some fundamentals to look out for.

  1. They provide a customer portal using MFA and role-based access control for entry, showing various analyses and reports customized for different user types. 
  2. They provide a 24/7, 365 service via multiple communication methods. 
  3. Their services can be integrated into your business’ security incident response.
  4. Their own services are distributed from a minimum of two geographically distanced sites to ensure redundancy and quick disaster recovery.
  5. Their own staff is certified in the cybersecurity technologies they’re offering.  
  6. If compliance requires, they can offer services from a specific location.

Further security validation

While having a SOC vendor can reduce some of the time-consuming, admin-heavy elements and lighten the overall load of cybersecurity, performing additional security validation will give you confidence in your security posture. 

Vulnerability Scanning

Vulnerability scans essentially hunt for vulnerabilities within your system and report back on them. This is usually a passive activity completed by software, which can be automated for regular checks. 

Penetration Testing

Penetration Testing (or PenTesting) is more active in that a “hacker” will attempt to find the vulnerabilities and exploit them as a malicious attacker would. PenTesting usually starts to validate the vulnerabilities found from the scanning process and then will use reconnaissance tools to go deeper.

Breach and Attack Simulations (BAS)

BAS combines the DIY model with some additional help from software as a Service (SaaS) technology as a mix of the two. The BAS software sits on your network and simulates attacks using malware and hacking tools. The primary focus is to trigger and monitor responses from your security solution without the damage of an actual malware attack. 

BAS helps to: 

  • Identify gaps in your browser, email, and website defenses 
  • Check the strength of your firewall 
  • Test common social engineering tactics 
  • Test your endpoint security solutions 
  • Identify potential network attack vectors 

Blue vs Red vs Purple Teaming

A game of opposition but with a twist to bring the enemies together. 

As defenders, the blue team gathers all data and analyses it to defend against the attackers. A company’s own SOC or cybersecurity personnel usually handle this.

The red team uses ethical hacking methods to break into the system, discover vulnerabilities and exploit them. Red teams are often independent security teams brought in to test the security and response capabilities of the internal team in the event of an actual attack. 

The purple team is the negotiators, made up of members from both red and blue teams. The aim is to share insight from each side to strengthen the organization’s overall security posture and facilitate better communication and collaboration. 

Key takeaways

Cybersecurity responsibility is both shared and individual.

Evaluating SOC services and providers to ensure they’re meeting the needs of the business and requirements of the industry falls on the individual company. You are at the same risk of having no protection if you are not reviewing this regularly.

Knowing how your SOC provider implements and ensures their own security will give you the confidence and firsthand knowledge that you, as the stakeholder, have done all you can. 

Despite its length and specificity, your provider’s tick sheet is your ultimate line of defense.

Get instant access to the latest advancements of a centralized global intelligence-led SOC that is designed to detect and mitigate threats before they have an impact.
Gerhard Conradie Co-Founder and Global Head of Solutions Architecture at Enhalo
Gerhard Conradie

Gerhard, Co-Founder and Global Head of Solutions Architecture, sees quality staff as the most important asset to any business, and believes that giving them the space to grow as much as they are willing and able to, motivates them to grow Enhalo as well.

Supply Chain Threat Detection

Cyber criminals have upped their game, so should you. We never underestimate or ignore your supply chain's security threats.

Security Operations Center

Financial losses, intellectual property theft, and reputational damage due to security breaches can be prevented.

SOC Assurance Service

Despite a mature Security Operations Center, you're still under threat. Our SOC Assurance mitigates the risk of unnoticed breaches.

Emergency Cyber Response

Regain immediate control, contain the damage, and eradicate the threat. Your bullet-proof, SOS rapid response.

Agentless Network Segmentation

Rely less on vulnerability management and rest assured that the threat won’t spread across your network.

Cyber Risk Assessment

Understand how vulnerable you are. We identify your threat sources and calculate your risks – likelihood and impact.

Endpoint Detection and Response

This solution is for customers that do not have extensive security budgets or staffing to implement and monitor an endpoint security solution.

Irregular Behavior Detection

Companies focus heavily on malicious outsider mitigation, while the biggest threat lies with those who already have access.

Penetration Testing Services

A penetration test is arguably the most important part of any cybersecurity journey, it tests an organization’s ‘final line of defense’ against attackers.

Security Awareness Training & Testing

With cybersecurity awareness training, the risk of human error can be reduced, turning human error into a human firewall.

Insights

360 Security
Must Know Cyber
Security Services

Resources

WEBINARS
MEDIA
SON OF A BREACH
CASE STUDIES
USE CASES

Cyber Security Services

Supply Chain Thread Detection
Security Operations Center
SOC Assurance Service
Emergency Cyber Response
Agentless Network Segmentation
Cyber Risk Assessment

Supporting Cyber Security Services

Endpoint Detection and Response
Irregular Behavior Detection
Penetration Testing
Security Awareness Training and Testing

Related Posts

Cyberattack Emergency

Are you experiencing an active cyberattack?

Get rapid response.

Call ENHALO’s International SOS no:
For Other Inquiries: