printer friendly version

Cybersecurity operations done right

Cybersecurity operations handle the daily tasks and activities related to cybersecurity. However, for smaller companies, the costs associated with acquiring the necessary skills and tools can be very high. So, how can these organisations establish and maintain their security profile amid constant attacks and evolving technology?

One answer is a managed security service provider (MSSP), a third-party organisation that delivers outsourced monitoring, management, and response to cybersecurity threats. MSSPs rely on cloud-based services to monitor and manage customers’ infrastructure, typically with onsite assistance available when issues arise. In larger businesses, the MSSP may even have staff permanently based at the customer’s location to keep the cyber wheels tuned.

In our last issue of the year, SMART Security Solutions asked Ethan Searle, director of business development at LanDynamix, for some insights into the cybersecurity tools and services available to businesses, both small and large.

SMART Security: What can managed security services offer companies on limited budgets?

Ethan Searle.

Searle: In the absence of in-house security personnel and comprehensive, multi-layered security solutions, managed security services offer a viable solution. Organisations, of all sizes, must ensure they have access to the full spectrum of security solutions and services that are crucial to their operations if they are to stay ahead of the attacker’s next move, before it happens.

Automation and AI are not only aiding the bad guys in gaining access to your network and systems, but they are also a powerful enabler of MSPs, who can now offer more efficient solutions at a lower price. Economies of scale have reduced the pricing of these solutions, so businesses with limited budgets must investigate them before making a decision based on conjecture rather than facts. For example, the price tag of a fully-fledged security operations centre piece of software has dropped by 50% over the past three years alone. This puts resilience within reach of more businesses at a time when they need it most.

A managed service offering with a highly skilled MSSP can provide the highest level of protection against today’s sophisticated threats to even the smallest firms. MSSPs offer SMEs the prospect of a good night’s sleep, knowing their business is secure and in the hands of experts, allowing them to focus on running their company. SMEs can rely on the in-house expertise and support of an MSP, because, let us face it, the success of the service provider’s business is totally interwoven with that of their customer.

SMART Security: Are cybersecurity security operations centres (SOCs) best run onsite or in the cloud (or both)?

Searle: SOCs are unquestionably best run in the cloud; it is the best option for various reasons. Around 70% of all breaches can be detected by AI, while the remaining 30% require analyst intervention. From a cost perspective, it does not make sense to have an analyst on site all the time.

AI reduces response time and analyst workload. For example, our approach is to help customers stay ahead of evolving cybercrime and increasingly sophisticated, tech-savvy cybercriminals. We achieve this by leveraging adaptive AI from an industry-leading extended detection & response (XDR) platform, combined with expert-led managed detection & response (MDR) services. Anomalies trigger SOAR workflows that detect, contain, and neutralise threats – while continuously improving your security posture.

SMART Security: Are cloud-based cybersecurity services really fully integrated into each client’s operations, and can they respond quickly enough? (And how?)

Searle: Yes, cloud-based cybersecurity services are truly fully integrated in client operations. This is achieved through API integration and the forwarding of system logs, which deploy an endpoint agent that pulls the data into the system. Behavioural anomalies can be detected immediately, and the affected endpoint can be isolated and then disabled.

SMART Security: How can security information and event management (SIEM) tools assist?

Searle: LanDynamix uses an industry-leading SIEM platform, combined with security orchestration, automation, and remediation (SOAR), to address cybersecurity challenges. We use wide-ranging telemetry data, which is ingested into the SIEM, enriched with human-led threat hunting and AI-powered anomaly detection. Anomalies in network and user behaviour trigger AI-powered, expert-led SOAR workflows that hunt, detect, and neutralise attacks, while continuously strengthening the client’s security posture.

SMART Security: How does a company select a reliable managed security services provider (MSSP) and not a fly-by-night?

Searle: What businesses of all sizes must look for in an MSSP is one with a business approach to their organisation that can deliver the level of support required. Characteristically, this is an MSSP who takes the time to understand your business, the challenges in your sector and sets out to solve the business problem. What you do not need is an MSSP trying to convince you to buy a pink plug to stick into a blue socket. Cybersecurity is a business issue, not a technical one. Yes, technology is an enabler, but only insofar as the right technology, deployed appropriately and managed with skill, addresses the business problems. Cybercrime is constantly evolving; hence, cybersecurity measures must be reviewed constantly if you are to remain one step ahead of the bad guys. Do SME business owners have time to do that? I doubt it – the right MSSP will ensure your business is protected, and even in the event of an attack, that operations are back up and running in real time, without loss of data.

SMART Security: What about the dreaded Human Factor?

Searle: The human factor in cybersecurity refers to individuals’ actions, behaviours, and vulnerabilities that create security risks, making them a major threat in breaches, often via social engineering tactics like phishing. Mitigating this requires a multi-faceted approach, including continuous user training, fostering an open security culture, improving user-friendly system design, and implementing clear policies to build resilience and reduce human-derived risk.

LanDynamix protects identities with machine learning that builds user behavioural baselines. This means that any deviation from the behavioural patterns generally displayed by users on the network automatically triggers alerts. This results in real-time threat responses, ensuring our customers’ environments are secure and operational.

Share this article:

Further reading: