DMS Alerts Should Be Key To Organisations’ Security Orchestration

Uploaded on 2022-09-05 in TECHNOLOGY--Resilience, FREE TO VIEW

Research shows that the Security Orchestration, Automation and Response (SOAR) Market is expected to grow by 15.8% (CAGR) from 2022 to 2027. That’s not surprising, given the perfect storm of conditions that have been brewing since the onset of the pandemic. 

Ransomware and other cyber attacks are on the increase, particularly now that remote and hybrid working present new attack surfaces, while at the same time, over-stretched IT teams means there’s a paucity of cyber security skills available to deploy against the rising threat. 
 
To help keep their heads above water, many organisations are investing in security orchestration to streamline their wider security operations centre (SOC) strategy, connecting siloed security tools, such as Security Information and Event Management (SIEM), to help automate threat alerts, monitoring, and remediation.

However, an essential element is often ignored as part of this streamlined security strategy: the organisation’s document and email management system (DMS). 

This is a significant oversight, because the DMS houses “the crown jewels” of the organisation: valuable client information, confidential documents, and other sensitive files. This is especially the case at professional services firms such as law, accounting, and financial services, all of whom are lucrative targets for cyber security criminals, due to the nature of privileged data they hold. 

So, why does this gap in the overall security strategy tend to form - and how can it be best addressed? 
 
Outside The Normal Flow

The key focus of IT is to look after the infrastructure and the widely used systems connected within this infrastructure: networking components, communication systems, endpoint devices, and so on. As a general rule, if a system sits within “infrastructure”, IT is in charge of monitoring, analysing and identifying any emerging threat patterns around it.

So far, so good. But when you're looking at a more dedicated or specialised type of system – like a DMS – it often may not fall under the umbrella of IT. It could be seen as belonging to an individual business department, or whichever teams are most heavily using it.

Here’s where we run into a problem. The SOC team relies on their SIEM dashboards to monitor attack patterns across the infrastructure but isn’t getting alerts or real-time information from potential insider or external threats involving the DMS. Instead, these alerts may go to a senior member of the department using the DMS or the CIO. Or they may not be getting picked up at all.

Allowing the DMS to sit outside the standardised flow of incident monitoring and threat management like this is problematic. But there is a better way. Incorporating DMS-centric threat patterns and alerts gives the SOC team access to an additional set of data points that can help determine whether a threat is actually present or not and if it warrants further action. This can include usage patterns that might indicate if something out of the ordinary is happening, such as data exfiltration from disgruntled employees, misuse of privileged accounts or stolen credentials.

Integration Is Key

To break down any silos in their security operations strategy, organisations need to consider an integrated approach that brings threat monitoring capabilities from all systems and applications, especially those holding sensitive data, together in the same place.

From a practical perspective, organisations should ask their current or prospect DMS providers if their application offers threat monitoring based on usage analytics and integration of any DMS alerts into the SOC team’s SIEM tool of choice via industry standard services, such as REST APIs. 

This is the goal for organisations to shoot for – one that effectively eliminates any gaps and risk of data loss that stem from not incorporating the DMS into an integrated SOC ecosystem.

The DMS Needs To Be Part Of The Conversation

#SOC teams are already overworked and operating in high-pressure environments. Security orchestration and automation provides an effective way to reduce that stress, but in taking a streamlined approach, organisations shouldn’t forget about their DMS. Especially if their DMS already provides the means to communicate with their integrated IT security stack.

The DMS needs to be part of the conversation. If it’s not, organisations will continue to have a gap that they’ll need to mind.

Manuel Sanchez is Global Product Marketing Manager at iManage

You Might Also Read:

Detect Spoofing Before Your Organisation Suffers Fraud:

 

« Chinese Internet Companies Required To Disclose Algorithm Data
US Government Will Invest $15 Billion In National Cyber Security »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Armor

Armor

Armor provide managed cloud security solutions for public, private, hybrid or on-premise cloud environments.

Nordic IT Security

Nordic IT Security

Nordic IT Security is a cyber security business forum in Scandinavia bringing together the converging worlds of IT, Cyber and Information Security.

CERT.AZ

CERT.AZ

The national Cyber Security Center of the Republic of Azerbaijan.

Fidelis Security

Fidelis Security

Fidelis Security is a leading provider of extended threat detection and response (XDR) solutions for your security operations.

CyberSmart

CyberSmart

CyberSmart is a platform that allows you to maintain compliance, achieve certification and secure your organisation.

MAY Cyber Technology

MAY Cyber Technology

MAY Cyber Technology is a Security Management solutions provider located in Turkey & Germany.

Ogasec

Ogasec

Ogasec is a cybersecurity company formed by the merger between Aker and N-Stalker in 2017. Solutions include Security & Connectivity Networking, Application Security, and Managed Security Services.

Navarino

Navarino

Navarino is the maritime industry’s most advanced communications and connectivity company. We develop advanced technologies and innovative IT solutions including cyber security.

Argo Group

Argo Group

Argo is an international underwriter of specialty insurance. Argo Cyber offers a full spectrum of coverage solutions related to professional and technology services.

Tangible Security

Tangible Security

Tangible employs the most sophisticated cyber security tools and techniques available to protect our clients’ sensitive data, infrastructure and competitive advantage.

VirtualArmour

VirtualArmour

VirtualArmour is a managed security services provider with global reach and local attitude.

Armenia Startup Academy

Armenia Startup Academy

Armenia Startup Academy is a pre-acceleration program for selected Armenian tech companies and startups in areas including cybersecurity.

Cybermerc

Cybermerc

Cybermerc's services, training programmes and cyber security solutions are designed to forge collaborations across industry, government and academia, for collective defence of our digital borders.

Safetech Innovations

Safetech Innovations

Safetech Innovations is a team of cyber security experts, always at your service. We use human and cyber intelligence to help your business in uncertain times.

Lattice Semiconductor

Lattice Semiconductor

Lattice Semiconductor solves customer problems across the network, from the Edge to the Cloud, in the growing communications, computing, industrial, automotive and consumer markets.

PT Kubus Hitam Indonesia

PT Kubus Hitam Indonesia

Kubus Hitam are a research-based company focused on cyber security. we strongly believe that innovation and safety are the two keywords for the future business market.