DMS Alerts Should Be Key To Organisations’ Security Orchestration

Research shows that the Security Orchestration, Automation and Response (SOAR) Market is expected to grow by 15.8% (CAGR) from 2022 to 2027. That’s not surprising, given the perfect storm of conditions that have been brewing since the onset of the pandemic. 

Ransomware and other cyber attacks are on the increase, particularly now that remote and hybrid working present new attack surfaces, while at the same time, over-stretched IT teams means there’s a paucity of cyber security skills available to deploy against the rising threat. 
 
To help keep their heads above water, many organisations are investing in security orchestration to streamline their wider security operations centre (SOC) strategy, connecting siloed security tools, such as Security Information and Event Management (SIEM), to help automate threat alerts, monitoring, and remediation.

However, an essential element is often ignored as part of this streamlined security strategy: the organisation’s document and email management system (DMS). 

This is a significant oversight, because the DMS houses “the crown jewels” of the organisation: valuable client information, confidential documents, and other sensitive files. This is especially the case at professional services firms such as law, accounting, and financial services, all of whom are lucrative targets for cyber security criminals, due to the nature of privileged data they hold. 

So, why does this gap in the overall security strategy tend to form - and how can it be best addressed? 
 
Outside The Normal Flow

The key focus of IT is to look after the infrastructure and the widely used systems connected within this infrastructure: networking components, communication systems, endpoint devices, and so on. As a general rule, if a system sits within “infrastructure”, IT is in charge of monitoring, analysing and identifying any emerging threat patterns around it.

So far, so good. But when you're looking at a more dedicated or specialised type of system – like a DMS – it often may not fall under the umbrella of IT. It could be seen as belonging to an individual business department, or whichever teams are most heavily using it.

Here’s where we run into a problem. The SOC team relies on their SIEM dashboards to monitor attack patterns across the infrastructure but isn’t getting alerts or real-time information from potential insider or external threats involving the DMS. Instead, these alerts may go to a senior member of the department using the DMS or the CIO. Or they may not be getting picked up at all.

Allowing the DMS to sit outside the standardised flow of incident monitoring and threat management like this is problematic. But there is a better way. Incorporating DMS-centric threat patterns and alerts gives the SOC team access to an additional set of data points that can help determine whether a threat is actually present or not and if it warrants further action. This can include usage patterns that might indicate if something out of the ordinary is happening, such as data exfiltration from disgruntled employees, misuse of privileged accounts or stolen credentials.

Integration Is Key

To break down any silos in their security operations strategy, organisations need to consider an integrated approach that brings threat monitoring capabilities from all systems and applications, especially those holding sensitive data, together in the same place.

From a practical perspective, organisations should ask their current or prospect DMS providers if their application offers threat monitoring based on usage analytics and integration of any DMS alerts into the SOC team’s SIEM tool of choice via industry standard services, such as REST APIs. 

This is the goal for organisations to shoot for – one that effectively eliminates any gaps and risk of data loss that stem from not incorporating the DMS into an integrated SOC ecosystem.

The DMS Needs To Be Part Of The Conversation

#SOC teams are already overworked and operating in high-pressure environments. Security orchestration and automation provides an effective way to reduce that stress, but in taking a streamlined approach, organisations shouldn’t forget about their DMS. Especially if their DMS already provides the means to communicate with their integrated IT security stack.

The DMS needs to be part of the conversation. If it’s not, organisations will continue to have a gap that they’ll need to mind.

Manuel Sanchez is Global Product Marketing Manager at iManage

You Might Also Read:

Detect Spoofing Before Your Organisation Suffers Fraud:

 

« Chinese Internet Companies Required To Disclose Algorithm Data
US Government Will Invest $15 Billion In National Cyber Security »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Assure Technical

Assure Technical

Assure Technical offers a holistic approach to Technical Security. Our expertise and services span across the Physical, Cyber and Counter Surveillance domains.

HSI Cyber Crimes Center

HSI Cyber Crimes Center

HSI's Cyber Crimes Center delivers computer-based technical services to support domestic and international investigations into cross-border crime.

National Cyber Security Centre (NCSC) - Netherlands

National Cyber Security Centre (NCSC) - Netherlands

NCSC Netherlands coordinates enhancing the cyber resilience of the Netherlands in the digital domain.

Sparta Consulting

Sparta Consulting

Sparta Consulting is an information management and business development full service provider.

Parsons

Parsons

Parsons has developed a converged security offering that combines cybersecurity, integrated network solutions, and critical infrastructure protection.

Cryptovision

Cryptovision

cv cryptovision GmbH is one of the leading specialists for modern, user-friendly cryptography and solutions for secure electronic identities.

TunnelBear

TunnelBear

TunnelBear is a Virtual Private Network services provider offering secure encrypted access to the internet.

National Cyber Security Centre (NCSC) - Ireland

National Cyber Security Centre (NCSC) - Ireland

The National Cyber Security Centre (NCSC) is the operational side of the Department of Communications in regard to network and information security in the Republic of Ireland.

Inseego

Inseego

Inseego provides Enterprise SaaS solutions and IoT & Mobile solutions, which together form the backbone of intelligent, reliable and secure IoT services with deep business intelligence.

Nakivo

Nakivo

Nakivo provides fast, reliable, and affordable VM backup, replication, and disaster recovery solutions for VMware, Nutanix AHV, AWS EC2.

Ingenio Global

Ingenio Global

Ingenio is a specialist recruitment business for SaaS companies. Our purpose is to source exceptional talent in areas including cyber security for leading SaaS companies in the UK and Ireland.

ECOLUX

ECOLUX

ECOLUX is a professional IoT security service company committed to developing world-leading “IoT Lifecycle Security” technologies and products.

Zeusmark

Zeusmark

Zeusmark are a digital brand security company. We enable companies to successfully defend their brands, revenue and consumers online.

National CyberWatch Center

National CyberWatch Center

National CyberWatch Center is a cybersecurity consortium working to advance cybersecurity education and strengthen the national workforce.

Bloc Ventures

Bloc Ventures

Bloc Ventures is an investment company providing long-term, ‘patient’ equity capital to early stage unquoted deep technology companies.

Evina

Evina

Evina offers the most advanced cybersecurity and fraud protection for mobile payment.

DH2i Company

DH2i Company

DH2i is a leading provider of multi-platform Software Defined Perimeter and Smart Availability software enabling customers to create an entire IT infrastructure that is always-secure and always-on.

Truly Secure

Truly Secure

Truly Secure is an IT Service Provider that ensures greater efficiency and security within a company's technological environment.