Organisations Lack Maturity in Monitoring

Uploaded on 2015-12-07 in Directors Reports

Organizations need to dedicate more resources to logging and monitoring to combat the threat of cybersecurity incidents, CREST has warned in a new report. The non-profit accreditation body canvassed professionals from 66 mostly large organizations and found that only 41% of respondents claimed their capability for identifying suspected or actual cybersecurity incidents was high or very high.

CREST argues that the vast proliferation in connected user devices and the increase in log files generated by company IT systems are giving security professionals an ever-more daunting task when it comes to identifying threats.

The free report gives best-practice advice to companies struggling to deal with the burden of monitoring and logging responsibilities as part of a holistic security strategy. It emphasizes the need for context when carrying out monitoring. This can be achieved, the report says, by combining analysis of logs generated both internally and externally, such as cloud and MSSP logs.

In addition, organizations should apply further context with the use of intelligence data, reconnaissance information and suspicious threat activity.

Companies also need to increase their efficacy in identifying anomalies on the network, correlating such activity with existing intel, applying the right tools, and seeking the right support from external sources. The report also advocates that organizations build or outsource to a security operations center (SOC).

CREST also identified that organizations are using compliance and certification standards, such as ISO 27001 and PCI DSS, as a benchmark for their monitoring and logging – which is not a sufficient approach to safeguarding against cybersecurity incidents, says CREST president Ian Glover.

“Compliance does not equal security. Being fully compliant with standards will still leave you exposed to cybersecurity incidents and some senior management do not appreciate the rationale and importance behind monitoring and logging.”
Jason Creasey, Jerakano MD and author of the CREST report, said that organizations often suffer from a lack of budget, resources, and awareness of cybersecurity problems.

“Additionally, organizations often put blind trust in the monitoring tools they have purchased, giving them a false sense of security,” he explained.

“It is also important to understand all the surrounding processes and skills required before buying a solution; companies need to avoid putting too much focus on products, rather than using them to support applications such as intrusion monitoring, change management, incident response and business continuity.”

Infosecurity- Magazine: http://bit.ly/1O5CRUz

 

« Combat the Insider Cyber Threat
Insurance & Cyber Vulnerability - Get Your Report for 2016 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Varonis

Varonis

Varonis provide a security software platform to let organizations track, visualize, analyze and protect their unstructured data.

Arxan Technologies

Arxan Technologies

Arxan is a leader of application attack-prevention and self-protection products for Internet of Things (IoT), Mobile, Desktop, and other applications.

CybSafe

CybSafe

CybSafe is a cloud-based platform focussed on addressing the human component of cyber security - an intelligent approach to awareness training.

Swedish Civil Contingencies Agency (MSB)

Swedish Civil Contingencies Agency (MSB)

MSB's Information Assurance Department is responsible for supporting and coordinating work relating to Sweden's national societal information security.

Cyverse

Cyverse

Cyverse is a cyber-security firm which provides corporations with state-of-the-art cyber-security service-based and technological solutions made in Israel.

Garrison

Garrison

Garrison SAVI® is a unique technology for secure remote browsing that can dramatically change the risk profile for enterprise cyber security.

Netlawgic Legal Services

Netlawgic Legal Services

Netlawgic is exclusively focused on delivering cyber law solutions to the industry. We provide our clients with specialized attention and problem solving in all aspects of cyber law.

CIBR Warriors

CIBR Warriors

CIBR Warriors are a leading cyber security and networking staffing company that provides workforce solutions with businesses nationwide in the USA.

Xperience

Xperience

Xperience solves our clients’ toughest challenges by delivering business efficiency through digital transformation solutions across cloud, managed IT, CRM and ERP.

IPKeys Cyber Partners

IPKeys Cyber Partners

IPKeys Cyber Partners, together with the IPKeys Power Partners unit, provide Cyber Security and CIP Compliance for utilities, grid operators and public safety organization across the USA.

ExtraHop

ExtraHop

ExtraHop's dynamic cyber defense platform uses cloud-scale AI to help enterprises detect and respond to advanced threats - before they compromise your business.

Cytek

Cytek

Cytek is a leading provider of cybersecurity and HIPAA compliance for dental practices and other industries.

AFRY

AFRY

AFRY is a world leading engineering company, trusted as a supplier of services and solutions within the industry, energy, and infrastructure sectors as well as for authorities.

DESCERT

DESCERT

DESCERT offers you an extended IT, cyber security, risk advisory & compliance audit team which provides strategic guidance, engineering and audit services.

HIFENCE

HIFENCE

HIFENCE delivers cybersecurity and networking services that make your company safer and more secure. That’s all we do, so you can concentrate on all the things that you do best.

Tracebit

Tracebit

Tracebit uses decoys to detect and respond to cloud intrusions in minutes.