Security can be viewed as an immune system for your business. The immune system consists of a number of different security solutions and measures. The security monitoring is at the heart of the immune system. It complies information from all other components of the company’s immune system, formalizes the information and generates alarms for unwanted events. It is through evaluating the alarms you detect security threats and avert them.
The question is not whether you should do this type of monitoring or not, it is most definitely necessary, the question is: should you do it yourself or buy it as a service?
Do it yourself
If you choose to do it yourself, you have two options: build it or buy it.
Almost regardless which resources you have in your IT department, you can buy a product. The problem does not occur until the product you have bought starts collecting logs and generating alarms. Do you have the time to work on getting to the bottom of hundreds of alarms? On average it takes 280 days to identify and stop a breach, according to IBM.
In addition to the time and resource aspect, a new issue arises: do you have the right competency? You need a particular type of competency when working on understanding logs and alarms. Having knowledge on firewall- or network security is not enough. If you have the competency you can do the security monitoring yourself, but if the competency is missing in your company you have other options.
Buy it as a service
The second option is to buy security monitoring as a service. When you buy it as a service, you do not need to analyse logs yourself. You will instead get two lists. One list with cases where nothing is wrong, but where action still is required as the layout is not optimal. The second list will contain cases where the alarm went off and immediate action is required. Getting to the bottom of what the logs mean requires a lot of time and expertise in the field, meaning that you might not find these lists on your own.
If you decide to purchase security monitoring as a service, a new question arises: how do you choose the right partner? You should choose a provider who thinks you are important. One who is similar in size to you and who knows the market you operate in. It might also be worth thinking about what you can do for your supplier. If you complete these points, you will have a good partnership rather than a customer-supplier relationship.