Overwhelmed by the hype from security vendors in overdrive? Notice the innovation and trends and feel like jumping on the bandwagon? It’s a urge that many buyers in mid-size companies feel and it can be overpowering. That flashy vendor demo, that rousing speech at a tradeshow, that pressure of keeping up with the Joneses. So what have you done for your security lately is a nagging thought.
Relax and take a deep breath. Let’s look calmly and identify some security actions that you can take which a) won’t break the budget b) can be practically implemented and c) will scale.
What is the reality?
- You don't have a security expert on staff. Likely you can’t find or retain one due to the critical skill shortage which won’t end anytime soon.
- You have invested mostly in prevention (firewall, antivirus) but paid little attention to detection and monitoring.
- You worry that your detection deficit disorder (78 days on average) will allow an attacker to lurk.
- You could spend scarce budget on new magic tech but do you have the “mad skillz” to work it? Ehh, not so much.
So what can you practically do to improve your security posture? Three things you can DO
- Cover the basics of patching, hardening, vulnerability management.
- Invest in security monitoring and incident response. Maybe co-managed SIEM or maybe managed EDR?
- Figure out what security functions can be delivered as a service to overcome staffing limitations.
And the one DON’T
- Don’t fall for vendor hype, rush out and buy the shiny new whizzbang security doohickey being touted as the must-have product of the week.
Cybersecurity requires a multi-layer strategy encompassing prevention, detection, and response
. Work with a security partner who can deliver on these three components, augment your team with security expertise, and deliver it as a managed service to make things simple. As the UK government said in 1939 in preparation for World War II, Keep Calm and Carry On
. Good advice like best practices never go out of style.