With the holidays coming up everyone is looking to relax and spend time with their friends and families. They will be able to stop thinking about work for a few days and take the time to really unwind. The downside is that, unfortunately, threat actors do not take a vacation. Networks continue to be vulnerable when no one is watching them.
Network security should not be seen as a 9 to 5 job. With attacks coming in from all over the world, no one can predict on what day and at what time an intrusion attempt will take place.
How do I manage this?
The first option is to have your tools alert you when something is going wrong. With the proper processes in place, an analyst can be alerted on days off, or off-hours, to log into the toolset to start taking care of that alert. This can be accomplished with the correct alerting tools in place, a way to access your network remotely, and processes surrounding handling an on-call schedule. One major downfall of this method, however, is that many tools error on the side of excessive alerting. They’d rather give you a false positive than miss a real positive. So you really need to configure and dial-in your alerting tools to give you only the most probable real issues. This is a moving target and an ongoing process.
The second option can be more expensive, but arguably the most effective. Keep a 24/7 staff of security analysts who work in shifts. The benefit you gain with this is that you constantly have a revolving door of highly trained analysts monitoring your network and mitigation tools, ready to tackle the next issue as soon as it pops up. The analysts are always fresh and ready for the fight. The huge downside is that security professionals command a higher salary due to the extreme demand, and running those salaries 24/7/365 is even pricier.
The solution to this conundrum is to engage with a good managed security service provider (MSSP). They will be there when you cannot be.
MSSP? Why would I pay for that when I can just hire someone?
The best MSSPs bring highly trained individuals to your defense. They receive and triage your alerts. Best-in-class MSSPs will even respond to your incidents for you. And this all happens with an SLA that is around the clock, every day, serving your needs.
Remember — you are most likely not in the business of securing IT. You’re in the business of making widgets, serving customers, or otherwise turning a crank to make money. Outsourcing things that aren’t in your wheelhouse makes the most sense. You’ll pay less in the long run, and you’ll be far more secure.
And, oh yeah, they operate to your specifications — always there, ready to act.
Don’t let yourself say, “I’ll enjoy my weekend and just see what happened on Monday.” Configure your alerts. Prep your people. Tune your tools. And be honest with yourself — if you’re not prepared to cover it alone, get help from a MSSP.
Whatever you do, remember that a silent night is not always a safe one.