In part 3 of this series, we will review the security solutions that make up our Best list. The Best list outlines nearly all of the solutions that we feel an organization should utilize to reach a maximum level of cyber security posture.
In part 1 we reviewed our short list of security solutions to implement as a baseline.
In part 2 of this series, we reviewed our Better list of solutions. If you have not read part 1 or part 2, we recommend reading each before reading this article.
The solutions that make the Best List:
- Antivirus – especially a next-generation antivirus product
- Endpoint Detection and Response
- Hardware Unified Threat Management Firewall
- Air-gapped backup
- An Email filtering solution
- Cloud-server backup (such as backup for Microsoft 365)
- Secure Access Service Edge (SASE)
- Privileged Access Management (PAM)
- SIEM with retention
- Security Operation Center type service
The Best list includes a Privileged Access Management (PAM), SIEM with retention, and a Security Operation Center type service. You could make the argument that SASE and PAM should have been swapped, with SASE going on the best list and PAM going on the better list. The reason we added SASE to the better list was due to the rise of hybrid work and left PAM off to not overwhelm the better list with solutions. We have to remember, the lists that we put together are not hard lists. If there is a solution that the organization feels would provide value, then roll it out. With that, a Privileged Access Management (PAM) solution allows an organization to remove local administrative rights from end-users. This is important as local administrative rights allow users to install software and change system settings. Most of the time, organizations do not want to stop users from installing software – but allow only approved software, such as productivity software but block other software, such as games. With a PAM solution – you can manage what is able to be installed and not as well as what settings the user can interact with on the system. PAM allows you to remove local administrative rights but manage administrative privileges in a just-in-time type format – when the user is trying to perform an action that requires administrative rights, a system admin can intercept that request, review it, and either approve or deny it. This allows the organization to create a balance between usability and security.
Next, on our Best list, we recommend deploying a Security Information and Event Management (SIEM) solution with log retention. A SIEM solution is a log aggregation tool. It ingests logs from servers, desktops, firewalls, security software, etc., and allows you to correlate events that are occurring in your network. Many SIEM tools allow you to create alerts based on parameters so a person does not need to be physically looking at the logs all day. We recommend pairing the SIEM solution with log retention so that historical data can be kept and reviewed in the event a security incident occurred. SIEM solutions tend to be somewhat complex and they require a special skill set to setup, manage, and review. This is why we also recommend pairing the SIEM solution with Security Operation Center (SOC) type service.
If you have security personnel on staff that understand how to use a SIEM solution, excellent, but most organizations in the SMB space do not have the budget to hire such individuals. By leveraging an outsourced SOC, an organization gets the benefit of many high-level security individuals that are trained in SIEM and security products. The SOC team reviews the data gathered by the SIEM, will help set up alerts, and reach out if an event is discovered. Many SOCs also provide actionable guidance on how to remediate the threat. A SOC service is similar to an organization that provides managed services – you know you need IT assistance but do not need (or have the budget for) a full-time IT person/staff. SOC is no different.
And there we have it. Over the course of the past three blogs, we have reviewed what we feel is our short, better, and best list of cybersecurity solutions an organization should utilize to increase its overall cybersecurity posture. Any technical people reading this blog series may point out that we did not cover other cybersecurity solutions, such as DNS filtering, Data Loss Detection/Prevention solutions, or Security Orchestration, Automation, and Response (SOAR) solutions – and they would be correct. There are dozens upon dozens of additional security solutions available to organizations to deploy. Each fills its own gap. We covered the list of solutions that we did as we felt that if they were deployed at an organization, it gave them a great start and allowed them to work towards a more complete cybersecurity model. This series is meant to show you the list of solutions that are available and how they can benefit businesses like yours.
How is your state of IT? Call Us: (855) 551-7760 with any questions.
