Enterprise Security for the SMB Budget
Threats and technology have evolved, budgets haven’t
Expanded Cloud use expanded security risks
- Creating anonymous web link to files on a Server behind a firewall wasn’t a concern as it is today with most Cloud accounts
- Email phishing attackers often create anonymous links to Microsoft OneDrive or Google Drive files when they compromise a Cloud email account
Single-sign-on creates back-doors for 3rd-party data breach or data over-reach
- If an Office 365 or Google Account is used to sign-in to a 3rd-party app or website, that grants data access to the 3rd-party. If that 3rd-party is breached, the attacker has a back-door into your data.
- Data over-reach can occur when a 3rd-party has access to more data than necessary. A recent example is Facebook giving 3rd-parties access to your private messages.
Penetration tests were sufficient when most data was behind a firewall, they’re less effective with more data spread across the Cloud
- There’s little value in performing a penetration test on your Office 365 or Google Account
Fortune 500 companies have long enjoyed the latest and most robust Security Information and Event Management(SIEM) technology; leading examples include Splunk Enterprise Security, IBM QRadar, and AT&T AlienVault.
Recently, Microsoft announced Azure Sentinel SIEM and Alphabet(Google) announced Chronicle SIEM platform. However, these new products, following traditional SIEM platforms, are positioned as Enterprise Security products, often requiring 5- to 6-figure budgets over their deployment lifecycle.
As an Entrepreneur, a question I often ask to evaluate disruption is “What new dots exist when, connected with other existing dots, allow for a new solution to exist?” An example answer is, Uber and Lyft weren’t viable solutions until the iPhone and Android existed. It’s not a coincidence that the iPhone launched in 2007, Android in 2008, and Uber was founded in early 2009.
Over the last decade, Google, Amazon, and others have made tremendous contributions to open-source software, used in the largest and most secure datacenters. Mature, robust, open-source software, combined with the existence of the Cloud and lower hardware costs, enables the viability for an Enterprise-grade SIEM solution to now exist at a cost affordable to small- and medium-sized organizations.
Connecting the dots, AIS Managed SIEM provides the following:
1) Collects Security and Event metadata from many sources in one place
Using multiple Cloud/On-premise systems with separate security measures is similar to a bank with a dozen branches that don’t communicate with each other, making it difficult to connect the dots of a thief going from one branch to the next.
2) Enriches metadata
Basic examples include Threat Intelligence Lookups using sources such as Spamhaus, Abuse.ch Ransomware, Tor exit nodes, and adding Geo Location to IP Addresses to assist in flagging foreign activity
Advanced machine learning metadata enrichment through time series anomaly detection and graph database pattern recognition.
3) Visualizes data for quicker and easier root cause analysis
Time is of the essence when a security incident occurs, with a significant difference between stopping an attacker before sensitive data is stolen vs. discovering the breach after the fact.
4) Manages flexible, granular security alerting
Risk and response should align. For example, if an Office 365 Account is compromised from a phishing attack, an email alert could be sent. However, if an Office 365 Administrator account is compromised, an SMS text message alert could be sent.