Attention SMBs! You’re at risk of the same digital threats plaguing global enterprises!
Yes, hackers will target your business regardless of its size. In fact, they may pick your business because of its size; hackers look for the easiest target, which generally means those without the cybersecurity resources to oppose them. Without proper threat detection, log management, and security event correlation that comes with a SIEM solution, your business could be infected for months before anyone realizes…long after the damage has been done.
Is SIEM too complex for SMBs? How can SMBs deploy and manage SIEM solutions? What benefits do they offer?
To get a better perspective on these problems, we spoke with Tyler Hardison, CTO of Redhawk Network Security, an information security services provider.
Here’s our conversation, edited slightly for readability:
Solutions Review: What can SMBs do to take better control of cyber threats?
Tyler Hardison: Focus on the most critical portions of your business. What is it you’re trying to protect?
If you’re using 100% SaaS-based services (cloud), an expensive firewall for your office network is probably not the best use of your money. Secure the data first, then go from there. Knowing what is happening on your network and being able to report on that is the most effective way to determine your most likely threats.
SR: What are the benefits of SIEM (security information and event management) for SMBs?
TH: Knowledge is power, and a SIEM solution takes logging data from all of your different systems and correlates it to determine if a threat exists on your network. A SIEM can give you a leg up in knowing the threats and vulnerabilities within your network.
In most cases, I recommend that you hire a company to manage your SIEM for you. Otherwise, consider hiring a security analyst who can manage the SIEM on a consistent basis. SIEMs do require care, feeding, and analysis to be effective within your environment.
SR: How should SMBs do to prioritize cybersecurity with limited resources?
TH: Educate yourself on what the likely threats are to your business and the assets/data you’re trying to protect. You can do this via conducting a Risk Assessment. A good Risk Assessment helps you to identify potential holes to your security model. They’re not always easy, so we recommend that you hire a third party to perform your initial assessment. You can then learn the process and update it regularly (at least annually) or have the vendor assist. Either way, risk is a moving target and should be continuously assessed to make sure that the attack vectors or your environment haven’t changed significantly over the previous period as to cause a new security deficiency.
SR: What do you predict for SMBs and SIEM in 2019?
TH: SIEM will continue to cement itself as a must-have security tool. We’re not seeing much in the way of new innovation around SIEM itself, so those who have an entrenched product are unlikely to switch vendors. Since the management of a SIEM is not a simple process, nor is it automated, we’ll see an increase in SMBs opting for managed services over the hiring of staff to maintain their security infrastructure.
I’d like to see a more consolidated approach to the security landscape as a whole, such as single-pane-of-glass solutions that combine the security infrastructure to make management and monitoring simple. A few vendors are already working on this and we’re eagerly awaiting to see them come to fruition.
Thanks again to Tyler Hardison, CTO of Redhawk, for his time and expertise!
As Chief Technology Officer at Redhawk Network Security, Tyler Hardison, CISSP, PCI-QSA, CMNA, plays a key role in leading new product strategies, initiatives, and is responsible for developing technology solutions and service offerings for clients. Tyler is highly regarded as a hands-on technologist with a strong focus on regulatory issues, program management, and secure implementation. With his extensive knowledge of evolving cybersecurity threats, Tyler leads the development and execution of innovative, robust, and secure information technology environments for organizations of all sizes. Tyler is a 20-year technology veteran, with 12 years of experience in the financial services industry.
Latest posts by Ben Canner (see all)
- Forecast: The Gartner 2019 SIEM Magic Quadrant - May 17, 2019
- LogRhythm Releases LogRhythm Cloud—a Cloud-Based SIEM Solution - May 16, 2019
- The 20 Best Cybersecurity Books for Enterprises in 2019 - May 14, 2019