The leaves are falling, there is a chill to the air, and football season is in full swing. I am already counting down the days to Super Bowl LVIII and look forward to huddling with friends as we analyze game plays. Hall of Fame football coach and legend Vince Lombardi once said that football is not just a game, but “a way of life” — and as a Cyber Security business owner, I can relate to that.
After all, chief security officers and others are constantly playing defense against nation-state and other hackers who mount billion-dollar offenses like WannaCry, Mydoom and others that would make Patrick Mahomes and Justin Jefferson proud. Just as defensive linemen start the play at the line of scrimmage, many organizations initially try to secure their perimeter with basic Cyber Security tools, like a firewall that can keep intruders out by blocking unauthorized access attempts, and updated antivirus and email filter programs designed to prevent, detect, and remove malware and other threats.
The Second Layer of Defense
And similar to the way that linebackers form a second layer behind the defensive line, many businesses work with a Cyber Security solutions provider to implement multifactor authentication. MFA is an account login process that requires users to enter information beyond a password, such as answering one or more secret questions, or entering a code sent to their email or mobile device.
These kinds of defensive plays are aimed at preventing hackers and other intruders from moving beyond a business’ line of scrimmage. But bad actors use a variety of running, passing and trick plays, so organizations need a way to continually monitor their networks for suspicious activity.
Ongoing Security Incident Event Monitoring is a Cyber Security layer that collects and tracks information or data, creating a reliable activity log that can let even mid-size or smaller organizations and their Cyber Security partners detect and respond to threats in a faster, more efficient manner. But what if an intruder is able to pull off an offensive breakthrough anyway, sacking a company’s initial defenses and getting into its systems? At that point, a security operations center may be the safety that prevents the opposition from scoring a touchdown.
A well-designed, scalable SOC service integrates real-time, automated monitoring with 24/7/365 human expert analysis of critical infrastructure device logs. Leveraging industry best practices, SOC response teams can initiate threat mitigation and remediation – either remotely or onsite – providing managed detection and mounting a kind of blitz response that can proactively protect against ransomware and other threats.
Any Defensive Line is Only as Good as Its Weakest Player
During a football game, each team adapts to the strengths and weaknesses of its opponent and will try a variety of approaches to outmaneuver or overpower its opponent. In a similar way, hackers are always on the offense, observing the defensive strategy of their target and responding to it in real time with the digital equivalent of a lateral pass, flea flicker or other maneuver.
Businesses and other organizations are constantly on defense, trying to prevent hackers from scoring a digital touchdown or field goal that could disrupt a company’s operations — potentially damaging its reputation and draining goodwill, while exposing it to legal and regulatory sanctions. But any defensive line is only as good as its weakest player.