Vendor Risk Management

5 Things To Consider In Your Continuous Security Monitoring Strategy

Jake Olcott | May 18, 2017

At the outset of building a continuous security monitoring strategy for the purposes of cybersecurity, you first need to understand how data can be compromised. The three main ways are:

  • External attacks (i.e., bad actors breaking into your network from the outside)
  • Insider attacks (i.e., trusted employees or company insiders either willingly or unknowingly becoming the source of data loss, theft, or compromise)
  • Supply chain or third-party ecosystem attacks (i.e., vendors that have access to your most critical data becoming the source of data loss, theft, or compromise)

In today’s security environment, continuous monitoring to actively avoid all three of the above scenarios isn’t just a suggestion—it’s an absolute must. Cybersecurity is an often-discussed topic in boardrooms and C-suites around the world. The alternative to a continuously monitored organization is to be a “compliance-focused” organization—but as we’ve said before, compliance does not equal security. Therefore, it’s safe to say that having a continuous monitoring strategy is not a best practice or a competitive differentiator; it’s simply necessary to operate a successful business.

And while the criticality of continuous security monitoring cannot be understated, the process of building a successful continuous monitoring plan isn’t simple. To that end, we’ve compiled five components you should consider while putting together your continuous monitoring plan.

1. Identify the data you want to protect. 

There’s only so much time and so many resources you can devote to cybersecurity. It’s critical to first determine what data you want to prioritize and what infrastructure in your organization is most important. Identifying this from the outset will help you better articulate your continuous monitoring strategy.

2. Create a process for patching security vulnerabilities regularly.

It’s important to stay aware of vulnerabilities that exist in your network configurations or have arisen from the software applications you are currently deploying. If you stay on top of your current security posture and what kinds of malware and exploits are rampant in your industry, you’ll be able to more quickly patch the vulnerabilities.

3. Ensure that you’re continuously monitoring all of your endpoints.

When someone from the outside is trying to gain illicit access to your data, they may, for example, send a spear-phishing email to employees. This is a great example of why continuously monitoring your endpoints—including desktops, laptops, servers, and other things of this nature—is so critical. If one of your company’s employees was to then click on a spear-phishing link and malware was deployed on your system, you’d be able to address it quickly and securely. Remember: the longer an attack sits on your system, the more likely it is that your data will be compromised.

4. Create a process for continuously identifying changes in standard user behavior from within your organization.

Security measures for potential insider threats are also important to monitor on a continuous basis. First, you must set a baseline for standard user behavior across your organization and understand how most employees usually engage with applications and data in your network.

Can you identify what a typical workday is like for your employees or how engaged they are with applications and data in your network? If not, you should begin working on creating metrics and gathering data on the subject. Once you’re able to do so, you can better create a process to identify any suspicious changes in behavior that could indicate a potential security threat. For example, do you regularly have employees who remotely connect to your network? If not, you’ll want to flag this type of behavior immediately.

Another thing to consider here is whether or not you’ve limited privileges to your most critical data. Can anyone in your organization access information you consider your most private or confidential? If so, you’ll want to implement more stringent privacy standards.

5. Put continuous security monitoring software in place to monitor your third parties.

There are many tools and techniques companies today use in order to continuously monitor how potential security threats get into their enterprise. For example, you can monitor at the firewall or across all of your endpoints to identify malicious code. But what about data that doesn’t sit in your own environment? It is, of course, also critical to look outside of your organization and continuously monitor your third-party environment.

Using a tool like BitSight Security Ratings enables you to see immediately when and if one of your vendors experiences a change in security posture so you can begin mitigating the issue and ensuring that your data isn’t affected by this change. You can also use BitSight to get an idea of a potential vendor’s security posture before you begin working with that company or before it gains access to your critical data.

In Summary

The point of information security monitoring is to protect your organization’s most sensitive data—and knowing what that data is, where that data is stored, and who has access to that data is simply imperative. Beyond that, you have to consider what steps to put in place to reduce privileges to that data and how to protect that data wherever it lives.

This is particularly critical when your data lives outside of your organization. By putting a continuous monitoring plan in place, you will hold your vendors accountable for their actions and make it crystal clear what standards you expect them to uphold.

For more details on continuously monitoring your vendors, download this study conducted by Forrester Consulting on behalf of BitSight: Continuous Third Party Security Monitoring Powers Business Objectives And Vendor Accountability. You’ll learn about the top concerns of IT professionals, which types of risks IT professionals are most interested in tracking and managing, and the disconnect between the desire for continuous monitoring and the types of tools used to gather data.

Suggested Posts

Mitigating Risk in Your Expanding Digital Ecosystem

As time goes on, organizations are taking on more and more new digital transformation initiatives to become increasingly agile and boost productivity — dramatically transforming the number of digital touchpoints employees interact with on...


FBI Alerts Companies of Cyber Attacks Aimed at Supply Chains

Earlier this month, ZDNet broke the news that the FBI had sent a cybersecurity alert to the U.S. private sector warning of an ongoing hacking campaign against supply chain software providers. According to the FBI, hackers are attempting to...


Guide: Fourth-Party Cyber Risk & Management

In today’s interconnected world, supply chains are growing exponentially. As a result, third-party risk has become a big focus for senior management. But what about the vendors that your suppliers rely on and the threat of fourth-party...


Subscribe to get security news and updates in your inbox.