Cyber security: Is there a low-cost alternative for SMEs?

Security information and event management solutions are among the costliest and most likely to be beyond the budgets of many SMEs.
Read time 4min 50sec

According to a leading research company, nearly 80% of all major global organisations experienced at least one cyber security breach in 2019 that was so severe it required board-level attention. Around 20% reported six or more significant breaches during this period.

The threat landscape – or attack surface as it’s sometimes called – has been significantly broadened by the adoption of the latest mobile technologies, cloud-based solutions and deployment practices that deliver unprecedented levels of IT connectivity to corporates and end-users.

Today, organisations are under ever-increasing pressure to embrace connectivity, but at the same time they are expected to meet evolving cyber security challenges while securing valuable, sensitive corporate and client data.

Naturally, cyber criminals have also embraced IT connectivity and employ any number of connected techniques in malware and their criminal attacks.

The market for solutions and systems that challenge these criminals is growing exponentially. It has been defined by Gartner, the research and advisory company, as the SIEM or security information and event management market.

Gartner characterises the SIEM market as one delivering solutions capable of providing real-time analysis of security alerts for early detection of targeted attacks and data breaches. The SIEM market also provides solutions designed to collect, store, investigate and report on log data for incident response, forensics and regulatory compliance.

Over the last decade, the SIEM market has advanced to the point where acknowledged SIEM technologies have evolved and a range of SIEM solutions have been bred, now sold by vendors as software, or appliances, or as managed services.

In South Africa, where many individuals with appropriate, high-level skills and expertise are being targeted by overseas companies, a SIEM crisis seems to be on the cards.

By their nature, SIEM platforms comprise powerful defensive tools, but their power is tempered by a range of issues which, in the modern era where complexity is denounced, tend to make them “as much of a hindrance as a benefit”, according to one industry analyst.

With its primary information source being log data, the SIEM platform is often lacking in context and actionable intelligence and is not the easiest with which to work, say its critics who maintain that “getting meaningful information out is the most difficult parts of SIEM technology".

Importantly, to realise the best results, SIEM solutions need to be capably and correctly deployed and configured, and then routinely managed and maintained. Consequently, organisations opting for SIEM technologies will need to have a team of cyber security experts either on hand (on the payroll) or on call from a third-party specialist.

This positions SIEM solutions among the costliest and most likely to be beyond the budgets of many smaller and even medium-sized enterprises (SMEs).

According to the research firm 451 Research, 44% of global organisations “lack the requisite staff expertise necessary to properly run a SIEM”.

In South Africa, where many individuals with appropriate, high-level skills and expertise are being targeted by overseas companies, a SIEM crisis seems to be on the cards.

In an environment in which the importance of data accuracy, consistency and privacy has never before been more critical, is there a less-costly and perhaps more feasible alternative to accepted SIEM technology?

New developments in the security space point to other options. For example, there is an increase in awareness for a new breed of security systems based on the concept of collaboration or, more accurately, synchronicity.

For too long IT security specialists have treated network security, endpoint security and data security as separate entities. In the ever-developing world of digital technology these – and other – entities need to be coordinated (synchronised) in order for businesses to remain secure.

And unlike standalone cyber security solutions that address specific vectors of attack, the synchronised methodology presents a layered approach to security.

While SIEM technology combines the logs and alerts from a variety of point solutions into a single user interface for managing all threats and security incidents, the synchronised solution’s philosophy is different.

It centres on the coordination of all elements responsible for network security, endpoint security and data security, while providing system-level intelligence, automated correlation, accelerated threat discovery, automated incident response, simple unified management and faster decision-making.

Practically, the goal of the modern synchronised system is to provide orchestrated event management in areas such as anti-virus and malware protection, e-mail security, server monitoring, data encryption, firewall protection, mobile device scanning and more.

This approach overcomes one of the key shortcomings in traditional cyber security environments – the lack of visibility of the “big picture” of holistic network security which must encompass physical, virtual and cloud deployments.

By “connecting the cyber security dots”, architects can now create synchronised security systems that surpass point challenges and facilitate the creation of SIEM-mimicking long-term security strategies.

Significantly, the deployment of a modern synchronised system is often far simpler than a full-blooded SIEM option, as everything is cloud-based and can be outsourced at low cost direct from the provider or vendor.

While synchronised systems do have certain limitations when compared to SIEM systems when it comes to applications for large corporates and multinationals, for SMEs they offer a viable, cost-effective solution, particularly on a managed service provider basis.

In this case, the vendor’s high-level cyber security experts will play key roles in the management of the SME’s solution which will be, by comparison, cheaper to procure, faster to deploy, with an exceptionally low total cost of ownership.

Paul Stuttard

Director, Duxbury Networking.

Paul Stuttard is a director of specialist distributor Duxbury Networking. Currently Cape-based, he has been with the company for 29 years and has extensive experience in the IT industry, particularly within the value-added distribution arena. His focus is on the formulation of future-oriented network optimisation strategies and business development objectives in collaboration with resellers and end-users in Southern Africa.

See also