Your Cyber Essentials Journey...
You've made it.
You're part of an exclusive group of organisations in your industry who can boast about being Cyber Essentials certified.
However, your cyber security journey doesn't end here.
Whilst Cyber Essentials implements technical controls to reduce the risk of being breached by 80%, you've still got a 20% gap to bridge. It is important to remember that you can never get to 100%. It is impossible to be 100% safe, however, you'd rather be as close to 100% as possible and reduce your risk as much as possible.
Not achieved Cyber Essentials Yet?
It's also worth mentioning that if you haven't achieved Cyber Essentials Plus yet, you should look to do this before looking to bridge the gap further as Cyber Essentials Plus is your next logical step. Before you jump into the Cyber Essentials Plus certification, you should look to complete a pre-assessment as this massively increases the chances of being awarded Cyber Essentials Plus certification.
I know you love to do your research so it's worth looking into the Ultimate Guide to Cyber Essentials which I've created to help you understand the difference between Cyber Essentials and Cyber Essentials Plus as well as knowing whether or not Cyber Essentials Plus is worth it for your organisation.
Assuming you've got your Cyber Essentials Plus certification, let's move forward!
How do you improve your cyber security after achieving Cyber Essentials Plus?
Cyber Essentials provides you with a “point in time” assessment of your organisation but only an ongoing managed cyber security service will keep your systems and data protected on a daily basis.
What is SOC?
A SOC (Security Operations Centre) is a dedicated team of cyber security analysts who proactively monitor your network and respond to incidents.
SOC's were once a tool only accessible by the biggest organisations but now with virtual SOCs, you don't need full time staff or even an entire facility, it is now possible for smaller organisations.
The key aims of a SOC are:
- Detecting and responding to threats
- Protecting data held on systems and networks secure
- Enhancing cyber resilience
- Identifying and responding to criminal behaviours
- Understanding user behaviour to improve future technologies
With a SOC, it doesn't matter what time of the day it is or what type of attack you are suffering, your SOC team are protecting your systems 24 hours a day for 7 days a week. SOC will make sure any emerging threats are monitored and any immediate threats are dealt with.
What is SIEM?
A SIEM (Security Information and Event Management), is a tool that indicates suspicious activity by setting rules and alerting you if the rules are broke. They can also be used to discover compromised user accounts.
It aggregates and analyses activity from many different resources across your infrastructure as well as collecting security data from network devices, servers, domain controllers and more.
Some key features of SIEM are:
- Visual dashboard for your security system.
- Data is consolidated from various sources through event log management
- Boolean logic rules are used to add intelligence to raw data and correlate events
- Security events are analysed and automatically notifies problems in real time.
Organisations use SIEMs to:
- Detect cyber security incidents by collecting logs from all data sources across your network and triggering alerts from suspicious activity.
- Regulate compliance
- Allow cyber security specialists and analysts to handle the suspicious activity.
How do SOC and SIEM work together?
If SOC was a retail shop, the security analyst would be the employee working the tills and the SIEM would be the till.
Together, SOCs and SIEMS are incredibly powerful as they improve the cyber security measures of an organisation whilst mitigating current risks at the same time.
Every SOC needs a SIEM, the SOC needs the SIEM's intelligence to know what it is protecting your systems against. The SIEM makes the SOC aware of the threat and the SOC tackles this threat.