You've made it.
You're part of an exclusive group of organisations in your industry who can boast about being Cyber Essentials certified.
However, your cyber security journey doesn't end here.
Whilst Cyber Essentials implements technical controls to reduce the risk of being breached by 80%, you've still got a 20% gap to bridge. It is important to remember that you can never get to 100%. It is impossible to be 100% safe, however, you'd rather be as close to 100% as possible and reduce your risk as much as possible.
It's also worth mentioning that if you haven't achieved Cyber Essentials Plus yet, you should look to do this before looking to bridge the gap further as Cyber Essentials Plus is your next logical step. Before you jump into the Cyber Essentials Plus certification, you should look to complete a pre-assessment as this massively increases the chances of being awarded Cyber Essentials Plus certification.
I know you love to do your research so it's worth looking into the Ultimate Guide to Cyber Essentials which I've created to help you understand the difference between Cyber Essentials and Cyber Essentials Plus as well as knowing whether or not Cyber Essentials Plus is worth it for your organisation.
Assuming you've got your Cyber Essentials Plus certification, let's move forward!
Cyber Essentials provides you with a “point in time” assessment of your organisation but only an ongoing managed cyber security service will keep your systems and data protected on a daily basis.
A great pair of tools which will help you stay protected on a daily basis are SOC and SIEM.
A SOC (Security Operations Centre) is a dedicated team of cyber security analysts who proactively monitor your network and respond to incidents.
SOC's were once a tool only accessible by the biggest organisations but now with virtual SOCs, you don't need full time staff or even an entire facility, it is now possible for smaller organisations.
The key aims of a SOC are:
With a SOC, it doesn't matter what time of the day it is or what type of attack you are suffering, your SOC team are protecting your systems 24 hours a day for 7 days a week. SOC will make sure any emerging threats are monitored and any immediate threats are dealt with.
A SIEM (Security Information and Event Management), is a tool that indicates suspicious activity by setting rules and alerting you if the rules are broke. They can also be used to discover compromised user accounts.
It aggregates and analyses activity from many different resources across your infrastructure as well as collecting security data from network devices, servers, domain controllers and more.
Some key features of SIEM are:
Organisations use SIEMs to:
Put simply,
If SOC was a retail shop, the security analyst would be the employee working the tills and the SIEM would be the till.
Together, SOCs and SIEMS are incredibly powerful as they improve the cyber security measures of an organisation whilst mitigating current risks at the same time.
Every SOC needs a SIEM, the SOC needs the SIEM's intelligence to know what it is protecting your systems against. The SIEM makes the SOC aware of the threat and the SOC tackles this threat.