Recent updates to regulatory compliance standards such as PCI DSS, FISMA, GLBA, SOX, ISO 27001 and HIPAA require organizations to monitor their networks in real time. The Federal government is also considering standards that would apply to all organizations that maintain sensitive data that will likely include monitoring requirements as the almost daily reports of new data breaches have proven that it’s not IF you have a data breach, but WHEN. IT Security experts agree that the number would be far higher if all undetected breaches and cyber attacks became known.
You might ask if a cyber attack is virtually inevitable, then why require monitoring? Many attacks could have been prevented if they had been detected before access was gained because they rely on running scripts that take time to find a vulnerability to provide them access to the network. Endpoint protection such as antivirus and firewalls often fails when a known malware or attack signature is modified and they no longer recognize it. Monitoring can detect anomalies that can be quickly investigated to determine if the attack can be stopped or immediately start remediation if access has been gained.
A critical component of network monitoring is the human element. It doesn’t help you to put monitoring in place if no one is paying attention to the alerts (just ask Target who reportedly ignored alerts that could have lessened the impact of their recent point-of-sale breach). You will also want resources available who can screen out false positives and take action when needed. For most organizations this requires outsourcing as security expertise requires ongoing training and you would need a security team to achieve 24/7/365 monitoring requirements.
There wasn’t a solution that included the human component that was feasible for all of our clients, from small business to enterprise – so we built our own.
If you have questions about your monitoring compliance, how monitoring could benefit you even if you aren’t required to do it, or how it would work in your network, give us a call at 800-834-7420 and ask about ProVision.