companyzone companyzone

Addressing security sprawl

By David Herselman, Managing Director at inq. South Africa
David Herselman, Managing Director, inq. South Africa.
David Herselman, Managing Director, inq. South Africa.

Many companies still consider cyber security a grudge purchase. What's worse, these businesses often only allocate the necessary funds after an incident or a regulatory change forces their hands. The normalisation of the hybrid work environment has certainly contributed to a false sense of security. Often, organisations think their traditional perimeter and endpoint security solutions are adequate even after migrating their data and apps to cloud environments.

In practice, the cyber security landscape has become cluttered with vendors trying to outdo each other with confusing acronyms and overlapping features. This has resulted in a fragmented array of security solutions. It could be argued that the industry needs regulation of its own to clarify and silo vendors and products. At least then it will be easier for consumers and organisations to get clarity on what they are using and what they are buying. Having said that, this approach could be detrimental to one of the best ways to strengthen a company’s defences – adopting a multi-layered cyber security approach.

Keep on adapting

Even though the hype surrounding machine learning and AI has resulted in decision-makers expecting a "set it and forget it" security solution, the reality is quite different. Detecting advanced persistent threats relies on correlating indicators of compromise (IOC) and subsequent threat hunting to investigate anomalies. For example, heuristic analysis of network traffic might flag an endpoint suddenly uploading data to the internet, which could indicate data exfiltration or simply a user backing up information.

Rather, there is a growing consensus that network traffic analysis (NTAs such as firewalls, switches with NetFlow/sFlow or SPAN), endpoint detection and response (EDR) telemetry, cloud service provider logs, in-house server and workstation audit logs and event logs need to be consolidated and correlated.

A secure access service edge (SASE) solution has almost become a requirement to manage and monitor hybrid workers effectively. Historically, enterprises have achieved this through a security information and event management (SIEM) solution, coupled with an in-house security operations centre (SOC). Small and medium-sized businesses can access similar managed detection and response (MDR) services from MSSPs, though these often do not cover the full scope of services an in-house SOC provides.

Extended detection and response (XDR) solutions attempt to persuade clients to adopt a single solution to address these challenges. However, these solutions are often vendor-specific with limited integrations, whereas SIEM/SOC solutions offer far greater compatibility in data ingestion.

Those companies that take their cyber security seriously combine tools (NTA, EDR, XDR or SIEM), security frameworks (eg, the zero trust reference architecture), regulations (POPIA, GDPR, FINRA, HIPAA and PCI DSS), AI, human threat hunting and user training within an ongoing cycle of continuous improvement.

A tactical response

However, there is no one-size-fits-all solution for cyber security. The key to effective security lies in a comprehensive, multi-layered approach that incorporates the best tools, frameworks and practices.

As a trusted cyber security partner, our approach entails working with leading vendors like Check Point and maintaining a broad range of in-house skills. In this way, we ensure that we can provide tailored solutions to meet the unique needs of each business. By continually evolving our strategies and staying ahead of emerging threats, we help our clients navigate the complexities of security sprawl and achieve a more integrated security posture. 

Share

inq.

inq. South Africa, formerly known as Syrex, specialises in the installation and support of Open Source, Microsoft, virtualised, and hybrid network infrastructures. Our core offerings include a customisable perimeter and connectivity management solutions, paired with tailored IT support. Our extensive service portfolio includes connectivity (VOIP, fibre, wireless, and VPN), cloud solutions (Microsoft 365, virtualisation, hosting, backup, and archiving), security services (firewall, VPN, and security management), and the sales of both hardware and software, complemented by comprehensive remote managed support, both on and off-site.

inq. South Africa holds an ECS/ECNS license from ICASA and is a Microsoft Gold Certified Partner. It is also a specialist in providing Linux Red Hat solutions and Enterprise-grade Firewalls. Holding a 4-star Check Point status as well as being a Fortinet Expert partner. inq. South Arica is an accredited BBBEE company and has clients across the SMME and large enterprise sectors in South Africa and throughout the rest of the African continent.