Best-in-class cyber security monitoring tools used to be the preserve of large corporates, but advances mean this technology is no longer out of reach for smaller businesses.
The basics
Before investing in any specific cyber security monitoring tools, SMEs should start by assessing their unique risks and fostering a culture of proactive cyber security.
“Leadership sets the tone, encouraging all employees to make security a priority in their daily work,” says Ed Williams, regional VP of pentesting [penetration testing], EMEA at Trustwave.
With those foundational elements in place, says Williams, Microsoft’s free or low-cost cyber security monitoring tools are a “sensible starting point” for most organisations. Tools such as anti-virus software Microsoft Defender and Microsoft Attack Surface Analyzer provide “essential protections without a huge investment”, he adds.
Large language models in cybersecurity – With generative AI being a possible a game changer for legitimate businesses and cybercrime gangs alike, we explore the double-edged sword large language models present to cybersecurity
Looking beyond the basics, email continues to be the number one vector for attacks. Trustwave’s MailMarshal, for example, layers critical defences like anti-spam, anti-phishing, and URL analysis onto email security. For protecting sensitive data stores, Trustwave’s DbProtect identifies database vulnerabilities attackers could exploit and issues alerts on suspicious access.
“The key is not necessarily having the most sophisticated tools, but taking a layered, strategic approach tailored to your risks. With the right culture and selective entry-level commercial tools, SMEs can build cyber security programmes that punch above their weight,” Williams says.
“When considering endpoint protection tools, it makes sense for SMEs to choose a provider that can offer products that all fall under the same license,” adds Lewis West, head of cyber security at Hamilton Barnes.
Microsoft offers an “all-encompassing package”, says West, with tools able to easily integrate with one another. This could include Microsoft Defender, Azure Data Loss Prevention (DLP), Azure Information Protection (AIP), and Microsoft Entra ID (formerly Azure Active Directory) as a cloud-based identity and access management (IAM) solution.
“Although Microsoft’s products are not necessarily the ‘best-in-class’ for each area, SMEs will often only need to pay for one licence, and deal with one set of support staff,” West says.
The top UK cyber security companies – Investing in the right cyber security for your company is more vital than ever, but which are the top UK cyber security companies right now?
Privileged accessed management
Privileged access management (PAM) gives SMEs a straightforward and cost-effective way to monitor and control the use of privileged credentials and admin logins across the whole business.
These credentials give users the power to execute tasks such as amending critical data, configuring servers, changing security settings or installing software, and they’ve become a target of choice for hackers. Compromised credentials are behind 15 per cent of data breaches, according to IBM’s Cost of a Data Breach Report 2023.
PAM solutions however, are traditionally complex, slow to install, and hard to manage. Many need dedicated hardware and software, specific network configuration, expensive databases, and ongoing maintenance.
Osirium’s PAM however, needs none of these things, says the vendor. No special software is required on user workstations or target systems, according to Osirium. Its tool safeguards valuable account logins by ensuring users only have rights to access the systems they need to do their work, for the shortest possible time, and with the lowest level of privilege.
It provides a single-view management point on what credentials are in use across the business, who has access to them, and exactly what they’re doing with them. This includes the ability to monitor and record all activity live during privileged sessions and create end-to-end audit trails and reporting.
Security information and event management
While a security information and event management (SIEM) system used to be seen as the preserve of large corporates, advances mean this technology is no longer out of reach for SMEs. The issue that remains, however, is that many face the need to invest in multiple point solutions in order to gain insights across the entire infrastructure, which are complex, time-consuming and expensive to manage.
Logpoint Converged SIEM is an operations system that solves the issue by providing monitoring, threat detection, investigation, and response across clients, servers, network systems, cloud workloads, and business-critical applications all on one platform.
This platform can handle large parts of incident detection, investigation and response through automation, or guide IT teams in the right direction by suggesting tangible actions, such as disabling a user.
Logpoint’s security research team regularly creates ready-to-use security content and playbooks that are updated automatically, ensuring SMEs can detect threats and respond efficiently to emerging threats, to enable them to improve their security posture.
Extended detection and response
Extended detection and response (XDR) looks to unify otherwise disjointed cyber security solutions, providing SMEs with robust visibility over an ever-changing and expanding threat surface.
Ed Baker, VP of global channel sales at Trellix, says: “SMEs are increasingly becoming the targets of severe breaches. Smaller organisations are particularly vulnerable as they often hold increasingly large amounts of sensitive data, or offer direct access to larger, more embedded companies further up the supply chain.”
Trellix research has found that organisations with an employee range of 51-200 experienced the most ransomware attacks, for instance. As the tools available to malicious actors expand the attack vectors, SMEs are often finding themselves on the back-foot when trying to adapt.
This is where XDR comes in. It can be used to support these businesses, simplifying the cyber ecosystem, and offering a holistic view of what is happening across security controls.
Trellix’s XDR offering, for example, is an artificial intelligence-powered platform that aims to enhance cyber resilience through “living security”, that is, security technology which learns and adapts to evolving threats.
Threat intelligence is combined with Trellix’s native security controls for endpoints, networks, data, email, and cloud access.
“Equipping businesses with the tools to improve real-time threat detection, investigation, and response, enables SMEs to adjust dynamically and readily to the threat landscape,” says Baker.
Website protection
Bots are increasingly used to attack company websites. DataDome provides fraud and bot mitigation technologies that offer advanced detection methods with ML (machine learning) capabilities, detecting and deflecting bad bots in real-time.
DataDome recently unveiled findings from its bot security report, which found that two-thirds (66 per cent) of websites are unprotected against simple bot attacks, demonstrating a clear urgency for SMEs to implement effective bot mitigation software.
The vendor says its bot mitigation services are highly accurate without compromising detection speed, “marking them out” from other bot protection providers, who often “trade-off” speed for accuracy or vice versa.
Quick and real-time detection improves both website and customer security, gaining customer trust and avoiding disruptive bot interference. SMEs using the technology have direct access to expert solutions engineers.
In addition, DataDome can easily integrate with existing tools, such as SIEM systems. This interoperability improves the ease in which SMEs can adopt their bot mitigation software alongside security infrastructure already in place.
Compliance
Compliance can often be forgotten amid all the other security requirements faced by SMEs.
ImmuniWeb Community Edition is used by SMEs to ensure the security, privacy and compliance of their web and mobile applications and APIs (application programming interfaces), as well as detect phishing threats and monitor the Dark Web.
It conducts 100,000 daily scans and is already serving SMEs based in over 100 countries. ImmuniWeb Community Edition comprises six interlocking online assessments (cloud, email, mobile app, Dark Web, website security and SSL – secure sockets layer). These assessments are designed to verify website and mobile application security and cloud misconfigurations. They also help detect ongoing phishing attacks and data leaks on the Dark Web.
All six tests are accessible in one place at no cost, and do not require registration. For added benefits, such as downloading a comprehensive PDF report, a simple free account creation is all that is needed. The tests are a simple addition to any toolkit, as all levels of the security team can use them, and they are a quick validation of security efforts.
While the demands of cyber security for SMEs may seem daunting at times, adopting these monitoring tools can potentially make the job much easier.
More on cyber security
Keys to effective cybersecurity threat monitoring – A strong cybersecurity threat monitoring strategy that evolves with current and prospective threats is crucial towards long-term company-wide protection