If the business you work in has yet to establish a Security Operation Centre, with cyber incidents and data breaches on the increase, this aspect of data security is hard to ignore.
You likely already have some of the basic features of network security: firewalls, antivirus security software, and maybe even some company policies and measures to boost security awareness.
However, your information security measures and data security solutions as they are currently set up are not organised in any formalised manner; everything is haphazard in its approach. Management has finally decided to wake up and recognise that there is a need for a far more standardised network security format. The task has fallen to you; they need you to set up a brand new SOC. So, where do you start?
Before you begin weighing up different security software products, there are several questions surrounding vulnerability management and data security that you need to answer:
In-house capability - First look at your human capital. How are the security skills of your staff? Do they have the right level of security awareness and experience to handle creating a solid security operations centre? If not, you may need to hire a Managed Security Service Provider (MSSP) to help you instead, and determine what sort of framework you need to implement in order to counter data breaches and other forms of security breach.
System Maturity - What is the current state of your systems? How are your security settings? Are you up to date with the latest information security threats? Only after you’ve determined your current capabilities can you begin to construct a data security plan to improve it, and then start putting in place appropriate data security solutions.
Priorities - The types of risks you face can vary by industry. Identify what the biggest risks are to your information systems and business and identify which security software tools can help you. Data governance, safe data storage, special measures for sensitive data and data privacy are likely to be top concerns.
Budget - How much money do you have available to spend on security software, data protection and vulnerability management? Are security products with advanced security settings within your budget? There are several factors that you’ll need to consider in order to determine an adequate data security software budget. Typically, it makes sense to spend approximately 15-25% of your IT budget on security. While it can be difficult to convince your board to allocate the necessary security software funding to implement appropriate measures, there are good ways to convince them.
Infrastructure or Cloud - You may not need to purchase expensive hardware and advanced security software to manage your in-house systems and enhance data protection. If you are managing most of your infrastructure in the cloud, you can reduce your spend on up-front security software spend by adopting a pay as you go approach.
Staffing - How much can your existing staff handle? If you purchase systems that are too complicated, will you need additional staff to run them? How widespread is cybersecurity knowledge? There are solutions which focus on automation to reduce your overall staffing costs, so your existing employees can work on more valuable tasks.
Supply chain - A system is only as strong as its weakest link. Determine whether your security software suppliers are taking security and data protection as seriously as they need to be. This is particularly important if you are making use of cloud-based SaaS software. It’s important that your providers don’t inadvertently provide an easy way of access into your systems.
Choosing the best tools
Now that you’ve determined what sort of security software products you need, you’ll need to determine a method for choosing the best security suite for your information systems and business.
Cost and return on investment - Cost, while important, should not be your final deciding factor for your security suite; it’s about how effective the tools will be and if they work well with each other. Determine how much security you get in exchange for what you’re paying.
Data Architecture - Will the tools you choose work well with your existing data center and architecture? Or is it designed for a different type of system?
Functional scope / automation - How much are you getting with this package? Does it provide automated security monitoring, or are you simply receiving more alerts where you need to take action. Note: just because something is automated and means you can leave it alone; you still need to remain vigilant.
Deployment options - Can these systems be installed on premises, or is the security suite they cloud-based? Do they offer managed services?
Integrations - What sort of integrations exist for these tools? Can they connect easily with your existing software or will you need to come up with custom solutions?
Configuration and customisation - Will they work straight out of the box? Will they help you meet your unique information security management requirements? How much customisation has to be done to make them work properly with your systems?
Reporting and insights - The ability to visualise any unusual traffic is a key element of vulnerability management and network security. Do the tools provide good reporting for vulnerability management purposes? How about suggestions for how to remediate any breaches?
Compliance - At a basic level, will these tools ensure that you are compliant with GDPR or other data protection regulations, enabling you to meet your vulnerability management responsibilities? These tools should make it easier for you to meet your obligations in areas such as customer-facing application security, data access, data governance, data breach detection and safe data storage.
Scalability - If your company or system grows, can the security tools grow with it?
End-user experience - Ease of use is important. Does the security suite provide roadblocks which might cause people to use workarounds and bypass network security safety mechanisms? It’s important to consider the human element, especially since people are the weakest link in any security system.
Product roadmap - Do the security software products provide clear documentation about how they work, and what are the expectations that using them will bring? This includes understanding how well they integrate with each other. Is there a clear plan to continue evolving the product to adapt to new security and vulnerability management challenges?
Delivery/implementation model - Are these tools designed to work well with your current working models, data center and information systems?
Now that you’ve selected security software products, before you commit it’s often a good idea to test them out to see if they work well for your purposes. Consider setting up a trial run before fully implementing a new system
Finally, you’ll need to make sure you have a realistic plan for implementing new security software systems and ensuring appropriate vulnerability management procedures. Make sure you assess the impact on your business operations and availability of resources to make it a success.