What is Threat management?
Put simply Threat Management is the automated monitoring and analysis of all of your IT systems' logs to detect unusual behaviour by your networks, users and services, which could be attackers looking for vulnerable entry points to allow them to access your data.
How we got here?
Threat Management is a fairly new discipline in Security Engineering. It came about because most institutions simply do not have the capabilities to establish and maintain a watertight infrastructure.
Security has become so complex that even large companies are lost. 15 years ago, a good firewall and trustworthy, knowledgeable administrator were all that was needed. Then intrusion detection systems were introduced; these needed highly trained staff, but the number of alerts became overwhelming, and the staff ended up just ignoring or allowing most of them.
The realisation gradually dawned that the threats weren't just external - every client on the network was a potential source of malware and viruses. Platform providers responded by providing more and more security controls and tools for automation. Each company had its own tools, none of which worked with the others. There are no security specialists who know all of them, just people who specialise in Cisco, Checkpoint, Microsoft... and on such huge salaries that public authorities can not afford them any more. Many auditors are aware that there is a big backlog of tasks, but are bound to silence by contract.
All of this has led to companies training people to use monitoring tools to try to detect cybersecurity breaches before they cause serious damage. Managed security is the watchword today. There are vulnerabilities all the time at all levels, more and more zero days as new and vulnerable components are introduced, and the infrastructure needs hardening to raise barriers in front of them. However these companies are struggling to fill a rapidly widening gap.
This is where Threat Management comes in. It discovers unusual behaviour in your networks, users, and services. We analyse your logs and find the traces that attackers leave behind them when testing for the next vulnerable entry point. Automation is key. We set up your environment with best of breed threat management technology.
Threat Management is essential to limit damage to your company. It also provides information about the particular risks that apply to your business, allowing you to make informed decisions about your security budget. It gives you and your customers the security that you need to do business in an increasingly complex digital world.