Threat monitoring is an essential practice for any security program, and there are many approaches that can be taken. But coming up with the right strategy to fulfill this function can seem daunting with so many options available. It can be boiled down to the same set of requirements that drive just about any other IT function: people, process and technology.

Creative Staffing

Once you figure out the people strategy, the rest of your approach will fall into place. Who will serve as your watchers? Threat monitoring and analysis is still a people-driven function. Sure, there are technologies that automate pieces of it, and cognitive security is a huge factor. But we’ll never eliminate the need for human threat analysts to review activity on a network and determine whether sensitive assets are secure. This capability can be staffed through internal headcount, leveraging a service provider or using a hybrid model.

Staffing a security operations center (SOC) with your own security experts will give you the most control over the function and workflows. This is a challenge, however, given the skills shortage and the increasing need to run 24/7 security operations. Security leaders often need to get creative, assigning team members to roles that maximize their individual skills and better suit the organization’s complex and specific needs.

Co-Managed SIEM

A managed security services provider (MSSP) can provide 24/7 threat monitoring as well as the resources and expertise required to fulfill this function. Using an MSSP is more cost effective than building the function internally. The traditional MSSP model puts the service provider in the driver’s seat, enabling it to deliver security information and event management (SIEM) services to many customers at once through a large-scale platform.

While this can greatly benefit organizations seeking to maximize security investments, it does limit the extent to which organizations and security teams can control, customize and monitor this function.

A Hybrid Approach to Threat Monitoring

For the reasons explained above, the hybrid approach to threat monitoring is gaining a lot of popularity in the marketplace. Industry analysts have started referring to this model as co-managed SIEM. This hybrid approach allows an organization to tune and tweak its own technology universe — the SIEM — to its specific environment and characteristics.

While the 24/7 threat monitoring is staffed by a service provider, this approach enables organizations to observe and influence the process and use cases. With the emergence of cloud-based SIEM solutions and more scalable service offerings, the hybrid approach is becoming much more accessible to the market.

Any of the above approaches are perfectly viable when it comes to threat monitoring. It really depends on your budget, the expertise available to your team, and your desire for transparency and influence over the program. If you decide to adopt an MSSP, consider its ability to meet your needs today as well as its potential to grow and mature with your security program over time.

Register for the webinar: Are the Right Eyes on Your Network?

More from Intelligence & Analytics

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today