Security monitoring technology continuously logs and analyses data from network points and nodes, enabling security teams to detect and respond to incidents faster. This is crucial, but not the full extent of its usefulness. By offering continuous intelligence from across the network and connected devices, security monitoring also offers a range of benefits to other teams in the business, says Tony Walt, co-founder and director of Port443.
“Comprehensive cyber security monitoring includes security information monitoring (SIM) and security event monitoring (SEM) – generally combined as SIEM. It observes areas such as network traffic, endpoint devices, users, and multiple other sources to identify anomalies and raise security alerts. In addition, the implementation of Security Orchestration, Automation and Response (SOAR) capabilities further enhances the value across all areas of the business” Walt says.
“Modern SIEM and SOAR platforms are enriched with user and entity behaviour analytics, and monitor user accounts and devices active in the system. But the data gathered from continuous monitoring also gives organisations insight into patterns of user and network behaviour, allowing various departments to improve efficiencies and potentially reduce the costs of doing business.”
Walt highlights five departments – other than IT security – that can benefit from security monitoring:
1. HR – time and attendance, personal support for hybrid workforces
Comprehensive monitoring of network and endpoint behaviour offers transparency to support HR’s time and attendance tracking, allowing for better monitoring of time spent in-office or working remotely. It also better secures remote workers and supports the trend to offer more personal employee support – without exposing sensitive data, Walt says.
2. IT – identify shadow and rogue IT
Accounting for 30% – 40% of IT spending in large enterprises, rogue or ‘shadow IT’ is increasing, thanks in part to the ease with which cloud solutions can be procured. Gartner reports that over 40% of employees acquired, modified or created technology outside of IT’s visibility last year. Undocumented APIs are proliferating too.
“This increases the risks and costs associated with IT,” Walt says. “With comprehensive visibility into what is running in the environment, IT can reduce vulnerability, improve endpoint detection and response, and shut down unauthorised applications and services.”
3. Finance and business management – cut unnecessary costs
With some surveys estimating that up to half of all software licences are not being used, monitoring and analysing systems and software usage can support IT and software asset management by helping uncover redundant systems, unnecessary subscriptions, wasted licensing and non-compliance with software agreements. “Ultimately, this supports compliance and can help control costs,” Walt states.
4. Marketing – support campaigns and improve data quality
Marketing departments can harness the visibility provided by security monitoring to measure responses to campaigns, and check for valid responses.
“Getting added visibility into the volumes, patterns and types of traffic can help marketers understand whether responses are valid, or whether they have been generated by bots,” Walt notes.
5. Operations and site management
Automated monitoring and alerts can support operations and site management by giving an early warning when sites are up or down due to loadshedding. Visibility of every device on the network also helps site managers to identify insecure connected devices and IoT sensors, and take steps to reduce the risk associated with these.
Says Walt: “These use cases illustrate that cyber security can no longer be seen as an isolated department within the business. Security is the modern business enabler: it touches every department and the right cyber security tools offer benefits to the entire organisation.”