Digital transformation can result in companies’ IT infrastructure becoming more expensive and complex, as business digitalisation encompasses all departments, functions, users and endpoints.
By Gert Janzen, product manager at Seacom
This puts pressure on enterprises’ security and resilience to cyber threats, prompting interest in solutions such as security information and event management (SIEM) to identify vulnerabilities and combat potential attacks.
One of the biggest blind spots among business IT leaders is how SIEM is just one part of a comprehensive managed security solution. This blind spot then grows in scope when leaders fail to distinguish the difference between network security and all security within their organisation’s IT environment.
As managed security services become the norm, businesses in South Africa need to consider all the options available and the solutions that bolster resilience.
With so much of enterprise IT moving to the cloud, it only makes sense that security products and services would follow suit. Security-as-a-service (SECaaS) is becoming increasingly popular among businesses as it offers the same principle benefits as other cloud-based services.
SECaaS negates the need for exorbitant up-front investments in on-premises security architecture while enabling organisations to deploy security measures based on their needs or required scale. With many South African companies struggling to hire and retain cybersecurity talent, SECaaS offers access to the experts and knowledge required to support their architectures.
Though many enterprises may not be comfortable with relinquishing control over their security operations to vendors, SECaaS simplifies the management of those operations and encompasses all kinds of measures to protect data and infrastructure.
This includes data loss prevention, network security, continuous monitoring, identity and access management (IAM), encryption, email security and, relevant to this discussion, SIEM. In the age of cloud computing, SIEM is but one piece of the security resilience puzzle.
Given the number of cybersecurity incidents reported in South Africa annually, local businesses cannot afford to sit around and wait for an incident to befall them. According to the South African Banking Risk Information Centre (SABRIC), the country experienced a 22% increase in the number of cyber-attacks in 2023. Just recently, South Africa’s Information Regulator revealed the entity was receiving more than 150 data breach notifications a month.
Companies need to start being proactive about their IT security and for many, that starts with managed detection and response (MDR). A category of the SECaaS, MDR consolidates several proactive security measures such as always-on threat detection, incident investigation, and remediation to give organisations an edge over any potential incidents and add an extra layer of security across their networks.
Many organisations may be questioning whether to choose between SIEM and MDR to improve their security posture, but that question fails to account for the different core functions between the two solutions. While SIEM monitors for and reacts to known threats, relying on a combination of hardware and software, MDR hunts and responds to the unknown while combining people, processes and technology.
The best solution to choose, therefore, is both. South African businesses should deploy a SIEM solution for compliance and monitoring known threats, while an MDR solution for detection and incident response lets them remain proactive in a heightened threat landscape.
Because businesses rely on vendors for their managed security solutions, choosing which vendor to work with should be determined by important factors such as level of expertise, 24/7 operations and response capabilities, and the use of analytics tools that enhance threat detection and mitigation.
MDR vendors also require full visibility into their customers’ networks, which is why businesses have an incentive to work with network wholesalers that can then implement security measures that cover all parts of their infrastructure. By taking a wholesale approach, businesses ensure their networks are fully covered by security implementations and that overall network health is a priority for service providers.
A conversation about what MDR can do for your organisation marks the start of real resilience in the digital age.