- July 7, 2020
- Posted by: Pat Riot
- Categories: CyberSecurity, Healthcare, Security Operations
If cyber security has been keeping you up at night, you might just be sleeping on it the wrong way. Cyber security doesn’t have to be this arduous and difficult thing that is challenging to understand. We haven’t touched on explaining how simple cyber security has become. Sure, the market is saturated with over 3500+ “cyber security vendors” and the choices are overwhelming with each company doing something slightly similar, slightly different. However, a saturated market breeds competition and competition breeds top tier performance in order to survive. With this post, we want to try and explain some of the biggest questions we have received and some of the recurring trends that we have noticed during our outreach.
Laying down the basic framework of what cybersecurity entails in the modern era can be as simple or as difficult as you’d like to make it. An interesting thing to note is that the level of understanding our customers have regarding cyber security varies greatly. However, the level of expectations our customers have regarding their cyber security team(s) is universally the same. It should work 100% of the time. Reasonable right? Well why don’t more businesses have managed security service measures in place? It has come to be our understanding that it is one of two reasons:
- Companies haven’t encountered a cyber-attack before so why would they need it, or they think their IT team/provider takes care of it. (they don’t)
- Companies simply think it costs too much and they won’t have the overhead for it.
The biggest misconception we have come across is the level of understanding into what providers like Verizon, Amazon, Ameriprise, Aurora, Fortinet, or other large corporations provide. Yes, you can get a complete list of security services from them. And yes, you will pay large corporation prices. Not to mention you will be just another large corporation client number. But god forbid anything were to go wrong and you try and get in contact with them, or you have a simple question that you’d like answered, or you are growing your business and need additional assistance. Major corporations make it near impossible to get those things done unless you have a blank check signed and tell them what you need. On the other hand, a small company might not have the resources available to support your growth or fully secure your resources for a reasonable cost. That’s where competition comes into play. Somewhere in the middle is your ideal managed security service.
What sets us apart from our competition is we are one of the first managed security service providers to combine Endpoint Detection, Managed Detection and Response (MDR), & SOC as a service together in order to provide the most robust security software that is scalable to our clients’ future. Endpoint protection provides an anti-virus software that combines the intelligence of AI with the computing power of machine learning to allow users full access to their work but securing the system if the user happens to go somewhere, they aren’t supposed to. Managed detection and response take endpoint protection to the next level. Even though it is relatively self-explanatory, the complexities into the threat hunting services it provides can become convoluted. MDR is especially useful for those companies who DO have either an in-house or outsourced IT teams because we work in conjunction with them supplying them with the information that not only increases their productivity and efficiency but minimizes downtime and potential loss. Lastly, SOC as a service provides the human oversight to manage and monitor the logs, devices, cloud(s), network(s) and other vital components of a network. A SOC provides the resources to educate employees and focuses on “intelligent adversaries” all while easing the burden of compliance regulations across multiple industries. (PCI DSS, HIPAA, SOX, GDPR, GBLA, FISMA, CCPA, & Breach laws in all 50 US states)
So, what is the difference between IT and Cyber Security?
To begin, your basic IT solutions providers are who/what are required to keep you and your business connected to the internet. In short, IT teams handle the processes that tell computers how data is transferred or sent daily. Cyber security ultimately deals with the protection of that data. Let’s think of a pizza. In this analogy, the pizza is your business and the network it relies on. Domino’s is your IT provider cranking out thousands of pizzas all day to perfection. The toppings are basic network security – the sauce is your VPN (virtual private network), the cheese is that SSL lock ticket you (hopefully) see on your URL, and the peperoni is a basic firewall. However, the most overlooked step between you placing the order and receiving that delicious pizza is… the box. No one wants people’s fingers in their pizza, let alone have someone take an entire slice! The box is the security, it is the protectorate of what you hold most near & dear, your data. We are the pizza box. The pizza box is a relatively inexpensive cost. Especially when compared to the total cost of the pizza, yet it is imperative in order to ensure quality.
So what do I get?
Sticking with the pizza analogy for simplicity’s sake, we offer 3 different order combinations. To start out, you get some bread sticks (what we call endpoint protection.) As stated before, endpoint protection is a software that essentially blocks traffic that it interprets as harmful or malicious. You as the administrator, obviously have ultimate say & control over what traffic flows through your network. Next you get the combo, the breadsticks and a pizza box! Not only are you receiving the Endpoint Protection as standard from here on out, but you also get the perks of the pizza box. A managed security team looking over personal identifiable/healthcare information (PII/PHI), locking it down and managing the network. Lastly, you could get the whole meal deal. The breadsticks, the pizza box, AND the chocolate cake!! The whole meal means the peace of mind of being fully compliant to whatever regulations you have to abide by, 24×7 continuous monitoring, a team of specialized security engineers dedicated to your business’s network, quarterly penetration/vulnerability tests, cyber training, threat assessments, vulnerability scans and much more.
Hopefully we all like pizza and that resonated with you. What resonates with me the most, what drives my security passion is little jokes that can be made about cyber security. For instance, Domino’s offers carry out insurance on their pizzas. No matter the reason, bring it back and they’ll make a new one. It’s not the same in cyber security. We don’t get ‘re-dos.” As a matter of fact, it’s actually the opposite. When we deploy a software, not only does it have to work. But it must work perfectly, the first time. Businesses have the option to buy cyber insurance. But they don’t. They don’t even attempt to fortify their networks beyond the initial set of from their IT provider because they simply don’t realize its importance. Any no good 2-bit hacker could spend a day and get past the rudimentary network architecture and security solutions most small-medium sized businesses have in place.
We would like to change the narrative of cyber security all together. Because it doesn’t have to be difficult, it doesn’t have to be outrageously expensive, and answers to your questions doesn’t have to become convoluted. We are real people fighting a real problem that really does affect us all. If you would be interested in a second opinion, a conversation with your security team and ours, or just a free security consultation please don’t hesitate to reach out by emailing us at [email protected], calling 703.297.4405, or use our website contact form.