Skip to main content

Cyber Security Risks - Kevin Hawkins

The IT Industry evolves every day, new technologies abound but in the Cyber Security world, whilst we do embrace those new technologies, true innovation is actually very hard to find in that we use the same general principles that we always have done.  Oh I know, local and regional IT companies will champion one technology or another, depending upon which vendor they are affiliated to, whilst true Cyber security professionals have stuck to the principle of risk management, marrying threats, vulnerabilities to assets, and coming up with a risk score for each, before applying mitigations.

So that little rant over, we have come up with what we believe is a true innovation for the SME world.  Protective Monitoring is something that all the major enterprises and indeed, major Government departments attempt to implement.  However, its always been out of the price range of small to medium businesses.  H2 has partnered with a leading supplier of protective monitoring solutions to come up with a model that would make it affordable to all.  Two models in fact, one for the smaller end of the market, and one for the medium end.

So what is Protective Monitoring, and how would be it benefit me?  After all I’m an SME and this all sounds just a bit over the top.

Well, it’s central to the identification and detection of threats to your IT systems. It acts as your eyes and ears when detecting and recovering from security incidents and it enables you to ensure that devices are used in accordance with your organisational policies.

Effective monitoring relies on proportionate, reliable logging and device management practices. This guidance is designed to give system and network admins advice on the logging and monitoring options available on modern platforms.

What use is it to me, I hear you ask?  Well, many incidents have been shown to target individual hosts, from which attackers will attempt to further strengthen their access through lateral movement techniques such as credential theft, account impersonation, use of legitimate network tools or known exploits in outdated versions of network protocols to propagate and compromise additional devices to access additional data and services.

In a cloud environment some of these techniques may be less effective or not apply, however your users still have to access these cloud services and monitoring device activity, health and configuration are still important, perhaps more so, when deciding whether or not to permit access to organisational services and data.

It begs the question, how many of you actually know if your network security devices are actually logging i.e., what logging are the capable of and is logging actually enabled?  Seems a basic question but often when your IT supplier installs a firewall, for instance, they may will not enable logging as they are not carrying out any maintenance of the firewall and know that no one is looking at the logs anyway.

These logs can be critical.  They will tell you if the bad guys are trying to break in, and how often.  Crucially whether they made it in or not.  Many people tell me they believe they have adequate security because they’ve never been hacked.  My response is, ‘how do you know?’.  A stealth attack on a network is designed so that you don’t know if you’ve been hacked or not.  The idea is very often to build a back door into the network so that they can come back again and again.  It is almost impossible to for a human to monitor firewall logs.  A busy network can generate logs in their thousands per hour.  It needs a machine.

A security operations system that includes protective monitoring, can do many other things if required.  It can monitor and correlate your anti malware and end point protection, with the logging.  It can provide threat intelligence and vulnerability assessments.  The list is not exhaustive.

But the real problem here is a return on investment for SMEs.  It’s great that the enterprise environment of Fortune 500 companies and the like, and of course, major central government departments, can afford this, often on an individual basis.  But it’s traditional been well out of scope for SMEs on the grounds of cost alone.

So it’s time for a bit of innovation.  Here at H2 we are partnering up with a couple of other companies to come up with a way where this becomes affordable, especially when coupled with other network administration functions.  In brief, the idea is that we would manage multiple different SMEs via the same environment, pretty much as you do in a cloud environment, and then provide a menu of options to them for protective monitoring and correlation, to include alerting and incident recovery.  Costs would then be shared amongst all and very possibly, the more that join, the cost effective it becomes.

We are very excited about this and more detail will be coming out in the coming weeks. 

For more information, contact Kevin Hawkins of H2 Cyber Risk Advisory Services:

T: 0845 5443742

M: 07702 019060



About the author

Click to Read More About Joseph Reilly

The founder of Joseph Creative, Joseph has been working in business for over 20 years and has gained extensive experience in all elements of owning and managing a business. He has particular strengths in sales, marketing, and business finance. Joseph is a real high flyer with a passion for helping others to be the best they can be. His specialist field is as a Sales and Marketing Director.

Cookie Policy

Find out more about how this website uses cookies to enhance your browsing experience.

Back to top