loader

Why Security Detection is important

Have you ever wondered why security detection is so important? Here is a practical example.

A few months ago, I went for a run. I usually use the garage door when leaving the house. An hour later, when I got back home, I found the garage door was open. Well, guess what? I forgot to close the garage door! And my house was vulnerable throughout that period. Sounds familiar, right?

Luckily it was only for one hour and nothing happened during this period. However, this incident made me think of other terrifying scenarios . . . this could occur when we all leave the house, such as going to a park for a full day. Or possibly while travelling outside Melbourne!

While my home has a door that secures it, that proved to be not enough. I needed a monitoring capability to monitor when the door is open and alert me when this happens.

I jumped on Amazon and as expected, I was not the only one who had had this problem before. I found there are devices you can attach to your garage door that will log whenever the door is open and closed. The device will also send you an alert if the door remains open for 15 minutes, so you can respond by getting back home to close it.

The above is a demonstration of security control (garage door), security monitoring (device logging when the door is opened and closed), security alerting (the door was open for more than 15 minutes) and incident response (get back to close the door).

There are other security aspects in all our homes. We all have locks on our doors; that’s another security control to protect your home from strangers getting in. If you install one of the devices that will alert you if the door is open (door sensor), that’s a security monitoring which will alert you if the door was open and someone managed to break through and get in your house.

If you have cameras installed in your home, it means you can now look at the recording and analyse what has happened. It could be one of your kids or an intruder. This is equivalent to security analysis.

In addition to the door sensor and the cameras, you may have motion detectors installed. When the sensors detect a motion, they’ll alert by giving a siren. However, you can go one step further and integrate your alarm system with your telephone to call the police directly. This is an automated response.

The same thing goes for the garage door. I could buy another device that automatically closes the door if it remains open for more than 15 minutes. Then, I would have an automated response functionality enabled to protect my home from potential threats.

Our homes are like our networks. We all have security controls deployed in our networks, such as firewalls, email gateways, intrusion prevention and detection systems. However, they are not enough if you don’t monitor what’s happening in your network. At some point, like the open garage door example, your security controls will not be enough; you may misconfigure them or an advanced threat may bypass them.

Furthermore, if you don’t collect logs from your network, you’ll never be able to analyse what has occurred when you receive an alert. And if you don’t have a security orchestration, automation and response (SOAR) platform, you’ll never be able to automate responses and protect your environment in a timely manner.

I am not the only one recommending the above security solutions. The ACSC’s ‘Strategies to Mitigate Cyber Security Incidents’ publication recommends using Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) software to centrally log and analyse system behaviour to detect compromises, while also facilitating incident response.

Thanks to my garage door monitoring device, I now enjoy running without worrying that I may have left the door open! I highly recommend that all organisations consider that analogy and invest in building detection and response capability to better protect their environment and assets from hackers. Without that, they’ll be flying blind and they’ll never be able to put their hands on their hearts and have confidence in their security posture.

Click here for more information on cyber security in the education sector.

Written by: Mouaz Alnouri