"I wanna be a lifeguard. I want to guard your life..."
-Blotto 1979
Three of my kids are certified lifeguards. Two have the elite Ellis Lifeguard certification that places like Disney and Great Wolf Lodge require, and the third has the standard Red Cross Lifeguard certification.
You always see consistent behavior when watching Lifeguards at the YMCA, Great Wolf Lodge, or Splashdown. They methodically scan the water they are overseeing, looking for trouble. Then, 15 minutes later, they either get up and move their location or, more commonly, are relieved by another lifeguard as they are rotated across the various pools or water they oversee.
The reason is quite simple. Most of the time, nothing is going on. Sitting and staring at the same thing (and maybe doing it under the hot sun) is boring. That causes even the most conscientious person to zone out. You zone out as a lifeguard; bad things might happen in those attention gaps.
The same is true for trying to oversee your network and endpoint security. No matter how good you or I are at understanding security and trying to monitor what is going on, we are not good enough to do it 24x7x365 on our own. With the advent of advanced EDR/MDR/XDR solutions using machine learning and automation, we can extend our capabilities.
Just as someone might be in distress or drown in a lifeguard's visibility gaps, security is the same. It is tough to see in those dark corners of our networks. It is hard to see bad actors "living off the land" and trying very hard to tiptoe around your security as they map your network and plan their attack. It is hard to see places without agents.
Having a Security Operations Center (SOC) that can oversee your network 24x7x365, having North/South, East/West visibility into all your network and endpoint traffic, and using automation plus a highly trained security staff is the solution. The SOC oversight ensures that no one "zones out" and that there is no place to hide in the natural noise in your network.
I firmly believe that having a SOC that has eyes on your network 24x7x365 is the single most important thing your district can do to dramatically improve your security posture.
If you just have a "really good firewall" and a decent EDR/MDR/XDR type product and don't have that SOC oversight, you are like that stationary lifeguard who will eventually zone out and miss the most important event you are trying to prevent. In today's world, sooner or later, bad things will happen.
CSI has several SOC options that can help close this major security gap in your network security. If you would like to discuss how we can implement SOC oversight for your district, please call us.
-Scott Quimby, CISSP
You must be logged in to post a comment.