Author: Andreas Kroier*
The increasing number of cyber attacks poses immense challenges for companies. Innovative approaches such as real-time observability and AI-supported security systems offer a way out.
The IT infrastructure of German companies is under attack: according to the latest BSI situation report, there are around 300,000 new malware variants and 78 previously unknown software vulnerabilities every day. The Bitkom study ‘Economic Protection 2024’ reports similar findings: 81 percent of companies were affected by cyber attacks, causing total damage of more than 266 billion euros.
To avoid these risks, companies need cyber resilience. This refers to an organisation’s ability to protect itself effectively against cyber threats, respond to attacks and maintain operations even in the event of disruptions or failures. This approach is particularly important in industries such as the financial sector.
DORA: Cyber resilience becomes mandatory
These companies face strict regulatory requirements such as the Digital Operational Resilience Act (DORA). The EU law has been in force since 2023 and will become mandatory at the beginning of 2025. It requires financial institutions to design their information and communication technology (ICT) in such a way that it remains functional even in the event of serious operational disruptions.
Implementing these requirements is labour-intensive without the right tools. Financial services providers and most other companies operate in complex environments with many applications, cloud services and third-party solutions. Cyber resilience encompasses real-time data analysis, automated risk management, real-time observability, efficient incident response mechanisms and third-party monitoring.
Real-time data analysis: the basis for preventive measures
Real-time data analysis is a fundamental prerequisite for cyber security. It enables companies to identify threats immediately and respond to them. By analysing current data from metrics, logs and traces, vulnerabilities are continuously monitored and evaluated, especially in hybrid and multi-cloud environments.
Key technologies for real-time analysis include machine learning algorithms that better evaluate large amounts of data from SIEM (security information and event management) systems. They prioritise risks and highlight connections between security issues and operational processes, thereby maintaining system stability even under extreme conditions.
The further development of classic SIEM systems responds to new cloud security requirements. Cloud Detection and Response (CDR) and Application Detection and Response (ADR) are specialised tools for modern IT infrastructures. These technologies supplement or replace SIEM functions with cloud-native security mechanisms tailored to cloud-based applications.
When companies build on this and combine the assessment of vulnerabilities, threats and compliance requirements, they create a comprehensive picture of the situation. Automated response mechanisms immediately translate the analysis results into concrete actions. This can mean that the insights gained are forwarded directly to decision-makers and operational teams, resulting in an effective chain of action. This strengthens the company’s cyber resilience in the long term.
Automated risk management: Faster response times
The use of additional AI processes and automation technologies makes repetitive tasks more efficient, reducing response times to threats. This frees teams from routine tasks and allows them to focus on strategic tasks.
In dynamic IT environments such as hybrid and multi-cloud architectures, automation enables measures to neutralise potential threats in advance. Security solutions such as runtime vulnerability analytics identify security gaps, prioritise vulnerabilities and automatically initiate countermeasures. The automated execution of detection mechanisms marks the transition from reactive to preventive security.
Real-time observability: Early detection and prevention of incidents
Real-time observability is another essential component of a robust cyber resilience strategy. Observability enables complex systems to be monitored efficiently and potential problems to be identified quickly. In modern IT environments, observability provides a holistic view of all relevant systems.
Unlike traditional SIEM solutions, which are primarily based on log data, observability incorporates a more comprehensive set of information into the analysis, such as metrics, events and traces. This holistic monitoring approach is becoming increasingly important, especially in complex infrastructures with hybrid clouds, containerisation and microservices.
With an observability platform, companies continuously monitor their IT and gain a comprehensive overview of applications, networks and components that goes beyond monitoring. Real-time observability thus offers a comprehensive approach to cyber resilience.
Efficient incident response: reduced downtime through AI-supported processes
Despite all preventive measures, security incidents cannot be completely ruled out. Efficient incident response is therefore important to minimise downtime and quickly restore normal operations. AI-supported processes play a central role here, as they detect and analyse incidents more quickly.
They also automatically initiate appropriate measures or provide the IT teams with recommendations for action. AI also makes an important contribution to prevention.
After analysing incidents and patterns, security strategies can be adapted to prevent similar problems in the future, resulting in a more resilient IT environment.
Integrated third-party monitoring: Identifying external risks
An often underestimated aspect of cyber resilience is the monitoring of third-party providers. Companies use a variety of external service providers and applications. This significantly increases the attack surface, as vulnerabilities at third-party providers often have an impact on a company’s own IT security. Some cyber attacks even target typical third-party solutions such as single sign-on services, allowing intruders to infiltrate the internal IT system undetected.
Integrated third-party monitoring allows these risks to be continuously monitored and proactive responses to vulnerabilities to be made. Solutions such as Runtime Vulnerability Analytics identify and prioritise potential security gaps at third-party providers in real time. This reduces dependence on externally provided security information and strengthens overall security.
Conclusion: Cyber resilience as an investment in the future
The combination of preventive, automated and reactive approaches forms the basis of effective cyber resilience and the successful implementation of regulations such as DORA. Organisations must protect themselves against known threats and at the same time be able to respond to new types of attack. Cyber resilience is therefore not a final state, but an ongoing process. This enables companies to improve their security strategy and strengthen their long-term competitiveness – as an investment in their future viability.
