Jochen Koehler, Vice President EMEA Sales at Ontinue (Source: private)

IT protection is becoming more and more elaborate in view of the increasing number of cyberattacks and different types of attacks. Unfortunately, companies do not always recognise whether their security experts are overloaded. According to Ontinue, leading expert in Managed Extended Detection and Response (MXDR), companies recognise by five signs that they need external support.

The IT security situation is serious: new threats are constantly emerging from cyberspace. At the same time, the attack surface of companies grows with every new endpoint, server node or location – a digital Eldorado for hackers. CISOs and their often small defence teams are usually overwhelmed, and maintaining a true Security Operations Centre (SOC) is usually too expensive for many companies. External MXDR services solve this dilemma, but when exactly are they worthwhile? Ontinue has prepared a five-point checklist to answer this question.

1. general alarm fatigue sets in

IT logs all of the myriad processes in systems and applications. However, the number of events originating from various sources can add up to hundreds of millions – every day. Of course, it is impossible to analyse them by hand, which is why security experts rely on tools that warn them when something is unusual. Of course, not every report is a hacker attack, but the investigation is always time-consuming. After a while, therefore, a certain fatigue sets in with alerts, and so the risk increases that internal security experts overlook critical vulnerabilities.

2. the team relies on too many tools

One consequence of the increasing threat situation is a proliferation of security tools taking place in companies. Almost a third have more than 50 in use, according to an IBM study from 2021 – and the numbers are likely to have increased in the last year. In this case, however, more does not equal better: the administration of so many tools stresses the IT security teams, which are already working at the limit, by adding unnecessary complexity. Often there is not even time left for basic management tasks. A clear warning signal.

3. the speed of response is decreasing

Hacker attacks that security operations teams face are much more sophisticated than they used to be. Viruses and malware like to nest deep into systems, spread across the network and wait before striking at an opportune time. Overload, alert fatigue and an unmanageable number of tools reduce the speed of response to attacks. If the Mean Time to Respond (MTTR) is high, i.e. the team takes a long time to identify a threat and close gaps, this is detrimental to the company at all levels – and shows that external support is needed.

4 Communication between SecOps and IT suffers

Another indicator of an IT security imbalance is a lack of communication between the SecOps and IT teams. Usually, too large a workload is the reason for a lack of communication. The result is that teams simply pass information on vulnerabilities or anomalies to each other without context or prioritisation. Not only does the atmosphere between the teams suffer, but also security, because the more work the SecOps team has to put into research, the longer critical security gaps remain open and danger situations acute.

5 No one defines measurable indicators of success

Without the necessary key performance indicators (KPIs), it is impossible to measure the efficiency of one’s own security infrastructure. Moreover, IT security teams are unable to identify where they need to catch up, which means that they are practically treading water. Defining such KPIs is not trivial and requires thinking outside the box, because even if a company knows its MTTR, it does not necessarily know whether the value is good enough. These analytical tasks require a lot of time – which is notoriously scarce, especially among IT security experts.

“All these problems are clear signs of inadequate security measures and overburdened cybersecurity teams,” warns Jochen Koehler, VP EMEA Sales at Ontinue. “Should companies find that at least one of these points applies to them, it is high time to think about additional staff and the establishment of a security operations centre. For those who can’t afford it, MXDR vendors help streamline and consolidate the security infrastructure. They also support in-house security teams in defining key KPIs, threat detection and cyberattack response.”