Security Monitoring to Cross the Compliance Chasm

 
crossing-the-chasm-1000x625.jpg

Focus on your business. Let us help with security

monitoring.

We’re huge fans of how many tools there are that make it easier than ever to start, run and scale a business. Cloud services like AWS, GCP and Azure free up precious capital for strategic priorities rather than using it to stand up servers and invest in infrastructure and IT staff. SaaS offerings like GSuite, BambooHR and Xero offer outsourced options for IT, HR and finance, which before required full-time staff. Coding tools and collaboration tools like Github, Slack and Zoom empower team members to scale their impact across geography and time zones. Shared office services like WeWork, Impact Hub and Spaces enable collaboration without having to sign long-term leases.

Security is also benefitting from a proliferation of tools and cloud-based capabilities that simplify once onerous and complex tasks. However, security requirements are broad, and there are always opportunities to further simplify key elements of the ecosystem. Take cyber security compliance as an example. There is so much involved in achieving compliance that even simplifying one core requirement can make the process of compliance much less painful and costly.

How are you logging and monitoring for compliance?

Typically, building logging and monitoring capabilities in house is a time-intensive process that involves hiring skilled staff, technology selection, acquisition, deployment, ongoing use case development and management. For a large organization, these costs can run into seven figures. For a mid-sized organization, the capacity and budget to stand up the capability to effectively log and continuously monitor internally can be daunting.

Kobalt provides Cyber Security Monitoring-as-a-Service in order to address these requirements and lets your team focus on building the next great version of your product or service. Examples of compliance requirements that relate to these services include:

Standard Description of requirement Relevant Section
Centre for Internet Security (CIS Top 20) Maintenance, monitoring and analysis of audit logs Section 6, Basic CIS Controls
Account monitoring Section 16, Foundational CIS Controls
Incident Response (recommendations from Kobalt) Section 19, Organizational CIS Controls
ISACA Control Objectives for Information and Related Technologies (COBIT 5) Detection, monitoring Various subsections of DSS, APO, BAI, MEA requirements
ISO 27001:2013 Logging and monitoring capabilities A.12.4 and subsections
National Institute of Standards and Technology Cyber Security Framework (NIST CSF) Detection capabilities of anomalies and events, continuous monitoring Function DE.AE, DE.CM. Recommendation and or/assistance with Functions RS.RP, RS.AN, RS.MI, RS.IM, RC.RP, RC.IM.
Payment Card Industry Data Security Standard (PCI DSS) Track and monitor all access to network resources and card holder data Requirement 10 (plus various detailed requirements in this section) 

There is a long list of other standards that have similar logging and monitoring requirements. In addition to helping to achieve compliance, the increased visibility and ability to address security risks and operational threats have numerous benefits for organizations of all sizes.

If you’d like to address logging and monitoring at a fraction of the cost, time and effort it would take you to build it internally – contact us.

Contact Us