Focus on your business. Let us help with security
We’re huge fans of how many tools there are that make it easier than ever to start, run and scale a business. Cloud services like AWS, GCP and Azure free up precious capital for strategic priorities rather than using it to stand up servers and invest in infrastructure and IT staff. SaaS offerings like GSuite, BambooHR and Xero offer outsourced options for IT, HR and finance, which before required full-time staff. Coding tools and collaboration tools like Github, Slack and Zoom empower team members to scale their impact across geography and time zones. Shared office services like WeWork, Impact Hub and Spaces enable collaboration without having to sign long-term leases.
Security is also benefitting from a proliferation of tools and cloud-based capabilities that simplify once onerous and complex tasks. However, security requirements are broad, and there are always opportunities to further simplify key elements of the ecosystem. Take cyber security compliance as an example. There is so much involved in achieving compliance that even simplifying one core requirement can make the process of compliance much less painful and costly.
How are you logging and monitoring for compliance?
Typically, building logging and monitoring capabilities in house is a time-intensive process that involves hiring skilled staff, technology selection, acquisition, deployment, ongoing use case development and management. For a large organization, these costs can run into seven figures. For a mid-sized organization, the capacity and budget to stand up the capability to effectively log and continuously monitor internally can be daunting.
Kobalt provides Cyber Security Monitoring-as-a-Service in order to address these requirements and lets your team focus on building the next great version of your product or service. Examples of compliance requirements that relate to these services include:
|Standard||Description of requirement||Relevant Section|
|Centre for Internet Security (CIS Top 20)||Maintenance, monitoring and analysis of audit logs||Section 6, Basic CIS Controls|
|Account monitoring||Section 16, Foundational CIS Controls|
|Incident Response (recommendations from Kobalt)||Section 19, Organizational CIS Controls|
|ISACA Control Objectives for Information and Related Technologies (COBIT 5)||Detection, monitoring||Various subsections of DSS, APO, BAI, MEA requirements|
|ISO 27001:2013||Logging and monitoring capabilities||A.12.4 and subsections|
|National Institute of Standards and Technology Cyber Security Framework (NIST CSF)||Detection capabilities of anomalies and events, continuous monitoring||Function DE.AE, DE.CM. Recommendation and or/assistance with Functions RS.RP, RS.AN, RS.MI, RS.IM, RC.RP, RC.IM.|
|Payment Card Industry Data Security Standard (PCI DSS)||Track and monitor all access to network resources and card holder data||Requirement 10 (plus various detailed requirements in this section)|
There is a long list of other standards that have similar logging and monitoring requirements. In addition to helping to achieve compliance, the increased visibility and ability to address security risks and operational threats have numerous benefits for organizations of all sizes.