SMB Data Monitoring: Yes, It’s a Thing.

Here’s why small and mid-sized businesses should ensure managed detection and response is part of their IT security arsenal.

January 29, 2019 • Published by

A lot of data runs through your business’s network. Data is coming and going, and moving rapidly, as systems and applications “talk” and pass along information to each other.

Most SMBs pay no attention to these internal workings and conversations, unless there is a functional failure that requires someone’s review of the system logs to determine where the breakdown occurred. The rapid increase in SMB malware, however, is causing many executives to choose a more active—rather than reactive—IT security strategy.

SMB data monitoring is active, not reactive.

The typical organization with 50 employees has network equipment such as an internet router, firewall, desktops/laptops, and possibly even point-of-sale (POS) terminals. In many cases, there are also wireless access points as well as IoT monitoring devices.

Each of these components generates “logs” that tell the story of what is happening in real-time. Security threats such as malicious network traffic, brute force attacks and unusual account activity appear consistently in these logs.

Actively monitoring these logs means cybersecurity threats are identified as they are happening, rather than looking back over the logs as part of a forensics investigation. In other words, a data-breach-induced business disruption is much more costly than the up-front investment in SMB data monitoring.

MDR does the heavy lifting.

Here’s the primary issue with SMB data monitoring: The 50-person SMB can expect an average of 750-to-1,000 logs to be generated each second. Accounting for variance while the business is closed, that’s 50 million logs per day!

Obviously, no human—or group of humans—can stare down that many logs. Automation is a necessity, so you need a SIEM platform. This is where most SMBs draw the line, however, because cost/benefit of SIEM ownership outweighs the cost/benefit of outsourcing for Managed Detection and Response (MDR).

When your business outsources to an MDR service provider like ControlScan, you have a team of security analysts using the latest threat data collection technologies to monitor and analyze your log events, as well as to appropriately respond when security threats are detected. Think of it as an additional set of people and technologies, all there to serve as your business’s body guards.

Click here to learn more about the ControlScan Security Operations Center and how our MDR service conducts SMB data monitoring.