Our Solution
Back
OUR SOLUTION
Capabilities
Predict, prevent, detect, and respond
How It Works
People, platform, and process
Use Cases
By threat, environment, or industry
Talk to a Cybersecurity Advisor
See how we deliver managed threat protection
WHY NETSURION
Back
WHY NETSURION
Key Business Benefits
Powerful yet practical cybersecurity
Industry Leadership
Perennial recognition for innovation
Customer Success
Driven to be your trusted partner
Partners
Back
PARTNER PROGRAM OVERVIEW
Partner Program Benefits
Our solutions are built for service providers
Become a Partner
Grow your cybersecurity practice
Insights
Back
VIEW ALL INSIGHTS
Articles
Read the latest from our blog
SOC Catch of the Day
Real stories of threats we reel in daily
Cybersecurity Q&A Videos
Answering your toughest cybersecurity queries
Webcasts & Events
Join us in-person or online to learn more
Company
Back
MEET NETSURION
Leadership
Meet our management team
News
Press releases and news stories
Careers
Check out our current openings
Contact Us
Talks to sales or support
MyNetsurion
Support
Partner Portal
Contact Us
Time is money. Downtime is loss of money.
Home
Insights
Articles
Time is money. Downtime is loss of money.
3 min read
The technological revolution has introduced a plethora of advanced solutions to help identify and stop intrusions. There is no shortage of hype, innovation, and emerging trends in today's security markets. However, data leaks and breaches persist. Shouldn't all this technology stop attackers from gaining access to our most sensitive data? Stuxnet and WannaCry are examples of weaknesses in the flesh-and-bone portion of a security plan. These attacks could have been prevented had it not been for human mistakes.
Stuxnet is the infamous worm (allegedly) authored by a joint U.S.-Israeli coalition, designed to slow the enrichment of uranium by
Iran's nuclear program
. The worm exploited multiple zero-day flaws in industrial control systems, damaging enrichment centrifuges. So, how did this happen?
The Natanz nuclear facility, where Stuxnet infiltrated, was air-gapped.
Somebody had to physically plant the worm. This requires extensive coordination, but personnel in Natanz should have been more alert.
Stuxnet was discovered on systems outside of Natanz, and outside of Iran. Somebody likely connected a personal device to the network, then connected their device to the public Internet.
While Stuxnet went from inside to outside, the inverse could easily have happened by connecting devices to internal and external networks.
If human beings had updated their systems, we may never have added "WannaCry" to our security lexicon.
WannaCry and its variants are recent larger-scale examples. Microsoft had issued patches for the SMBv1 vulnerability, eventually removing the protocol version from Windows. Still, some 200,000 computer systems were infected in over 150 countries worldwide to the tune of
an estimated $4 billion in ransoms and damages
.
The lesson here? We care too much about gadgets and logical control systems, and not enough about the skilled staff needed to operate this technology. Gartner estimates that 40 percent of mid-size enterprises don't have a cybersecurity expert in their organization. A labor shortage for security professionals will prevent you from filling this talent gap for at least three years. A logical solution is to assess which security functions can be effectively delivered as a service to minimize internal staffing requirements.
Services (such as
EventTracker Enterprise
) solve popular use cases including:
Operational tasks such as log monitoring, vulnerability scanning, and firewall management
Delivering 24/7 security monitoring when there is not enough staff to accomplish this internally (a minimum of eight to 12 dedicated security analysts are required for 24/7 monitoring)
Security monitoring for public cloud environments to ensure users are not placing sensitive data in the cloud in ways that are insecure or non-compliant
Building out advanced attack detection capabilities by employing advanced analytics to identify threats through statistical or behavioral anomalies in security events, IT logs, network behavior, network forensics, payload analysis, endpoint behavior, and endpoint forensics
Time is money; downtime is loss of money. The cost of doing nothing is significant.
2023 MDR Buyer’s Guide
Download the Whitepaper
Related Articles
10 min read
Navigating Your Managed Cybersecurity Options
5 min read
Incident Response: Whose Job is It?
7 min read
Six Proactive Steps to Expand Attack Surface Coverage