Adam Mansour discusses cyber-attack scenarios with different configurations of resources assigned to data monitoring, and proactive preparedness at small to mid-sized organizations.
One of the biggest cybersecurity tradeoffs such face is balancing the focus of their security teams (or IT teams tasked with security) across critical security functions, such as monitoring for attacks, and proactive hardening through remediation and configuration.
He discusses the nuances of this tradeoff for small and mid-size security teams, and answers the following questions:
What should be the focus of such employees, when it comes to identifying and stopping attacks? Where does this leave a security team’s “primary responsibilities?”
How much raw data can this team reasonably look at, while reacting to (how many) critical alerts, while still looking at (how many) critical vulnerabilities/threat intelligence?
Where does this dictate use of in-house, co-managed, or outsourced resources, for particular security functions?