DMS Alerts Should Be Key To Organisations’ Security Orchestration

Uploaded on 2022-09-05 in TECHNOLOGY--Resilience, FREE TO VIEW

Research shows that the Security Orchestration, Automation and Response (SOAR) Market is expected to grow by 15.8% (CAGR) from 2022 to 2027. That’s not surprising, given the perfect storm of conditions that have been brewing since the onset of the pandemic. 

Ransomware and other cyber attacks are on the increase, particularly now that remote and hybrid working present new attack surfaces, while at the same time, over-stretched IT teams means there’s a paucity of cyber security skills available to deploy against the rising threat. 
 
To help keep their heads above water, many organisations are investing in security orchestration to streamline their wider security operations centre (SOC) strategy, connecting siloed security tools, such as Security Information and Event Management (SIEM), to help automate threat alerts, monitoring, and remediation.

However, an essential element is often ignored as part of this streamlined security strategy: the organisation’s document and email management system (DMS). 

This is a significant oversight, because the DMS houses “the crown jewels” of the organisation: valuable client information, confidential documents, and other sensitive files. This is especially the case at professional services firms such as law, accounting, and financial services, all of whom are lucrative targets for cyber security criminals, due to the nature of privileged data they hold. 

So, why does this gap in the overall security strategy tend to form - and how can it be best addressed? 
 
Outside The Normal Flow

The key focus of IT is to look after the infrastructure and the widely used systems connected within this infrastructure: networking components, communication systems, endpoint devices, and so on. As a general rule, if a system sits within “infrastructure”, IT is in charge of monitoring, analysing and identifying any emerging threat patterns around it.

So far, so good. But when you're looking at a more dedicated or specialised type of system – like a DMS – it often may not fall under the umbrella of IT. It could be seen as belonging to an individual business department, or whichever teams are most heavily using it.

Here’s where we run into a problem. The SOC team relies on their SIEM dashboards to monitor attack patterns across the infrastructure but isn’t getting alerts or real-time information from potential insider or external threats involving the DMS. Instead, these alerts may go to a senior member of the department using the DMS or the CIO. Or they may not be getting picked up at all.

Allowing the DMS to sit outside the standardised flow of incident monitoring and threat management like this is problematic. But there is a better way. Incorporating DMS-centric threat patterns and alerts gives the SOC team access to an additional set of data points that can help determine whether a threat is actually present or not and if it warrants further action. This can include usage patterns that might indicate if something out of the ordinary is happening, such as data exfiltration from disgruntled employees, misuse of privileged accounts or stolen credentials.

Integration Is Key

To break down any silos in their security operations strategy, organisations need to consider an integrated approach that brings threat monitoring capabilities from all systems and applications, especially those holding sensitive data, together in the same place.

From a practical perspective, organisations should ask their current or prospect DMS providers if their application offers threat monitoring based on usage analytics and integration of any DMS alerts into the SOC team’s SIEM tool of choice via industry standard services, such as REST APIs. 

This is the goal for organisations to shoot for – one that effectively eliminates any gaps and risk of data loss that stem from not incorporating the DMS into an integrated SOC ecosystem.

The DMS Needs To Be Part Of The Conversation

#SOC teams are already overworked and operating in high-pressure environments. Security orchestration and automation provides an effective way to reduce that stress, but in taking a streamlined approach, organisations shouldn’t forget about their DMS. Especially if their DMS already provides the means to communicate with their integrated IT security stack.

The DMS needs to be part of the conversation. If it’s not, organisations will continue to have a gap that they’ll need to mind.

Manuel Sanchez is Global Product Marketing Manager at iManage

You Might Also Read:

Detect Spoofing Before Your Organisation Suffers Fraud:

 

« Chinese Internet Companies Required To Disclose Algorithm Data
US Government Will Invest $15 Billion In National Cyber Security »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

TrustedIA

TrustedIA

TrustedIA is a cyber and protective security company. Our mission is to help businesses protect themselves from disruptive events that can impact their successful operation.

CERT Polska

CERT Polska

CERT Polska is the first Polish computer emergency response team and operates within the structures of NASK (Research and Academic Computer Network) research institute.

ISO Quality Services Ltd

ISO Quality Services Ltd

ISO Quality Services is an independent organisation that specialises in the implementation, certification and continued auditing of ISO and BS EN Management Standards including ISO 27001..

Kore Telematics

Kore Telematics

Kore is a leading managed service provider for IoT and M2M applications.

Trapmine

Trapmine

TRAPMINE is an innovative cybersecurity products company mainly focusing on protecting organizations from Advanced Persistent Threat & Zero-Day attacks.

ComCERT

ComCERT

ComCERT SA is an independent, private consulting company focusing in the assistance of its customers facing the dangers of cyber threats and security incidents.

CybeReady

CybeReady

CybeReady’s Autonomous Platform offers continuous adaptive training to all employees and guarantees significant reduction in organizational risk of phishing attacks.

Pipeline Security

Pipeline Security

Pipeline is a leader in cybersecurity, offering comprehensive services to protect organizations from evolving threats.

Trinity Cyber

Trinity Cyber

Trinity Cyber’s patent-pending technology stops attacks before they reach internal networks,reducing risk and increasing cost to adversaries.

Blockchain Firm

Blockchain Firm

Blockchain Firm is a leading Blockchain based software solutions and service provider with our roots of expertise running deep into the technology.

Slice

Slice

Slice offer subscription based Cyber Insurance for small businesses.

Schweitzer Engineering Laboratories (SEL)

Schweitzer Engineering Laboratories (SEL)

SEL specializes in creating digital products and systems that protect, control, and automate power systems around the world.

ITProTV

ITProTV

ITProTV is part of the ACI Learning family of companies providing Audit, Cyber, and IT learning solutions for enterprise and consumer markets.

Bluefin Payment Systems

Bluefin Payment Systems

Bluefin is the recognized integrated payments leader in encryption and tokenization technologies that protect payments and sensitive data.

Black Duck Software

Black Duck Software

Black Duck (formerly the Synopsys Software Integrity Group) is the market leader in application security testing (AST).

ArmorX AI

ArmorX AI

ArmorX AI (formerly Kapalya) operates an encryption management platform designed to encrypt all data in transit and at rest on mobile end-points, corporate servers, and cloud servers.