That said, one of the most impressive things about these notices is how long the breach had been happening before anyone noticed. Attacks like the SolarWinds hack of 2019-2020 lasted over a year before they were discovered. It’s more than just trying to stop attackers from getting in, it’s making sure you know when they do that is the new security baseline. And waiting for an email detailing how someone already got your stuff is a terrible way to hear about it.

We have two things to help limit our exposure when an attacker succeeds: SIEM and MDR. SIEM stands for Security Information and Event Management. This is a hub that all your security events should flow into. We’re looking for event logs, SNMP/WIM data, anything we can get our hands on, we throw it in a big bucket to be sorted through. MDR stands for managed detection and response, and its job is to monitor all that stuff and eek out anything that looks suspicious or abnormal. In the past, this was someone’s job, armed with pretty simple algorithms to flag something. But, digging through mountains of data to look for patterns is actually something that AI is particularly good at.

Enter Security AI. As AI products have been getting smarter and more capable, throwing them at our SIEM is a match made in heaven. We gather more data now than we ever have, and hiring a team of people to watch it for issues is expensive and honestly, wasteful. With AI, we can have it always watching and generate tickets when something looks off. Then humans can verify if it’s something we need to act on or not. Soon, if not already, AI Agents will start to act on what they see in the data to stop attackers even faster (with minimal false positives hopefully).

So, as a small business, how can you implement these kinds of security features? Well, we were recently tasked with that by a local government that wanted to specifically have 24/7 monitoring on their firewall logs for compliance reasons. We reached out to our friends at SonicWall, and they told us about their new product called SonicSentry. Using a combination of humans and AI, they can provide MDR services for a very reasonable fee. We’ll be deploying this solution for them soon, and we’ll all rest a little easier knowing that someone is watching 24/7.

If you’ve been thinking about moving up in your security posture, there may be solutions that are more effective for less money than you might think. When we told our client how much this solution would be, he said it’s way cheaper and better than the IT analyst he was thinking about hiring to do the job. We’ll see how well it works over the next few months, but I think we’ll all like it.

-Nate