The internet is increasingly becoming a war zone: digital attackers are using software as weapons. Robust measures are necessary to reliably fend off hackers and protect sensitive corporate data. Ransomware, phishing, viruses, and other digital threats are hitting small and medium-sized enterprises (SMEs) as well as large corporations with full force. No company seems sufficiently prepared, and no sector is safe. Whether it's industrial assemblers, automotive suppliers, logistics companies, or shoe manufacturers—the German economy is suffering from growing cybercrime and appears to be defenseless against hackers.
Effective and practical solutions are required. However, protection, effort, and costs must be balanced, as the world keeps turning and requires uninterrupted offensive strength in core business areas to continue ensuring prosperity and social peace. As specialists in business process automation, we offer a solution that is not only effective but also provides a way out for SMEs with reasonable effort and manageable costs, effectively protecting them against potential hacker attacks.
When people think of cybersecurity, they first think of virus scanners and firewalls. These two foundations of corporate IT infrastructure are used almost everywhere. That is good and correct. However, two fundamental changes are undermining this 90s-era architecture: mobile work and modern cloud services.
Ownership and control of end devices, systems, and software have slipped away from corporate customers. If a CIO pursues a "cloud-first" strategy with one or more hyperscalers like AWS, Azure, Google, SAP, and Oracle, or relies on popular Software-as-a-Service (SaaS) offerings like Salesforce, ServiceNow, or Jira/Confluence, they no longer have direct access to the details of these services. Their company becomes a consumer with predetermined influence options. In essence, the manufacturer takes over and retains control. This starts with the hardware and software components used and ends with data security.
Hacker Defense in the Cloud - An Illusion?
We do not want to frame this development as a problem, as cloud services and Software-as-a-Service bring significant advantages. They scale better, are centrally maintained by the manufacturer, generally run much more stably, and achieve efficiency gains in certifications, legal requirements, and geographic (high) availability.
However, to reliably fend off hackers with cloud solutions, a completely different approach is required. The same applies to the work of digital nomads, employees in home offices, and the ever-denser network of international service providers.
Your infrastructure is diverse, outside the sphere of influence of the client or employer, and subject to constant change: today the Wi-Fi at McDonald's, tomorrow a private notebook instead of a company device. Rigid security concepts consisting of user certificates, permanently installed VPN software, or tightly restricted IP access ranges not only dampen employee morale but also hinder their productivity. Not good news for the CFO and the owners or investors.
Effective Strategies to Reliably Defend Against Hackers
Are we lost? Not at all! Where problems arise, solutions emerge. If cloud and mobile work were a zero-sum game and all their advantages were lost due to the security gaps they might open, then humanity would have opened Pandora's box for the first time. Therefore, we want to turn away from Greek mythology and focus on the solution.
First, we must keep in mind three principles that belong to an effective cybersecurity solution—that is, an effective defense against potential hacker attacks. We are deliberately leaving out accompanying measures such as policies, security training, or regular audits and scans. They undoubtedly have their place and deserve our attention elsewhere.
1. E pluribus unum - The Wisdom of the Crowd
Most modern security solutions use all available data to identify and combat threats, vulnerabilities, and security-relevant incidents. Their "knowledge" is held centrally, kept up-to-date centrally, and used centrally.
Regardless of whether Zero Trust Network Access (ZTNA), Cloud Access Security Broker (CASB), Secure Access Service Edge (SASE), or Extended Detection and Response (XDR) solutions are used, they all rely on the principle of ubiquitous access to information about cyber threats and the more or less centralized implementation of a defense strategy. Palo Alto, for example, successfully used this approach with its firewall solutions years ago, before the terms mentioned above were even invented.
Consequently, not only the "problem" but also the solution originates from the cloud.
2. User and End Device
Devices managed centrally down to the smallest detail are a barrier to productivity and innovation. If a user cannot install software on their device due to strict security policies, they are left with the hope of an all-knowing and user-oriented device management system from their employer or client.
We do not want to speculate on the costs of such an endeavor. Required software, knowledgeable IT administrators, a high-performing helpdesk, and the opportunity costs of discouraged employees are not a very attractive alternative, even if many corporations try this with varying degrees of success: it all depends on how much you can restrict your users. That has its limits.
For the aforementioned cloud algorithms to identify and fend off cyber threats, they must be integrated into the data flow of all end devices. This is usually ensured by installing end-device software, which then directs the data flow through ZTNA, CASB, SASE, etc., platforms. However, the end-device software has no logic of its own and does not need to be constantly updated. It merely directs data traffic to the cloud-based security platform and can thus specifically fend off hacker attacks.
But what about those users whose devices cannot or should not have such a client installed? The solution here lies in linking the cloud services being used, such as Salesforce or Jira, with the cloud-based security solution. A so-called reverse proxy service is used, which scans the data streams of the cloud services and detects threats from hackers at runtime. Naturally, every cloud service must be connected to the cloud-based security solution for this to work. In the same way, access to cloud services can be restricted so that every user must authenticate via a specified service (e.g., Active Directory, Google SSO, Okta).
Data Loss Prevention (DLP) measures can also be implemented this way, minimizing the risk of unwanted data loss. Security here originates from the cloud, not the end device. Complex and difficult-to-maintain firewall architectures can be avoided in this manner.
In essence, the rigid protection of a location-bound infrastructure is shifted to the combination of user and application. These two can then be flexibly adapted and expanded. The infrastructure is no longer the decisive criterion for who is "in" or "out." Cloud services now stand on equal footing with on-premise services.
Companies must act proactively to reliably fend off hackers. A comprehensive security strategy is essential.
Effectiveness Through Automation
So far, so good. Is that all? No! Because up to this point, we have only described the foundations of an effective cybersecurity architecture. On their own, however, they are not enough to master changing threats. Rather, well-considered measures must be taken that are effective without having imposed blanket restrictions beforehand.
This is where Security Automation enters the stage: Security Information and Event Management (SIEM) and Security Orchestration and Response (SOAR) are the key concepts that need to be harmonized—by automating the underlying processes.
SIEM
SIEM platforms like Splunk, Sumo Logic, Datadog, Logit, and many others help collect, aggregate, and interpret data from the security solutions described above. At their core, they are databases with corresponding analysis functions that actively inform security teams or Security Operations Centers (SOCs) about threats.
SOAR
SOAR platforms take this (threat) data from SIEM solutions and carry out further measures. They qualify and enrich the information, consult cloud services for assessment, and contain attacks by changing the configuration of security solutions or by excluding affected end devices or users. They are the actuators in an effective security concept.
Orchestration Makes the Difference
So, do you need a SIEM platform and a SOAR platform, ideally from the same provider, and everything is fine? Yes, in very simple and uniform system landscapes, that might be enough. In the complex reality of many companies, however, it is not.
Here, SOAR solutions are required that orchestrate entire sequences of measures between multiple systems to put the right decisions into action depending on the case. Good SOAR is a matter of automation in the security environment, analogous to the automation of business processes.
Simple "if-then" logic in a workflow is no longer sufficient; data from users, attackers, affected systems or applications, and potential causes must be interpreted and orchestrated using well-thought-out process steps so that a minimally invasive but effective solution can be implemented.
The more data flows through a company, the more important the automation of these data flows becomes. They cannot be handled with sufficient speed and quality through human intervention alone. Or do you want the attack to escalate until your security team or IT administration has understood the problem and devised a solution?
Successful companies need an intelligent and modern security solution that functions as automatically as possible to reliably fend off hackers in a timely, effective, and targeted manner. These solutions must fit within the budget and available resources—from small businesses to large corporations. Not every SME can afford an SOC, and not every corporation can find the employees competent for this task on the market.
An experienced Managed Security Service partner is a smart step to ensure the necessary technical know-how, the desired consulting, and stringent implementation in regular operations. This allows companies to dedicate themselves to their core business even in turbulent times, knowing their resources are effectively protected.
