{"id":1631,"date":"2020-11-22T15:53:54","date_gmt":"2020-11-22T13:53:54","guid":{"rendered":"https:\/\/fortgale.com\/news\/?p=1631"},"modified":"2026-06-08T22:06:17","modified_gmt":"2026-06-08T22:06:17","slug":"cyber-defence-three-enterprise-priorities","status":"publish","type":"post","link":"https:\/\/fortgale.com\/blog\/emerging-threats\/cyber-defence-three-enterprise-priorities\/","title":{"rendered":"Cyber Defence: 3 priorities for enterprise security"},"content":{"rendered":"\n<div class=\"wp-block-media-text alignwide\" style=\"grid-template-columns:42% auto\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2020\/11\/pexels-igor-starkov-776516-589x1024.jpg\" alt=\"\" class=\"wp-image-1639\" loading=\"lazy\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p class=\"has-text-align-justify wp-block-paragraph\">The entire Cyber Defence process can be summarised in three factors that determine its qualitative outcome: <strong>people<\/strong>, <strong>technologies<\/strong>, and <strong>processes<\/strong>. The absence of one of these components can compromise the results of the entire organisational defensive process.<\/p>\n\n\n\n<p class=\"has-text-align-justify wp-block-paragraph\">Focusing exclusively on certain aspects of organisational defence, for example the technological aspect, renders the entire defensive posture ineffective.<\/p>\n\n\n\n<p class=\"has-text-align-justify wp-block-paragraph\">In other cases, investments made across all components are rendered ineffective by the difficulty of making the mechanisms governing these three elements functional. As a result, a data breach is as much an organisational failure as it is the failure of a technology, person, or process.<\/p>\n\n\n\n<p class=\"has-text-align-justify wp-block-paragraph\">By operationalising core security functions, it is possible to define how tools, teams, and processes should coexist and collaborate to ensure that the security operations centre functions efficiently, effectively, and rapidly.<\/p>\n<\/div><\/div>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"has-text-align-center wp-block-heading\"><strong>Strategic Activities<\/strong><\/h2>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">1. Security Monitoring<\/h3>\n\n\n\n<p class=\"has-text-align-justify wp-block-paragraph\">Monitoring security events is clearly the first step to take. One cannot defend against what one cannot see. This is why <strong>Security Monitoring<\/strong> activities (performed by a <strong>Security Operation Center<\/strong>) are the foundation for concrete organisational defence.<\/p>\n\n\n\n<p class=\"has-text-align-justify wp-block-paragraph\">At the same time, organisations of different sizes face different challenges:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Small and medium-sized organisations<\/strong>: lack of resources and budget;<\/li><li><strong>Medium and large organisations<\/strong>: too many flows to monitor.<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">2. Response and Eradication<\/h3>\n\n\n\n<p class=\"has-text-align-justify wp-block-paragraph\">Once monitoring activities are initiated, <strong>the organisation must be able to respond to identified threats<\/strong>. The challenge today is not represented solely by anomaly identification or the implementation of security solutions (AntiVirus, Firewall, etc.). <strong>Today the challenge is to understand and react correctly to cyber-attacks<\/strong> to which all businesses are exposed.<\/p>\n\n\n\n<p class=\"has-text-align-justify wp-block-paragraph\">In this sense, it is necessary to create an incident response plan that defines roles, methods, and procedures for threat management, recovery, and restoration of operational business functions.<\/p>\n\n\n\n<p class=\"has-text-align-justify wp-block-paragraph\">This can be done by focusing attention on problems that occur most frequently, documenting workflows, and updating the plan daily. The plan should outline not only internal processes and functions, but also the role and activities of external partners.<\/p>\n\n\n\n<p class=\"has-text-align-justify wp-block-paragraph\">There is often a risk of making the mistake of creating a plan and then abandoning it until the need arises. It is advisable to regularly verify the plan to ensure that everyone knows their roles and is prepared when the need arises. Our <a href=\"https:\/\/fortgale.com\/en\/cybersecurity-advisory\/\">Cybersecurity Advisory<\/a> engagements have repeatedly demonstrated that tabletop exercises expose critical gaps in response procedures before real incidents occur.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">3. Vulnerability Management<\/h3>\n\n\n\n<p class=\"has-text-align-justify wp-block-paragraph\">This is clearly one of the daily activities performed by cybersecurity teams. The more immediate and effective the application of patches, the better the quality of the defensive posture against cyber-attacks.<\/p>\n\n\n\n<p class=\"has-text-align-justify wp-block-paragraph\">To ensure effective patch application, it is necessary to create a vulnerability management strategy that defines the entire process, and establish a regular schedule for distribution. Some legacy systems may require specific assessments compared to modern systems, but this does not mean they can be excluded. It is important to intervene where possible while tracking what is missing so it can be evaluated over time.<\/p>\n\n\n\n<h2 class=\"has-text-align-center wp-block-heading\"><strong>The Role of Threat Hunting and Cyber Threat Intelligence<\/strong><\/h2>\n\n\n\n<div class=\"wp-block-media-text has-media-on-the-right\" style=\"grid-template-columns:auto 42%\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2020\/11\/pexels-syed-hasan-mehdi-839428-1.jpg\" alt=\"\" class=\"wp-image-1649\" loading=\"lazy\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p class=\"has-text-align-justify wp-block-paragraph\">To hunt for unknown cyber threats, what has been listed so far is not sufficient. To do this, two strategic aspects must be introduced: <strong>Intelligence<\/strong> and <strong>Hunting<\/strong>.<br>Both should occur only when the first three functions have reached a certain maturity within the organisation. For <strong>Threat Hunting activities<\/strong>, one typically starts with simple threat searches via IOCs, then develops this activity into more complex and automated operations over time.<\/p>\n\n\n\n<p class=\"has-text-align-justify wp-block-paragraph\"><strong>Cyber Threat Intelligence activities<\/strong> help organisations understand the risk of attack from potential and current threats. It is essential to filter threat information in order to derive effective added value.<\/p>\n<\/div><\/div>\n\n\n\n<p class=\"has-text-align-justify wp-block-paragraph\">Understanding which specific threats relate to the reference sector and the types of adversaries that your sector faces most frequently is strategic for better protection.<\/p>\n\n\n\n<p class=\"has-text-align-justify wp-block-paragraph\">Effective security operations integrate monitoring, detection, and response activities with Cyber Threat Intelligence and Threat Hunting functions. Organisations that operationalise these five core functions establish a defensive posture capable of identifying, responding to, and learning from threat activity across the attack lifecycle.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Three foundational defensive activities every organisation should run continuously: monitoring, detection-engineering and incident response \u2014 paired with threat intelligence.<\/p>\n","protected":false},"author":1,"featured_media":1659,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[3127,103,113,115,3128,175,183,224,293,309,3129,313,326,353],"class_list":["post-1631","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-emerging-threats","tag-cyber-defence","tag-cybersecurity","tag-defence","tag-detection","tag-detection-engineering","tag-hunting","tag-intelligence","tag-mdr","tag-response","tag-security-operation","tag-security-operations","tag-sfile2","tag-soc","tag-threat-hunting"],"_links":{"self":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/1631","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/comments?post=1631"}],"version-history":[{"count":1,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/1631\/revisions"}],"predecessor-version":[{"id":9844,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/1631\/revisions\/9844"}],"wp:attachment":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/media?parent=1631"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/categories?post=1631"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/tags?post=1631"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}