You cannot protect what you don’t understand. It sounds obvious, but in the day-to-day reality of running IT for a public sector organisation — with limited resources, competing priorities, and legacy infrastructure that has grown organically over years — it is surprisingly easy to lose a clear picture of what you actually have, what it connects to, and what would happen if it were compromised.

A structured risk assessment gives you that picture back. And during a period of elevated cyber threat — like the one Ireland is navigating right now as EU Council Presidency holder — it is the single most important thing you can do before anything else.

What a risk assessment actually is

A risk assessment is not a tick-box compliance exercise, though it can satisfy compliance requirements. At its core, it is a systematic process for answering four questions:

1. What assets do we have? Systems, data, people, processes — anything of value that could be targeted or disrupted.
2. What threats face those assets? Who might want to attack you, how, and why? During the Presidency period, this threat picture is more complex than usual.
3. What vulnerabilities exist? Where are the gaps in your defences that a threat actor could exploit?
4. What is the potential impact? If a given asset were compromised, what would the operational, reputational, and legal consequences be?

The output is not a report that sits on a shelf. It is a prioritised list of risks — ranked by likelihood and impact — that drives every subsequent security decision your organisation makes.

Why it has to come first

Every other security control in this series — patch management, vulnerability scanning, MFA, posture improvement — requires context to be effective. Patching everything equally is impossible and inefficient. You need to know which systems are critical, which are internet-facing, and which feed into sensitive processes. That context comes from a risk assessment.

Without it, security spending is essentially guesswork. Organisations end up over-investing in areas of low risk and under-investing where it matters most. A well-executed risk assessment makes every euro of security budget go further.

The Irish public sector context

Risk assessments for government organisations need to account for some factors that are less common in the private sector.

Legacy systems are the often the norm, not the exception. Many Irish public sector organisations are running infrastructure that was never designed with modern threat actors in mind. Understanding the risk profile of older systems — and being realistic about what can be patched versus what needs to be isolated or replaced — is a critical output of any honest assessment.

Interconnected networks create shared risk. Government organisations frequently share networks, data, or services with other bodies. A risk assessment needs to map these dependencies clearly, because a compromise of one organisation can propagate quickly through a connected ecosystem.

Data classification matters enormously. Not all data carries the same risk. Personal data held under GDPR obligations, sensitive policy documents relevant to the Presidency, and critical operational data each demand a different level of protection. A risk assessment should drive a clear data classification framework.

Supply chain exposure is often underestimated. Third-party vendors, managed service providers, and software suppliers all represent potential entry points. An assessment that stops at your own perimeter is incomplete.

What good looks like

A well-executed risk assessment for a public sector organisation should:

– Be conducted or validated by an independent party, not solely by the internal team whose work it will scrutinise
– Include asset discovery — you cannot assess risk to systems you don’t know exist
– Consider both technical vulnerabilities and organisational ones (process gaps, staff awareness, governance weaknesses)
– Produce outputs in plain language that are meaningful to senior leadership, not just the IT team
– Have a defined review cycle — a risk assessment is not a one-time event, particularly during a period of elevated threat

Your action this fortnight

If your organisation does not have a current, documented risk assessment — completed within the last 12 months — that is where your energy should go first. If you have one, now is the time to dust it off, pressure-test its assumptions against the current threat environment, and check whether the risk landscape has shifted since it was written.

The goal is not a perfect document. The goal is an honest, up-to-date picture of where you stand — so that every decision you make from here is grounded in reality rather than assumption.

Paradyn works with Irish public sector organisations to conduct structured risk assessments that are practical, independent, and directly actionable. If you’d like to set up a conversation about where your organisation stands, reach out to the Paradyn team today.

The post Know your exposure: risk assessment as your first line of defence first appeared on Paradyn.

EU Presidency Series: Securing Irish Government in a High-Stakes Year #1

For six months, all roads in European policy lead to Dublin. Ireland’s EU Council Presidency brings with it enormous diplomatic prestige, significant administrative responsibility — and a cyber threat landscape that looks very different to business as usual.

If your organisation is part of Ireland’s public sector, even at one remove, now is the time to take a clear-eyed look at your security posture. Here’s why the Presidency changes the risk calculation, and what you should be thinking about.

A bigger stage means a bigger target

State-sponsored cyber actors — groups affiliated with nation-states that have an interest in European policy outcomes — routinely increase their targeting activity around high-profile geopolitical events. An EU Council Presidency is exactly that kind of event. Ireland is now a hub for sensitive policy deliberation across areas including defence, trade, energy, and digital regulation. That makes Irish government systems significantly more attractive to actors seeking intelligence, looking to disrupt proceedings, or attempting to exert influence on outcomes.

This isn’t speculation. The European Union Agency for Cybersecurity (ENISA) has consistently documented spikes in attacks targeting government and public administration during periods of elevated geopolitical significance. Ireland experienced this first-hand with the HSE ransomware attack of 2021 — a stark reminder that Irish public sector organisations are not too small, too obscure, or too peripheral to be targeted.

It’s not just the big departments

One of the most dangerous assumptions an organisation can make is that the risk belongs to someone else — the Department of Foreign Affairs, perhaps, or the Taoiseach’s office. In practice, the attack surface of a Presidency extends far beyond the headline institutions.

Threat actors frequently target peripheral or supporting organisations as a stepping stone into more sensitive networks. A local authority, a semi-state body, a shared IT services provider, or even a third-party supplier to a government department can all serve as an entry point. If your organisation connects to, shares data with, or provides services to any part of the Irish public sector, you are part of the attack surface — whether you think of yourself that way or not.

The threat landscape right now

The types of threats that increase during periods of heightened geopolitical attention include:

• Spear phishing and social engineering. Highly targeted email campaigns, often referencing real events or plausible professional contexts, designed to trick staff into surrendering credentials or installing malware. During a Presidency, there is no shortage of credible-sounding pretexts — EU policy updates, ministerial correspondence, stakeholder briefings.
• Ransomware. Opportunistic criminal groups take advantage of moments when organisations are stretched, distracted, or operating under new pressures. A busy, understaffed IT team during a major diplomatic period is an attractive target.
• Supply chain attacks. Rather than attacking a well-defended target directly, sophisticated actors compromise a trusted supplier or software vendor first. Irish government organisations should be asking hard questions about the security posture of their supply chains right now.
• Hacktivism and disruption. Not every attack is about extracting data or demanding ransom. Some actors aim simply to embarrass, disrupt, or undermine confidence in Irish institutions during a moment when Ireland is under the international spotlight.

The good news: the window to act is now

Heightened risk does not mean inevitable compromise. The organisations that weather elevated threat periods well are invariably those that used the time before the storm to get their fundamentals right. Strong security hygiene — the kind that comes from structured risk assessment, disciplined patch management, robust identity controls, and a clear picture of your own vulnerabilities — dramatically reduces the likelihood of a successful attack.

Over the coming weeks, this series will walk through each of those fundamentals in practical, actionable terms. Not theoretical frameworks, but concrete steps that Irish public sector organisations can take right now to reduce their exposure.

The EU Presidency is a moment of national pride and significant responsibility. Making sure that moment isn’t defined by a security incident is the job in front of us.

Coming up in this series

– Know your exposure — risk assessment as your first line of defence
– Patches aren’t optional — why patch management is non-negotiable
– See your weaknesses before attackers do — vulnerability management done right
– One password isn’t enough — making MFA work across your organisation
– Security posture — moving from reactive firefighting to proactive resilience
– After the Presidency — sustaining the security gains you’ve made

This article is part of an ongoing series on cybersecurity for Irish government organisations, brought to you by Paradyn. If you’d like to discuss your organisation’s current security posture, reach out to the Paradyn team and we’ll set up a conversation.

The post Ireland in the spotlight: why the EU Presidency raises your cyber risk first appeared on Paradyn.

Fergal Meehan, Chief Commercial Officer, Paradyn and Rory Hopkins, Head of Information Systems, Kildare County Council

Managed detection and response solution will leverage AI tools to enhance Kildare County Council’s cybersecurity posture

Paradyn, one of Ireland’s leading cybersecurity and managed service providers, today announces that it is delivering a managed detection and response (MDR) solution to Kildare County Council which will support the secure rollout of critical public services.

As the volume of cyber threats continues to grow, Kildare County Council needed to enhance and futureproof detection and protection levels across its entire organisation. Paradyn was chosen to deliver a new MDR solution, based on Sophos technology, which will leverage artificial intelligence (AI) tools to improve Kildare County Council’s ability to detect, respond to, and prevent cyber risks. Minimising business disruption, the Sophos MDR solution will integrate seamlessly into Kildare County Council’s existing IT environment.

Round-the-clock monitoring from Sophos’ security operations centre, backed up by Paradyn’s skilled teams, will secure operations, strengthen cyber resilience, and optimise IT resources for the council. The service will also boost compliance for the organisation in a changing regulatory landscape.

This advanced cybersecurity portfolio will, in turn, protect sensitive data for Kildare’s nearly 250,000 citizens and foster increased public trust as the council continues to deliver essential public services. It will also help to support the secure rollout of services including housing, roads, urban planning, and culture across the county.

Paradyn was recently named a Sophos Platinum Partner – the highest partner accreditation – for its expertise in delivering cutting-edge cybersecurity solutions to customers built on Sophos technology.

Rory Hopkins, Head of Information Systems, Kildare County Council, said: “It’s crucial that our cybersecurity processes protect and optimise our vital resources, and this new service is leading to a more secure, resilient, and efficient operation. It ultimately contributes to a safer and more secure experience for all who engage with our services. We have worked with Paradyn on previous IT and security projects and knew that the team was best placed to deliver on this next phase. We look forward to continuing to innovate, safe in the knowledge that our systems are protected.”

Fergal Meehan, Chief Commercial Officer, Paradyn, said: “In the face of increasingly sophisticated cyber risks, this solution will enhance the overall cybersecurity posture for Kildare County Council. Our Sophos MDR service consolidates cybersecurity tools and products into one managed service with proactive monitoring by our highly skilled team of cyber analysts, even outside of traditional office hours. It provides peace of mind for the council as it continues to deliver essential services to the people of Kildare.”

The post Paradyn supports secure service rollout for Kildare County Council first appeared on Paradyn.

Paradyn, a cybersecurity company based in Cork, anticipates reaching revenue of €10 million this year, representing a 25 per cent increase compared to 2024.

Founded in 2007 by Cillian McCarthy, Pat Dowling, Paul Casey and Rob Norton, Paradyn operates out of Little Island and currently employs 50 staff members. Last year, the company generated €8 million in revenue.

“We protect our customers from cyberattacks. We do this by providing them with products and solutions coupled with expert-level support. Through this we give them peace of mind that cyber criminals can not get access to their data,” McCarthy told the Business Post.

“We cover cyber defence with products from Palo Alto Networks, Cisco and Sophos. Then our team of cybersecurity engineers provide support so our customers can reach out to us at any time.”

The co-founders all had experience across the security sector prior to starting Paradyn. It was their familiarity with each other that led to the creation of this company.

“We had all worked together previously before going our separate ways. Then three of us had another business called Cadoo, which we sold recently, and once we saw the requirement for the skills we had that led to the start of Paradyn,” McCarthy said.

“The four of us saw an opportunity to provide this combination of products and support to businesses. We started out building high-capacity networks for our customers. We’ve evolved that into a cybersecurity company.”

The transition into cyber has proven quite beneficial, as the core organisations it initially collaborated with had specific needs in this area.

“We started out, and are still very strong in, working with the working sector. We were building out computer networks and high-capacity wireless networks. Then we transitioned into the managed cybersecurity practice, which we are today,” McCarthy said.

The company is supported by Enterprise Ireland and McCarthy praised the agency for the help it had provided Paradyn.

“Enterprise Ireland has been with us throughout the journey. They have provided us with funding, training and advice over the years. More recently, they have helped a lot with our launch of a new backup and disaster recovery product under a new venture called Vault365,” McCarthy said.

“That has been very successful in Ireland and we have released it in the UK, where it has been really successful for us. Enterprise Ireland has helped a lot.”

Vault365 is Paradyn’s first big move into international markets and McCarthy is confident the business can build on this success. In addition to the move into the UK, Paradyn is aiming to grow via acquisition.

“Between organic growth and some potential acquisitions, we hope to double the size of the business over the next 18 to 24 months. We’re at scale now and feel like we are generating enough revenue to grow substantially.”

The post Cork firm Paradyn eyes UK expansion and acquisitions first appeared on Paradyn.

What is Zero Trust?

The core principle of Zero Trust is simple yet profound: “Never trust, always verify.” This model assumes that no user, device, or application, whether inside or outside the network, should be implicitly trusted. Every access request, from any entity, is rigorously authenticated, authorised, and continuously validated before access is granted.

Zero Trust isn’t a single product you can buy off the shelf. It’s a strategic framework and a security mindset that requires a comprehensive approach to an enterprise’s IT infrastructure, encompassing policies, architecture, and technology.

Key Principles of Zero Trust Architecture

A successful Zero Trust implementation is built upon three foundational principles:

• Assume Breach: Acknowledge that a security breach is not a matter of “if” but “when.” This mindset drives a proactive approach, focusing on minimising the “blast radius” of a breach and containing any threats.
• Explicit Verification: All access requests must be explicitly and continuously verified based on all available data points. This includes user identity, device health, location, and the sensitivity of the data being accessed. Multi-factor authentication (MFA) is a cornerstone of this principle.
• Least Privilege Access: Users are only granted the minimum level of access and permissions required to perform their specific job functions. This concept, often called Just-in-Time (JIT) and Just-Enough Access (JEA), significantly reduces the potential for lateral movement within the network if an account is compromised.

Core Components of a ZTA

Implementing a Zero Trust framework involves several key components working in concert:

• Identity and Access Management (IAM): This is the foundation of ZTA. IAM solutions, including SSO (Single Sign-On) and MFA, are critical for verifying the identity of both human and non-human users (e.g., service accounts, APIs).
• Micro-segmentation: This involves dividing the network into small, isolated zones with their own specific security policies. It prevents a compromised entity from moving freely across the entire network, effectively containing threats.
• Zero Trust Network Access (ZTNA): This is a modern alternative to traditional VPNs. ZTNA grants secure, remote access to specific applications rather than the entire corporate network, enforcing per-request, policy-based access.
• Endpoint Security: Since devices are no longer inherently trusted, a ZTA must verify the security posture of every endpoint (laptops, mobile phones, IoT devices) before allowing access. This includes checking for up-to-date patches, antivirus software, and other compliance measures.
• Data Protection: Data should be classified, labelled, and protected with encryption both at rest and in transit. ZTA ensures that access policies are applied at the data level, regardless of where the data is stored.
• Automation and Analytics: Continuous monitoring and automated threat detection are vital. By collecting and analysing logs from various sources (SIEM solutions), organisations can quickly identify and respond to unusual behaviour and potential threats in real time.

A Step-by-Step Implementation Guide

Embarking on a Zero Trust journey can seem daunting, but a phased approach makes it manageable.

1. Define Your “Protect Surface”: Start by identifying your most valuable assets, or “crown jewels”. This includes sensitive data, critical applications, and key services. Instead of trying to secure your entire vast network at once, focus on the areas that pose the highest risk.
2. Map Transaction Flows: Understand how users, devices, and applications interact with your protect surface. Map out the typical paths and dependencies to identify all the potential access points and vulnerabilities.
3. Build a Zero Trust Architecture: Design your architecture around your protect surface. This involves placing controls at every access point, implementing micro-segmentation, and deploying ZTNA to secure access to your critical assets.
4. Create Policies: Develop a detailed policy based on the “who, what, when, where, why, and how” of every access request. This policy will govern who can access what, under what conditions, and for what purpose.
5. Monitor and Optimise: Once implemented, continuously monitor the network for anomalies and malicious activity. Use analytics to refine your policies, automate responses to threats, and ensure your ZTA remains effective and adaptable to new challenges.

Why Zero Trust is a Must for Modern Enterprises

Zero Trust is more than just a security trend; it’s an essential strategy for today’s dynamic business environment. Its benefits include:

• Reduced Attack Surface: By eliminating implicit trust, Zero Trust drastically shrinks the area an attacker can exploit, limiting their ability to move laterally within the network.
• Enhanced Data Protection: It protects sensitive data by enforcing granular, identity-based access controls, regardless of the user’s location.
• Adaptability to the Cloud and Remote Work: The borderless nature of ZTA makes it ideal for securing cloud-based applications and a globally distributed workforce, which are now standard for most companies.
• Improved Compliance: The continuous monitoring and logging of all access requests provide an auditable trail that helps meet various regulatory and compliance requirements.
• Increased Visibility: ZTA gives security teams a clear, real-time view of all network activity, allowing for faster and more effective threat detection and response.

Adopting a Zero Trust framework is a significant investment, but in a world where cyber threats are becoming increasingly sophisticated, it’s the most effective way to secure your organisation’s future. Start small, think big, and remember: in the world of cybersecurity, trust is a vulnerability.

Click here to discuss your cybersecurity for your organisation.

The post Zero Trust Architecture: A Practical Guide for Modern Enterprises first appeared on Paradyn.

L-R: Anas El-Houari, Presales Consultant, ManageEngine; Grace McCauley, Head of Sales – Managed Services, Paradyn, and Ger Cullen, Director, Servaplex

Paradyn, one of Ireland’s leading managed service and cybersecurity providers, today announces projected revenues of over €1.6 million in 2025 from its strategic partnership with ManageEngine, a global provider of enterprise IT management solutions. This marks a significant 100% increase from the €800,000 recorded in 2024. With a focus on the public sector, Paradyn forecasts continued momentum, anticipating 40% year-on-year growth in revenues from ManageEngine offerings.

Paradyn has successfully delivered ManageEngine solutions to more than 50,000 users across 40 public sector organisations and government agencies in Ireland, including the ESB, Teagasc, National Concert Hall, Dun Laoghaire County Council, Cork County Council, and Kildare County Council. The partnership has also enabled Paradyn to expand its public sector client base by 20%, underscoring the demand for robust, scalable IT management tools within government institutions.

ManageEngine, the IT management division of Zoho Corporation, provides a broad suite of more than 60 enterprise-grade tools that address the end-to-end IT operations lifecycle—covering network and server monitoring, endpoint management, IT service management (ITSM), identity and access management, and security information and event management (SIEM). These tools empower public sector bodies to increase automation, improve visibility across their IT environments, reduce operational costs, and bolster their cybersecurity posture—all while ensuring that services to citizens are delivered reliably and securely.

Paradyn’s in-depth knowledge of public sector IT requirements, combined with its cybersecurity consulting and professional services, ensures that ManageEngine implementations are aligned with Ireland’s evolving regulatory landscape, including the EU’s NIS2 directive. Together, the two organisations offer a comprehensive and scalable solution for managing IT infrastructure securely and efficiently.

Grace McCauley, Head of Sales – Managed Services, Paradyn, said: “Our partnership with ManageEngine allows us to deliver best-in-class IT management and cybersecurity solutions tailored to the public sector. As public services continue to digitalise, the need for reliable, secure, and cost-effective infrastructure becomes paramount. We’re proud to be supporting the government in delivering modern, resilient digital services to citizens.”

ManageEngine’s proven technology and Paradyn’s hands-on approach help public sector agencies future-proof their IT environments, safeguard sensitive citizen data, and achieve operational excellence in an increasingly complex threat landscape.

The post Paradyn forecasts €1.6 million in revenues from ManageEngine partnership in 2025 first appeared on Paradyn.

But how do you cultivate this culture? It’s not a one-time training session; it’s an ongoing, evolving process.

1. Leadership Sets the Tone:

• Lead by Example: Cybersecurity must be a priority at the highest levels. Leaders should actively demonstrate their commitment by adhering to security protocols and promoting awareness.
• Communicate Clearly: Regularly communicate the importance of cybersecurity and the organisation’s security policies. Explain the “why” behind security measures, not just the “what.”
• Invest in Training: Allocate resources for regular, engaging cybersecurity training programs.

2. Educate and Empower:

• Tailored Training: Generic training is ineffective. Customize training to different roles and departments, focusing on the specific threats they face.
• Interactive and Engaging: Move beyond dry lectures. Use simulations, quizzes, and real-world scenarios to make learning interactive and memorable.
• Phishing Simulations: Conduct regular, simulated phishing attacks to test employees’ vigilance and identify areas for improvement.
• Promote Open Communication: Encourage employees to report suspicious activities without fear of reprisal. Create a safe space for questions and concerns.
• Provide Regular Updates: The threat landscape is constantly changing. Keep employees informed about emerging threats and best practices.

3. Foster a Culture of Responsibility:

• Make it Relevant: Connect cybersecurity to employees’ daily work and personal lives. Show them how protecting data benefits them and the organisation.
• Recognise and Reward: Acknowledge and reward employees who demonstrate strong cybersecurity practices. Positive reinforcement can go a long way in motivating behaviour.
• Establish Clear Policies: Develop and enforce clear, concise cybersecurity policies that are easy to understand and follow.
• Incident Response Plan: Ensure everyone knows what to do in the event of a security incident. Have a clear, well-communicated incident response plan.
• Continuous Improvement: Regularly evaluate the effectiveness of your cybersecurity training and policies. Adapt and improve based on feedback and changing threats.

4. Tools and Resources:

• Password Managers: Encourage the use of strong, unique passwords and password managers.
• Multi-Factor Authentication (MFA): Implement MFA for all critical systems and applications.
• Security Awareness Platforms: Utilize security awareness platforms to deliver targeted training and track progress.
• Up-to-date Software: Ensure all software and systems are patched and updated regularly.

The Benefits of a Strong Cybersecurity Culture:

• Reduced risk of data breaches and cyberattacks.
• Improved employee awareness and vigilance.
• Enhanced reputation and customer trust.
• Increased productivity and efficiency.
• A more secure and resilient organisation.

Building a strong cybersecurity culture is an ongoing journey, not a destination. By prioritising education, communication, and a sense of shared responsibility, organisations can transform their employees into a powerful line of defence against cyber threats. It’s about fostering a “security-first” mindset that permeates every aspect of the organisation.

Click here to discuss cybersecurity training for your organisation.

The post Building a Fortress of Awareness: Cultivating a Strong Cybersecurity Culture first appeared on Paradyn.

In an increasingly connected world, data is an organisation’s most valuable asset. It can build a bigger picture of business operations, determine what’s working – and what’s not, and support more informed decision-making. However, many businesses are finding themselves under-resourced as the volume of data grows and technologies and cyber threats become ever more sophisticated. In this era of elevated cyber risk, how do we ensure that critical organisational data remains protected? Paradyn, one of Ireland’s leading cybersecurity service providers, is partnering with cybersecurity solution leader Sophos to deliver Managed Detection and Response (MDR) to Irish businesses.

Cyber criminals don’t work business hours

It’s no longer enough to rely on traditional preventative measures when it comes to cybersecurity. Cyber criminals don’t work normal business hours, and, in fact, will often attack at night or during holiday periods when defences and resources are typically reduced. What’s more, attackers are constantly evolving their techniques, making it challenging to keep up with the latest threats. Many businesses are also struggling with technology talent gaps and facing a shortage of skilled IT and cybersecurity experts within their in-house teams. The culmination of this is alert fatigue – where overwhelmed employees face a flood of alerts from security tools, many of which are false positives.

24/7 proactive monitoring

MDR is designed to provide round-the-clock cybersecurity, offering constant vigilance which most internal teams are unable to provide. Paradyn’s cybersecurity experts will provide rapid response and remediation in the event of a confirmed threat, minimising the impact of an attack and ensuring that business operations can continue uninterrupted. As well as ensuring that potential threats are immediately identified and addressed, outsourcing threat detection and response will help to lessen the burden on employees, reduce the risk of burnout, and free up resources to focus on critical tasks.

Peace of mind

The solution can also be integrated with existing cybersecurity tools and automate key cybersecurity processes, boosting efficiency and eliminating the risk of human error. It gives businesses peace of mind that their data is protected, safe in the knowledge that risks will be remediated before they can be exploited.

“Proactively protecting data has never been more important in a world where security risks are higher than ever”, said Cillian McCarthy, chief executive officer, Paradyn.

“We understand that every business is unique, and our Sophos MDR solution can be tailored to each organisation’s individual needs, alleviating IT managers’ pain points and improving the overall security posture of the business. The solution enables businesses to grow and innovate by simplifying security operations, reducing complexity, and improving the overall employee experience.”

By combining advanced technology with human expertise and local support, Paradyn’s Sophos MDR solution provides proactive, 24/7 protection, allowing IT managers to focus on driving strategic initiatives and innovation. Talk to our experts today to find out how MDR can support your business.

The post Managing cyber threats in a shifting business landscape first appeared on Paradyn.

Much of an organisation’ s cybersecurity knowledge revolves around SIEMs and SOCs, but modern developments mean that these ideas are becoming a thing of the past. Modern security offerings revolve around two main services. The first is security information and event management (SIEM) services, designed to detect threats before they hit a business. The second is security operations centres (SOCs), which are the human element of the process. They analyse, monitor, and detect threats while investigating and finding new threats.

Major organisations have been offering both, but there is always room for improvement, and modern vendors are changing their approach, which involves eliminating the SIEM entirely, said Fergal Meehan, chief commercial officer at Paradyn.

“They will continue to do endpoint protection, but it feeds into their own SOC,” he added. “They essentially have a data lake in the cloud where they can pull in all the endpoint information, and use their own SOC to decipher it. So, there’s no need for an actual SIEM on site.”

Vendors are eliminating some steps to provide a more efficient service. In Paradyn’s case, this type of approach can suit those in the Irish market for many reasons, as the vendor can take over the entire SOC service.

“With the SOC world, it suits because if you look at the Irish market, it’s very hard to put engineers on a desk 24/7 and operate on a follow-the-sun model,” explained Meehan.

“[We’re] positioning ourselves to actually lean on that service where a supplier like ourselves, they can go [and help the client directly]. From that, you’ve become familiar with the customers’ estate, their relationship with them, and access to their firewalls and other services, so you can make changes.

“Essentially, the whole SOC service, in a way, is outsourced to the vendor,” Meehan said.

This allows Paradyn to work with the people on the ground. While major vendors such as Sophos, Palo Alto and Cisco provide services, having that local connection is essential, so that you know you have someone to rely on when something happens.

The other development that is gaining a lot of love from customers and suppliers is the improving integration of managed detection and response (MDR) system

This is already under way with a select few vendors. Many big companies have had data analytics teams for many years and are leveraging them to provide SOC services to organisations. This will help reduce the friction between vendor and client and ensure the process between detection and action is quicker than ever.

Meehan uses the doctor’s clinic analogy to explain the relationship between an SIEM and a SOC, where the SIEM is a waiting room, and the SOC is the medical professional. Taking out the SIEM element speeds up the process, where the name of the game is to push towards a more proactive approach.

The other development that is gaining a lot of love from customers and suppliers is the improving integration of managed detection and response (MDR) systems. Meehan gives one example relating to its partner Sophos and how it carries out its MDR, where it now integrates with existing infrastructure.

One of the big pain points for organisations looking to upgrade their security posture is removing and adding new tools, which often means reconfiguration. One example of this is Sophos which layers its MDR on top of existing infrastructure and integrates it with existing endpoint protection.

“That gives seamless integration, so all the knowledge that’s built up with existing solutions remains in place for that customer,” he added. “There’s nothing to replace … and that maximises the value of the previous security investments that were made, and it avoids the [traditional] rip and replace.”

An organisation gets a unified view of its security posture without having to replace any products to accommodate the change.

The solution even integrates with any backup technology an organisation may have, allowing a Sophos MDR to watch SIEM backups. This is dedicated to making things as seamless as possible for organisations, so they don’t have to think about these things.

Meehan warns against the idea that traditional SOCs deliver exactly what customers expect when they sign up. With runbooks, customers find that what is agreed upon is quite limited overall in the event of an attack.

“It’s all well and good getting the SOCs in, but when you find out that you have a limited runbook and how to remediate it, it’s disappointing for the customer.”

“Look at the modern SOC approach, that works well, particularly in the Irish market. Especially with the integrations into your network environments, backup estates, multi-factor authentication, Microsoft estate and firewall.”

“It’s definitely the way forward, and hopefully this time next year… you’ll see a lot more talk around this type of approach to MDR.”

The post Taking out the ‘waiting room’ to speed up security process first appeared on Paradyn.

How to Spot a Phishing Email:

• Check the sender’s address carefully: Look closely at the email address of the sender. Phishers often use addresses that closely resemble legitimate ones, but with slight variations (e.g., “amason.co.uk” instead of “amazon.co.uk”).
• Be wary of urgent requests: Phishing emails often use urgent language to pressure you into clicking on links or opening attachments. Phrases like “Urgent Action Required,” “Your account is about to be suspended,” or “You have won a prize!” should raise red flags.
• Look for suspicious links: Hover your mouse over any links in the email without clicking on them. This will display the actual URL of the link in the status bar of your browser. If the URL looks suspicious or doesn’t match the displayed text, do not click on it.
• Be cautious of attachments: Avoid opening attachments from unknown senders, even if they appear to be from someone you know. Phishing emails often contain malicious attachments that can infect your computer with malware.
• Check for grammatical errors and typos: Phishing emails are often poorly written with grammatical errors and typos. Legitimate companies typically have professional marketing teams that carefully proofread their communications.

What to Do If You Suspect a Phishing Email:

• Do not click on any links or open any attachments.
• Do not reply to the email.
• Forward the email to your IT department or the appropriate security team.

Tips for Preventing Phishing Attacks:

• Keep your software updated: Ensure your operating system and antivirus software are up-to-date with the latest security patches.
• Be skeptical of unexpected emails: If you receive an unexpected email, even from someone you know, be cautious and verify its authenticity before taking any action.
• Use strong, unique passwords: Avoid using the same password for multiple accounts.
• Enable two-factor authentication: Two-factor authentication adds an extra layer of security by requiring two forms of identification before you can access your accounts.

Click here to discuss cybersecurity for your organisation.

The post Phishing 101: How to Spot and Avoid These Dangerous Emails first appeared on Paradyn.