Chapter 2. Threat Protection Strategies

The threat protection strategies we present here are solutions to the problems presented in Chapter 1. Remember that no security strategy is permanent, and regular reviews of your security posture are a must. The threat landscape continuously changes, and protection strategies must change with it.

Cyberthreats come in all forms. But they have one goal in mind: to invoke a malicious outcome for the end user or organization. Even if you decide to use outsourced services, you must still maintain vigilance in your local environment to ensure that endpoints (laptops, tablets, and phones) aren’t adding to the threat. Each of the solutions that follow has a place in an overall security strategy, and none can stand alone. What’s required is an integrated approach to your web application, corporate network, and individual security.

The Security Operations Center

The purpose of the security operations center (SOC) is to detect, protect, mitigate, train, monitor, and remediate when necessary. It is made up of a team of highly trained security analysts and system administrators who use their expertise and some very expensive security tools to keep a company’s data safe. Small to mid-sized companies face the same challenges as larger ones, but without large budgets to address them. These companies must do the best they can with what they have. Malicious actors know this and take advantage of it.

The SOC is a necessity at the large-enterprise level, ...