The Blind Spot in Your Cybersecurity Monitoring Strategy

Steven Freidkin, CEO of Ntiva, breaks down Biden’s new cybersecurity bill and explains what this means for businesses. He advises on how an organisation can review your vendors’ risk assessments, check for potential security gaps in your supply chain, and review your vendors’ monitoring and compliance while ensuring contract terms are in place to facilitate sharing threat information.

Cybersecurity monitoring tools have certainly reduced incidents, but blind spots still exist. Matt Holland, CTO & co-founder at, looks at how organisations can identify those blindspots and monitor them effectively

Organisations are spending $120bn collectively on cybersecurity this year alone, a figure that is increasing 10% YoY. There are new solutions coming to market all the time, and a constant stream of new vendors joining the fray to ‘solve’ the cybersecurity problems faced by enterprises all over the world. We’ve never had it so good!

And yet, we still see the frequency and scale of attacks rising, and the financial and operational impact of these incidents increasing. We know it’s a battle of attrition and things would far worse if we weren’t making the efforts we do, but we’d be negligent if we didn’t ask ourselves occasionally, “are we doing this right?”.

We create inventories of our assets. We assess risks, identify threats and address vulnerabilities. We develop applications that are secure by design, and we embrace bug bounty reports. Every year we consider if the tools, processes and people we are using to implement our strategy are optimal, and we potentially an apple for an orange here and there. Einstein said “The definition of insanity is doing the same thing over and over again and expecting different results.” and so I ask, “are we doing this right?”

I can’t offer you a universal epiphany that the whole cybersecurity industry will get behind (sorry), but there is one area I will point my figure at and suggest that we are philosophically missing a trick; that of monitoring.

Are we monitoring right? 

I’m not faulting the tools or processes that in place today, mostly doing a good job of what we have asked them to do. I’m not here to pitch vendor against vendor, but rather to challenge a basic principle upon which our industry has spent billions of dollars. You see, cybersecurity monitoring as we do it now, is flawed, and we have created a false dependency that it can never live up to.

We collect events from all over our environment and our various supplier platforms. We correlate them against signatures, patterns and run them through AI algorithms, to look for indicators of compromise or other flags of suspicious activity. Any day when our SOC screens are a healthy hue of green is considered a victory, and we proclaim ourselves to be secure

But we’re not! This is the lie of monitoring. The only fact those beautiful dashboards are really able to impart is that they didn’t find anything. 

Read More: Cybersecurity on Top Business Tech

Stay with me here… Security monitoring is effectively a form of model-based testing; it aims to validate the operations of a system from a behavioural point of view, i.e., to ensure it conforms to the expected functional outcomes. It requires that the system under observation is checked according to predetermined and expected behaviour under specific circumstances. 

So, security monitoring is a form of testing. As any software engineer worth their salt will tell you, testing can detect the presence of errors but not the absence of errors. We are straying into philosophical questions of proof versus evidence, but what I’m trying to say is that just because your SOC didn’t find any incidents doesn’t mean you haven’t had any.

It’s not if, but when

Next, I’m going overlay another true-ism; in cybersecurity, it’s not if, but when. We accept and operate on the basis that an incident will happen to us, and we must be prepared. We spend hours practising disaster recovery procedures and in crisis rehearsals. And with good reason when you look at the stats in various yearly breach reports

And so, to the punchline. If we accept an incident will happen in the future, and we accept that monitoring is only good at telling you what it ‘has’ found, then we must equally accept that it’s every bit as likely that you’ve had an incident in the past and you don’t know about it yet. Potentially, several incidents. can tell if an attack has already happened…even if your SOC didn’t spot it.”

We can all try and comfort ourselves by saying that our various monitoring tools have reduced the margins in which an incident could hide to an almost minute risk, but again, that logic only holds up if you believe that you know the full potential width of that margin. If we knew everything that we weren’t able to monitor, we would surely start monitoring it. It’s Donald Rumsfeld staring at a Johari window of “unknown unknowns”.

Not wishing to leave you with sleepless nights, I will describe the beginnings of a solution, and share how my company, aims to address this blind spot. We believe that the placement and monitoring of trackable data will provide a richer and more complete monitoring strategy, by including post-attack telemetry. Your SOC can tell you when an attack is underway and help you prevent it, and can tell if an attack has already happened and data has left your control, even if your SOC didn’t spot it.

If this sounds interesting, come talk to us, on [email protected] 

An image of Cybersecurity, Cyber Security, The Blind Spot in Your Cybersecurity Monitoring Strategy

Matt Holland

Matt Holland is a cybersecurity professional with extensive experience in designing, implementing and managing cybersecurity solutions in complex business environments. Matt is CTO & co-founder at, a SaaS platform that reduces the time it takes to detect cybersecurity breaches by seeding data with trackable records.

Hacking Cyber Security’s battle for workers

Andrew Marsh • 30th September 2022

Cyber attacks are increasing exponentially, cyber professionals are quitting, and ultimately, no one is replacing them. Worldwide, the cyber workforce shortfall is approximately 3.5 million people. We have a mountain to climb. While there are rising numbers of people with security degrees and qualifications, this falls way short of industry demand.

Getac becomes British Touring Car Championship official technology partner

Chris Gibbs • 29th September 2022

In competitive motorsports, the smallest detail can be the difference between winning and losing. Getac is the official technology partner to the British Touring Car Championships (BTCC) helping it achieve its digital transformation goals, putting a wealth of information at the fingertips of both race officials and teams alike, and helping deliver incredibly exciting racing.

The Time is Now for Digital Transformation

Paul Waddilove • 29th September 2022

According to a McKinsey research report, 70% of enterprises that had taken on digital transformation reported in 2020 that their momentum had stalled. It is worth understanding the reasons–culture or scale for example–causing the slowdown as the payoffs from digital transformation can be impressive. It can lead to more efficient operations, with enterprises enjoying autonomy...

Addressing the environmental impact of the data centre

David Watkins • 29th September 2022

David Watkins, solutions director at VIRTUS Data Centres , share how you may have seen the recent news that Thames Water has launched a probe into the impact of data centres on water supplies in and around London, as it imposed a hosepipe ban on its 15 million customers in a drought-hit area. Ensuring that...

How Can Businesses Ensure Efficient Management of COSU Devices

Nadav Avni • 29th September 2022

Nadav Avni, Chief Marketing Officer at Radix Technologies, shares how when it comes to speeding up queues and providing instant information, nothing beats corporate-owned, single-use (COSU) devices. When put in kiosk mode, these devices become efficient digital assistants that collect and share information.

The Cloud – Debunking the Myth

Guy Parry Williams • 26th September 2022

Mid-sized businesses are head down, wrestling with constantly evolving operational challenges, from skills shortages to supply chain delays and raging inflation. Management teams lack the time and often confidence to explore technology innovation and, as a result, too many companies are missing vital opportunities to cut costs, boost efficiency and reach new customers.