The Blind Spot in Your Cybersecurity Monitoring Strategy

Steven Freidkin, CEO of Ntiva, breaks down Biden’s new cybersecurity bill and explains what this means for businesses. He advises on how an organisation can review your vendors’ risk assessments, check for potential security gaps in your supply chain, and review your vendors’ monitoring and compliance while ensuring contract terms are in place to facilitate sharing threat information.

Cybersecurity monitoring tools have certainly reduced incidents, but blind spots still exist. Matt Holland, CTO & co-founder at seedata.io, looks at how organisations can identify those blindspots and monitor them effectively




Organisations are spending $120bn collectively on cybersecurity this year alone, a figure that is increasing 10% YoY. There are new solutions coming to market all the time, and a constant stream of new vendors joining the fray to ‘solve’ the cybersecurity problems faced by enterprises all over the world. We’ve never had it so good!

And yet, we still see the frequency and scale of attacks rising, and the financial and operational impact of these incidents increasing. We know it’s a battle of attrition and things would far worse if we weren’t making the efforts we do, but we’d be negligent if we didn’t ask ourselves occasionally, “are we doing this right?”.

We create inventories of our assets. We assess risks, identify threats and address vulnerabilities. We develop applications that are secure by design, and we embrace bug bounty reports. Every year we consider if the tools, processes and people we are using to implement our strategy are optimal, and we potentially an apple for an orange here and there. Einstein said “The definition of insanity is doing the same thing over and over again and expecting different results.” and so I ask, “are we doing this right?”

I can’t offer you a universal epiphany that the whole cybersecurity industry will get behind (sorry), but there is one area I will point my figure at and suggest that we are philosophically missing a trick; that of monitoring.


Are we monitoring right? 

I’m not faulting the tools or processes that in place today, mostly doing a good job of what we have asked them to do. I’m not here to pitch vendor against vendor, but rather to challenge a basic principle upon which our industry has spent billions of dollars. You see, cybersecurity monitoring as we do it now, is flawed, and we have created a false dependency that it can never live up to.

We collect events from all over our environment and our various supplier platforms. We correlate them against signatures, patterns and run them through AI algorithms, to look for indicators of compromise or other flags of suspicious activity. Any day when our SOC screens are a healthy hue of green is considered a victory, and we proclaim ourselves to be secure

But we’re not! This is the lie of monitoring. The only fact those beautiful dashboards are really able to impart is that they didn’t find anything. 



Read More: Cybersecurity on Top Business Tech



Stay with me here… Security monitoring is effectively a form of model-based testing; it aims to validate the operations of a system from a behavioural point of view, i.e., to ensure it conforms to the expected functional outcomes. It requires that the system under observation is checked according to predetermined and expected behaviour under specific circumstances. 

So, security monitoring is a form of testing. As any software engineer worth their salt will tell you, testing can detect the presence of errors but not the absence of errors. We are straying into philosophical questions of proof versus evidence, but what I’m trying to say is that just because your SOC didn’t find any incidents doesn’t mean you haven’t had any.


It’s not if, but when

Next, I’m going overlay another true-ism; in cybersecurity, it’s not if, but when. We accept and operate on the basis that an incident will happen to us, and we must be prepared. We spend hours practising disaster recovery procedures and in crisis rehearsals. And with good reason when you look at the stats in various yearly breach reports

And so, to the punchline. If we accept an incident will happen in the future, and we accept that monitoring is only good at telling you what it ‘has’ found, then we must equally accept that it’s every bit as likely that you’ve had an incident in the past and you don’t know about it yet. Potentially, several incidents.


seedata.io can tell if an attack has already happened…even if your SOC didn’t spot it.”


We can all try and comfort ourselves by saying that our various monitoring tools have reduced the margins in which an incident could hide to an almost minute risk, but again, that logic only holds up if you believe that you know the full potential width of that margin. If we knew everything that we weren’t able to monitor, we would surely start monitoring it. It’s Donald Rumsfeld staring at a Johari window of “unknown unknowns”.

Not wishing to leave you with sleepless nights, I will describe the beginnings of a solution, and share how my company, seedata.io aims to address this blind spot. We believe that the placement and monitoring of trackable data will provide a richer and more complete monitoring strategy, by including post-attack telemetry. Your SOC can tell you when an attack is underway and help you prevent it, and seedata.io can tell if an attack has already happened and data has left your control, even if your SOC didn’t spot it.

If this sounds interesting, come talk to us, on info@seedata.io 


Matt Holland

Matt Holland is a cybersecurity professional with extensive experience in designing, implementing and managing cybersecurity solutions in complex business environments. Matt is CTO & co-founder at seedata.io, a SaaS platform that reduces the time it takes to detect cybersecurity breaches by seeding data with trackable records.

Is It Time for a VMware Alternative?

Wind River • 22nd May 2025

Companies have options when it comes to replacing VMware as their cloud platform, to address rising costs, support concerns, and a shrinking partner ecosystem. If you are ready to contemplate a different vendor, here are five reasons why Wind River Cloud Platform should be on your short list of VMware alternatives.

AI Leads as VivaTech Unveils Top 100 Startups

Viva Technology • 14th May 2025

Viva Technology has unveiled the first edition of its “Top 100 Rising European Startups for 2025,” spotlighting the most promising young companies shaping Europe’s tech future. Germany, France, and the UK lead the ranking, which highlights high-growth startups across 13 countries. Artificial intelligence dominates the list, with 15 companies spanning AI agents, models, and infrastructure....

Birmingham Unveils the UK’s Best Emerging HealthTech Advances

Kosta Mavroulakis • 03rd April 2025

The National HealthTech Series hosted its latest event in Birmingham this month, showcasing innovative startups driving advanced health technology, including AI-assisted diagnostics, wearable devices and revolutionary educational tools for healthcare professionals. Health stakeholders drawn from the NHS, universities, industry and front-line patient care met with new and emerging businesses to define the future trajectory of...

Why DEIB is Imperative to Tech’s Future

Hadas Almog from AppsFlyer • 17th March 2025

We’ve been seeing Diversity, Equity, Inclusion, and Belonging (DEIB) initiatives being cut time and time again throughout the tech industry. DEIB dedicated roles have been eliminated, employee resource groups have lost funding, and initiatives once considered crucial have been deprioritised in favour of “more immediate business needs.” The justification for these cuts is often the...

The need to eradicate platform dependence

Sue Azari • 10th March 2025

The advertising industry is undergoing a seismic shift. Connected TV (CTV), Retail Media Networks (RMNs), and omnichannel strategies are rapidly redefining how brands engage with consumers. As digital privacy regulations evolve and platform dynamics shift, advertisers must recognise a fundamental truth. You cannot build a sustainable business on borrowed ground. The recent uncertainty surrounding TikTok...

The need to clean data for effective insight

David Sheldrake • 05th March 2025

There is more data today than ever before. In fact, the total amount of data created, captured, copied, and consumed globally has now reached an incredible 149 zettabytes. The growth of the big mountain is not expected to slow down, either, with it expected to reach almost 400 zettabytes within the next three years. Whilst...