2025 Cybersecurity Guidebook Chapter 2:The importance of 24x7 security monitoring

Our Chief Information Security Officer, Anthony Cabral, sat down to discuss the importance of 24x7 security monitoring. The conversation has been lightly edited. You can read a summary below or watch the full video here: https://youtu.be/YOkAqiktXaM?si=GoU9gBP2d6muInfr

Trey: I am here with Anthony Cabral who is our Chief Information Security Officer. Anthony, can you touch on and share the importance of 24x7 security monitoring?

Anthony: Sure, So one of the first reasons we want 24x7, butts in seats, like actual people monitoring things and events going on because threat actors usually attack after business hours. Most dwell times are for days and days, and usually, they’ve done enough reconnaissance to understand how the firm operates and what the data is doing. It’s very simple when you get into someone’s network to ping it, get an IP address or your internet provider to understand what time it is.

Generally speaking, most firms are 8-6 and most of the folks are in bed by 10 or 11, you know, at least on a normal business day. The threat actors understand when business hours are and when the least amount of eyes are going to be on them. Most attacks happen after midnight and before 6 am, sometime within that time frame. It’s important to have someone or something monitoring those times when people aren’t active because that is when the majority of the attacks take place.

The other important part of 24x7 monitoring is that it is not just someone who is watching and alerting but something that can take action on an event when it happens. If you have a threat and it’s coming in, traversing your network, pinging, and running different commands. You should have tools in place and someone monitoring those tools that can see that and start isolating hosts, cutting off access, or shutting down services to stop the spread or later movement of that threat actor in your network. If you’re not actively monitoring it and you don’t actively have a path to start isolating or stopping network connectivity from taking actual action then it defeats the purpose.

To recap, 24x7, someone is able to stop whatever activities are going on. That’s important because threat actors know there’s not a lot of eyes on them after hours. At times when there are the least amount of eyes is when you want the most amount of security happening, because that’s when the threat actors are going to attack.

Trey: Sweet, thanks, Anthony! If you are interested in learning more about 24x7 security, we would love to help with that. Fill out this form to find out more:

Trey Hiller