• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Housing Technology Main Logo

Housing Technology

Housing | IT | Telecoms | Business | Ecology

  • Free Subscription
  • Contact
  • Home
  • Research
  • Magazine
  • Events
  • Awards
  • Recruitment
  • On Demand
Home / Free Subscriber Access / Spotting the signals of an impending cyber-breach

Spotting the signals of an impending cyber-breach

It’s hard to know what’s more challenging for housing providers these days – coping with the increase in the scale and complexity of cyber threats or managing the security tools to contain them and the noise they create.

From talking to Sophos’s numerous housing clients, it’s clear that their IT environments are as complex and dispersed as many other sectors. Users are now anywhere and everywhere. Physical assets such as endpoints, servers, wireless access points, switches and remote devices all need protection. Furthermore, many housing providers have resources in the public cloud as well as SaaS business applications such as Office 365.

Cyber telemetry

You’ve probably invested in multiple security tools to defend your environment, including endpoint and workload protection, firewalls, email security, cloud security, network detection and response and identity solutions. These products, as well as blocking already-known threats, also provide valuable signals – telemetry – to help detect, investigate and respond to today’s advanced human-led attacks.

What can analysts use this telemetry for? Endpoint alerts can highlight suspicious activity and malware. Firewall data can be used to look for intrusion attempts, and network telemetry can spot rogue users and unprotected devices. Cloud alerts can flag up unauthorised network access and efforts to steal confidential data, and email alerts can pinpoint initial entry points into the network. Finally, identity data-logs can reveal malicious network entry attempts and adversaries aiming to escalate privileges.

Each of these telemetry signals is useful on its own, but if you combine them, you can accelerate your detection and response.

Lack of security standards

Why hasn’t anyone been able to do this at scale so far? That’s because, although combining all this telemetry makes perfect sense, doing so is extremely difficult in practice. This is partly because there’s a complete lack of standardisation across the security sector concerning the format of the raw telemetry data. Security vendors use different alert reporting formats and severity levels for the same threats (you’ll be aware of this challenge if you’re currently using a SIEM tool). The inability to correlate this data effectively means housing providers’ IT teams often can’t identify issues quickly. What’s more, they are overwhelmed by alerts and unable to determine which ones belong together and where to prioritise.

If you’ve read my previous articles in Housing Technology, you’ll know that a growing number of housing providers are turning to our managed detection and response (MDR) service to support their IT teams and increase their cyber-security protection. Our MDR service provides the expertise of a remote group of cyber-security specialists to help you search for, analyse, monitor and neutralise threats that technology alone can’t prevent. Instead of reacting to a breach, these teams are proactive in detecting malicious behaviour that could remain undetected and cause a disruptive, costly and reputation-damaging cyber-attack.

Security event flows

One key element of the service is MDR’s ‘security event flow’. We collect all the telemetry from vendors’ tools, put it into our data lake so we can work with it and then put it through what we call our ‘detection pipeline’’. With the clean, correlated and clustered outcome, we create a case that the experts in our MDR operations team can investigate. This process makes what for others is a difficult task seem easy. Taking all those alerts and converting them into usable, prioritised insights enables us to secure our customers’ environments.

We typically process over 31 billion events daily, resulting in over 358 million detections. On the day our team pulled the data for this article, the MDR security event flow created 367 cases, of which 47 were escalated, and one active threat was detected and neutralised.

Faster responses

As these numbers demonstrate, trying to do this without event flow would be overwhelming for almost any housing provider. This solution is one of the reasons we can achieve an average MDR threat response time of 38 minutes, including detection, investigation and remediation. That’s around 10 times faster than even the quickest internal SOC team.

Cyber-security challenges will only become more complex, so adopting smarter ways of working are vital for keeping your organisation secure. That’s one of the reasons why more than 15,000 customers, including many housing providers, trust Sophos for managed detection and response.

Jonathan Lee is the director of public sector relations at Sophos.

See More On:

  • Vendor: Sophos
  • Topic: Infrastructure
  • Publication Date: 092 – March 2023
  • Type: Contributed Articles

Primary Sidebar

Most Recent Articles

  • Artificial intelligence in housing
  • Mobysoft – Data problems affecting complaints’ handling
  • Data, AI and private-sector strategies
  • Smart repairs & smarter homes
  • From firewalls to fortresses
  • Achieving three quick wins in AI
  • Rebuilding Selwood Housing’s IT infrastructure
  • Are you ready for organisational AI?
  • PIMSS releases AI Document Reader for compliance
  • Calico Homes cuts arrears with RentSense
  • FourNet launches digital transformation index
  • New income recovery software from Voicescape
  • Asprey Assets at YMCA
  • I love spreadsheets…
  • All watched over by machines of loving grace – AI assistants and adult social care
  • The rent revolution – The case for AI-powered payments
  • Unlocking safer living through data
  • Aareon acquires MIS ActiveH
  • Vericon launches MouldSense
  • Back to the future at Housing Technology 2025
  • FireAngel wins Which? Award
  • Maximising income and preventing homelessness
  • Anchoring digital innovation with Plentific
  • Cynon Taf Community Housing gets Housing Insight’s Arrears Manager
  • Tenants, AI & your biggest compliance risk
  • EDITOR’S NOTES – Data, standards & straight-through processing
  • AI as a social housing expert
  • South Yorkshire Housing halves arrears with Mobysoft
  • Bromford Flagship wins Aico’s smart-home competition
  • Putting VIVID’s customers in control of their tenancies

Footer

Housing Technology Main Logo
  • Instagram
  • LinkedIn
  • YouTube
  • Contact
  • Free Subscription
  • Book an event
  • Research
  • Update Your Subscription
  • Privacy Policy

Welcome to the housing Technology – Trusted Information For Business Professionals in HOusing

Housing Technology is the leading technology information service for the UK housing sector and local governments. We have always believed in the fundamental importance of how the UK’s social housing providers use technology to improve their tenants’ lives.

Subscribe to Housing Technology to gain market-leading research, unsurpassed peer networking opportunities and a greater understanding of your role to transform your business.

Copyright © The Intelligent Business Company 2025 | Terms and Conditions | Privacy Policy
Housing Technology is published by the The Intelligent Business Company. A company with limited liability. Registered in England No. 4958057 | Vat Registion No. 833 0069 55.

Registered Business Address: Hoppingwood Farm, Robin Hood Way, London, SW20 0AB | Telephone: +44 (0) 20 8336 2293