How Protected Are You?

There is a strong industry focus right now on detection and response.

EDR. XDR. SOC. MDR.

All important. All necessary.

But in many organisations, the pendulum has swung too far.

Investment is flowing into monitoring and alerting while a more fundamental question is left unasked:

What are you actually protecting?

Detection is critical. It is not the starting point.

Every organisation depends on something.

It might be:

• Critical operational systems
• Retail terminals and payment platforms
• Event ticketing infrastructure
• Wireless networks across a campus
• Identity and authentication platforms that tie everything together

If one of those systems fails, what happens?

How well do you understand how services and applications connect across your network?
Where are the dependencies?
How does critical data move through your environment?
What is the operational impact if a single component goes offline?

Cybersecurity does not sit apart from architecture.

Protection begins with a clear understanding of what keeps the business running.

Protection Is Broader Than Cybersecurity

Protection is not just about blocking attackers.

It is about operational resilience.

• Are platforms within lifecycle?
• Are they patched and supported?
• Does the resilience of each system reflect its business importance?
• When was failover last tested?
• Do both internet services terminate on the same device?

These details are rarely visible day to day. They only become visible under stress.

Many outages and security incidents stem from overlooked architecture, ageing infrastructure, or untested assumptions.

Protection is architectural discipline applied consistently over time.

Build Strong Foundations First

Security controls perform better when the foundations are sound.

Penetration testing is valuable. Red teaming has its place. But before simulating an attacker, the basics should be solid:

Lock the front door.
Hide the keys.
Train the team.
Patch the systems.
Segment the network.

Then test.

And treat testing as a cycle:

1. Test

2. Remediate

3. Re test

4. Improve

Security is not an annual compliance activity. It is an operational practice.

Detection and Response Must Be Fit for Purpose

Incidents can still occur in well designed environments.

Detection and response capabilities are essential.

But not all SOC services deliver meaningful outcomes.

Monitoring that generates noise without clarity.
Alerts without context.
Escalations without ownership.
Reports without measurable reduction in risk.

Detection and response must be:

• Aligned to the environment
• Tuned to the organisation’s risk profile
• Backed by experienced analysts
• Clear on accountability when something happens

It should strengthen protection, not create the illusion of it.

Detection complements protection. It does not replace it.

Protect What You Depend On

Cybersecurity is not just about stopping attackers.

It is about protecting the systems, services and data an organisation relies on every day.

When protection, resilience and security controls are aligned to business dependency, detection and response become far more effective.

If there is uncertainty around true dependencies, architectural resilience, or whether protection matches business importance, that is the place to start.

Before detection and response, there must be protection.