Advanced Threat Management Tools Empower Lean Security Teams

Monarch’s Defensive and Offensive Security Strategy

Monarch works with multiple vendors to support its thorough, in-depth threat management, including Expel, CrowdStrike and Sumo Logic. Its threat management infrastructure includes an endpoint detection and response (EDR) solution that examines devices, servers and other endpoints; a managed detection and response (MDR) tool to monitor, detect and respond to cyberattacks in real time; and a security information and event management (SIEM) solution that gathers log information and correlates intelligence from the security tools and other sources to provide alerts for Burkholder’s team.

“Our approach to threat management is risk-based and holistic,” says Burkholder. “We look at security from both a defensive and offensive perspective. This allows us to see our capabilities objectively and assess threats based on the true risk that they pose to our platform, our members, our business and our employees.”

The MDR solution is key for Burkholder’s three-person team. With the rapid velocity and volume of today’s cyberattacks — now fueled by artificial intelligence — security teams must be always ready to identify and respond to threats in real-time.

“We partner with our MDR provider for round-the-clock coverage, but we also provide coverage and response on our own as well,” says Burkholder. “And we tie those key alerting, monitoring and response capabilities into the rest of our strategy, which includes attack surface management, application security and offensive security. Each of these capabilities feeds the others so we can tackle threats from every angle.”

WATCH: Agentic AI introduces new security concerns around identity and access management.

Despite its multiple layers of security, Monarch does not rely passively on its threat management infrastructure. Burkholder’s team works in sync with the security tools, observing, learning and improving to stay ahead of the evolving threats the company faces. This has allowed his small staff to accomplish a great deal.

“There’s so much we’ve been able to do through our technical and strategic initiatives with so few people,” he explains. “The integrations and the architecture we’ve put into place, including our people and processes, allow us to grow our abilities and be even more proactive as the threat landscape shifts and grows. We continue to identify risks and reduce our attack surface.”

In relying on its threat management infrastructure to safeguard valuable customer data, the company assesses the return on its security investment through continuous validation, Burkholder says: “Our team constantly challenges that tooling with offensive security tactics representing real-world activities to ensure that it is effective. We review it regularly, asking, is this continuing to help us achieve our security and business objectives?”

Security Platforms vs. Point Solutions

Monarch’s use of multiple vendors for comprehensive threat management contrasts with current security market trends: More companies are opting for a unified threat management approach, with a single UTM provider’s security “platform” providing most or all of a business’s needs.

“Small and medium businesses increasingly pivot toward UTM boxes because separate firewalls, intrusion prevention and content filters strain limited budgets and staff,” says Himanshu Sekhar Guru, a lead analyst with Mordor Intelligence. “In fact, 43% of SMBs faced attacks in 2024, yet many run with lean IT teams. An all-in-one unit trims capital outlay and day-to-day management while still meeting regulatory basics.”

One of the primary challenges that smaller IT teams face is security tool overload and alert fatigue, he says. Cyberattacks have become so persistent that manually reviewing and responding to every triggered alert is no longer realistic. Small businesses are seeking simpler, consolidated approaches to managing threats.

Monarch’s choice to utilize a set of hand-selected providers instead of a single vendor “gives us the ability to select solutions based on Monarch’s specific needs while ensuring that the solutions we select are best of breed,” Burkholder says. “Every vendor has been thoroughly evaluated against similar solutions to ensure that it is the best choice for our organization Second, the flexibility we get from not being tied to a single vendor allows us to utilizea continuous validation approach, ensuring that we are continually getting the most out of our tooling and partnerships.”

Home City Ice Safeguarded by Security Fabric

Home City Ice manufactures and distributes high-quality ice to convenience stores and other Midwestern businesses from its headquarters in Cincinnati. Family-owned and steeped in tradition, HCI has been a Fortinet customer for many years. “When you stick within an ecosystem, things work really well together,” says Stuart Carlisle, HCI’s IT network engineer. “We started with FortiGate next-generation firewalls and expanded from there. Now we run the Fortinet Security Fabric itself. All the tools are connected and talk to each other.”

In addition to FortiGate next-gen firewalls, HCI funs FortiGuard anti-virus, FortiMail, FortiAnalyzer, FortiEDR and Fortinet MDR as part of its security architecture.

“Our SIEM takes logs from our Fortinet products, from Microsoft Active Directory and from across our network,” says Carlisle. “It then correlates activity and responds to threats as they emerge.”

Carlisle especially values the Fortinet SIEM watch list feature. When the SIEM sees an anomaly come into the network from an external source and determines it to be a potential threat — especially from an external network — it puts it in a watch list.

“I take that watch list and subscribe it to our FortiGate,” he says. “It then automatically blocks these potential threats right away. As soon as the SIEM sees it, they're blocked.”

Meanwhile, their MDR tool provides peace of mind and frees up time for them to work on other mission-critical projects.

“I look at it this way,” Carlisle says. “If a threat comes in and hits a machine during regular operating hours, I expect our team to catch it. MDR is there for when we aren’t available to react as quickly.”

BPG Designs’ Big Shift to Comprehensive Threat Management

BPG, a utility and telecommunications contractor in Tempe, Ariz., specializes in designing, building and maintaining underground utility infrastructure, including fiber-optic cable. The company made a huge shift in response to COVID, taking its 165 employees out of the office to work remotely. This had major implications on its approach to cyberthreat management.

“We shifted on everything — endpoint security, network security and identity management,” says IT Manager Don Thortenson. “We aren’t quite big enough for CrowdStrike’s Falcon Complete, but we use Falcon Insight for EDR, Falcon Prevent for anti-virus and Falcon Overwatch for SIEM. For authentication, we settled on Cisco Duo tied to Microsoft Azure. And for network security, we use Zscaler.”

Early on, having staff work remotely created some interesting security challenges because much of BPG’s server infrastructure was on-premises. The new security architecture had to allow remote workers access to the network from outside the company’s security walls.

While challenging, this overhaul of its approach to threat management delivered all sorts of value to the company.

“We spend much less time actively searching and scanning, tracking down logs and connecting the dots on threats,” he says. “We do less testing now. It’s given us at least 10% more time back on our calendars. And being remote, we can retain better IT talent.”

In addition to generally lowering BPG’s security costs, the move to CrowdStrike for threat management helps Thortenson deliver a frictionless, secure experience for the company’s workers.

“Our goal is to deliver quiet, invisible security,” says Thortenson. “We want to keep it in the background, effectively protecting us from bad actors while not keeping our staff from getting their jobs done.”