Partner with an MSSP or Grow an In-House Security Team: What s Right For Your Business?

Transcription

1 Partner with an MSSP or Grow an In-House Security Team: What s Right For Your Business?

2 Partner with an MSSP or Grow an In-House Security Team: What s Right For Your Business? Your business is more vulnerable than ever to cyberattacks. The notion that only large enterprises and government agencies are targets for hackers and adversaries has been shattered by the increasing volume, velocity and complexity of cyberattacks challenging businesses of all sizes. In fact, hackers have breached half of the 28 million small businesses in the U.S., according to the 2016 State of SMB Cybersecurity Report. While large enterprises budget significantly for cybersecurity, small and medium-sized enterprises (SMEs) aren t spending enough to protect their systems, data, infrastructure and people either because they lack sufficient budget or because many believe that they aren t a likely target. But security experts say it is this lack of concern and focus that makes SMEs attractive and vulnerable to hackers. They assume your business may have an internal security guy or small team struggling to keep up with security alerts and a sophisticated threat landscape. Meanwhile, you may have a security solution in place that is rendered ineffective because no one has time to manage it and your CEO is asking tough questions about security compliance and regulations. Before deciding how to address these challenges you must ask yourself, Do I want to be in the business of building a Security Operations Center and dedicating the budget and resources to everything that entails? If the answer is no or I m not sure, then the time is now to assess how much cyber security protection can come from your existing internal staff, processes, and technology and when it makes sense to use a Managed Security Service Provider (MSSP). If the answer is yes or I think so, then please continue reading this e-book to ensure you have thought of everything as you undertake this endeavor. This e-book will detail: Key cyber security challenges CISOs and CIOs face today The costs and limitations of relying solely or predominantly on internal IT security resources and trying to build a Security Operations Center (SOC). The costs and benefits of a managed security services approach The benefits and capabilities of the ThreatManage solution SLAIT Consulting 1

3 Key CIO/CISO Cybersecurity Challenges When it comes to cyber security challenges that security and risk management leaders face today, Gartner noted: Organizations are looking to improve real-time threat detection and response capabilities; however, they often struggle to invest limited resources in the required people, processes and technology. While businesses chase the latest and greatest cyber security tools and products, the challenge today is not a product problem. It s a people problem. Today s IT security leader faces an ongoing struggle to hire skilled cyber professionals. And if that IT security leader can even find budget to hire them, good luck trying to keep them on board. The people problem is just one of several challenges that business security leaders face today. Others include: Inability to monitor and identify real threats 24/7 The average enterprise generates nearly 2.7 billion actions from its security tools per month. A tiny fraction of these are actual threats less than one in one million. At the same time, research provided by Ponemon Institute estimates organizations waste an average of $1.27 million every year responding to the noise of false alerts. Bottom line: businesses ignore security alerts because they get so many and ultimately find them useless. Lack of security hygiene Your business has invested in several security tools, but now what? Have you over-invested in firewalls and under-invested in endpoint protection? If so, what is the right balance for all of these tools? How can you maximize these investments? Preparing for compliance and regulatory audits Compliance and regulatory requirements are constantly evolving, making it difficult for businesses to navigate PCI, HIPAA, FERPA, FFEIC, as well as local, state, federal and global regulations in a timely and effective manner. Given these security challenges and countless others you may find yourself at a crossroads on whether to continue to build up your internal security operations or look to outside resources. To make an informed decision, it is critical to compare the direct and indirect costs of building or growing in-house security operations versus using a managed security service, as well as benefits and limitations of each approach. SLAIT Consulting 2

4 In-House Security Direct Costs Internal Security Staff: Building a 24x7 security operations center requires a minimum of five full-time employees. Gartner research advises a staff of eight for a larger organization. This ebook is focused on staffing a mid-sized business, so we will use a staff count of five for our purposes. The average U.S. base salary for an IT security administrator who works in a security operations center, often referred to as a SOC analyst, is over $80,000 according to salary.com. This means the direct cost associated with base salaries alone is approximately $400,000. Of course, that s just one piece of the cost structure. Most conservative financial estimates put incremental staff-related costs at a minimum of 50 percent of salary to accommodate such costs as taxes, benefits, and training. Also included are other overhead costs such as office space, utilities, laptops, and mobile phones. That bumps up your annual direct staff investment to at least $600,000 for an average sized enterprise. Investigation/Planning: As you build a qualified team of internal security professionals, you also begin the process of evaluation and testing of tools and technology. This process is typically not the domain of your security administrators and generally requires input from your CISO and/or lead security professionals adding to the overall staff costs identified above. The evaluation process can easily span six to twelve months to select technology, train your staff, and develop a plan for integrating new tools and technology into your existing infrastructure. You are then locked into that technology, even if the employee who selected it leaves the company. The additional costs associated with this process are likely to exceed $50,000 in labor, whether conducted by internal staff or an experienced outside consulting group. They also cause lost time that could have been spent on additional IT or security initiatives. Infrastructure Costs: Security solutions range from an annual subscription of $20,000 to $200,000 depending on the level of sophistication you choose to implement. If you choose to deploy network-based sensors or endpoint sensors that provide increased visibility, those costs could continue to rise. Capital outlay to support this additional infrastructure can range from $20,000 to $100,000 for servers, storage, and network devices with an additional 20% added on the bill for annual maintenance. SLAIT Consulting 3

5 Build, Use, Operate: When it comes time to build, use and operate your Security Operations Center, ongoing logging and monitoring need to be considered. Purchasing a Security Information and Event Management Product (SIEM) for this purpose requires significant expertise. Without the right skillset in-house to maintain and manage the SIEM, proper use cases are not developed and true value will not be realized from your investment. SIEM products vary, but the important investment isn t in the technology, but in the expertise in maintaining and managing it. A properly deployed SIEM will capture data from diverse sources including: directory services server logs DNS/DHCP logs perimeter security logs database logs endpoint protection and detection agents a myriad of other sources All of these data points will need to be captured and analyzed to guard against future threats. Other considerations include integration of tools and processes- a never ending process. Conditions are constantly changing as new versions of operating systems for servers and myriad devices are released, patches are issued, new malware is developed and version control is needed. If you have half of a qualified FTE assigned to this function, this portion of their annual costs could exceed $40,000. SLAIT Consulting 4

6 In-House Security Indirect Costs Staff Retention: As you consider the cost of developing an internal security operations center, the ability to attract and retain highly sought after cybersecurity talent must be top of mind. The talent shortage is well documented, with Cisco reporting the global figure at one million cybersecurity job openings. Consider the following: More than 209,000 cybersecurity jobs in the U.S. are unfilled, and postings are up 74% over the past five years. Demand is expected to rise to 6 million globally by 2019, with a projected shortfall of 1.5 million. If you choose to compete for these highly sought after resources, you must consider how you will retain your staff. Cybersecurity talent is hard to find and even harder to keep. Recruiters aggressively seek staff with more than one year of experience and flood them with more lucrative offers. When a staff member leaves, you lose the training and recruiting investment and may be committed to subpar or complicated tools and technology that person selected. Many CIOs tell us that no one knows how to use the tools that the previous staff member purchased and there is no value gained from the investment. Focus on the Organization s Core Mission: When using in-house resources to provide security, you take IT staff away from developing critical business functionality that both builds the core to your business and contributes to the profitability of your organization. Two of the top reasons to outsource identified in the Forrester survey are Improved Quality of Protection and Greater Competency. SLAIT has built a business around delivering the highest-value security solutions, process, and talent. SLAIT Consulting 5

7 Managed Security Service Security and risk managers are increasingly moving past common misperceptions about managed security services, notably that partnering with a MSSP requires giving up control of security operations. The reality is that a MSSP augments the in-house team, freeing them from the time-consuming burden of 24/7 security alert monitoring. Moving beyond the misperceptions, MSSPs can deliver several key benefits relative to businesses that only rely on in-house security staff: SLAIT Consulting 6

8 Cost Benefits A managed service provider experiences similar staff expenses, however the costs are spread across multiple clients. Therefore, as an MSSP, the ThreatManage SOC cost-per-client is a small fraction of the total staffing cost that one would need to build a complete in-house security team. Expertise A managed service will expertly staff an experienced security engineering team. This team constantly evaluates and tests new technology to improve clients cybersecurity posture and surface actionable alarms. ThreatManage services are designed and vetted by time-tested industry experts from Fortune 100 corporations and the Federal Government. The Latest Technology By consolidating purchasing power, a managed service provider is able to provide the latest and best technology for the needs of their customers, which otherwise might be unattainable for businesses with small or overworked security teams. The ThreatManage infrastructure has been tested and configured to meet each of our client s precise needs. Every client receives an appliance pre-integrated with hardware and software that works in union and communicates with SLAIT s SOC. Because ThreatManage is delivered as-a-service, the appliances are fully managed and yield significant cost savings. With ThreatManage, our library of existing integration scripts as well as our devoted experts will dramatically reduce monitoring costs. Cross-Training and Retention SLAIT s SOC analysts are kept at a competitive salary, are required to complete extensive and ongoing training, and are offered growth opportunities. The ThreatManage shared resources model means that we can offer the benefits needed to retain, train, and optimize top talent. If a staff member does leave they are not the only one with the expertise needed to keep operations at optimal efficiency. Each member of our staff will become a senior incident response engineer highly sought after as an expert in the cybersecurity field. SLAIT has built a business around delivering the highest-value security solutions, process, and talent. With ThreatManage your organization reaps the tangible benefits of improved protection while operating with greater competency and effectiveness. SLAIT Consulting 7

9 The ThreatManage Advantage As IT budgets continue to be scrutinized, small and large organizations looking to maximize the value of their investments are discovering the benefits of managed services models for security functions. While many providers claim to offer managed security services, very few of them prioritize it as a full-fledged practice and even fewer have the resources and experience required to provide true value. Bottom line: Not all MSSPs are created equal. As you perform your analysis of whether to build out a SOC or leverage a managed security service, one overriding consideration will be your time to protection and time to value. SLAIT rapidly delivers best-in-class technology with a top-notch staff of qualified professionals that deliver actionable results. With ongoing investments in process, controls, and the ThreatManage Security Operations Center (SOC), SLAIT alleviates the need for you to invest in on-premise data centers and network monitoring facilities. Your MSSP should also alleviate the need for you to decipher a long list of reports without additional information. You should determine if the MSSP is fully managing the security service on your behalf (sending clear incident reports and eliminating the non-stop data noise, managing security events and putting actionable data in your hands) or simply sending you a bunch of alerts to decipher. While the latter may be cheaper, they don t solve your problem and could cost you far more down the line if or more likely when hackers slip through. With ThreatManage you tap into the benefits of a managed security solution: Access to a topnotch team of cyber security experts Shorter time to value Superior protection with best of breed solutions Increased response to alerts Improved cybersecurity competency 24x7x365 fully staffed SOC Lower capital, overhead and staffing costs Subscription vs Ownership (Opex vs Capex) However, the advantages of ThreatManage extend past the benefits of simply managed security solutions. ThreatManage is high-touch to ensure you get the help you need when you need it, from people you are familiar with rather than a new voice every time you pick up the phone. ThreatManage has six essential capabilities that set the service apart: SIEM & Log Management Asset Discovery & Inventory Vulnerability Assessment Behavioral Monitoring Advanced Threat Detection Endpoint Response SLAIT Consulting 8

10 The financial advantage of ThreatManage in direct and indirect cost savings is clear. Couple these cost savings with a proven solution that brings immediate improvement to your quality of cyber protection and you have a compelling business case to engage with ThreatManage rather than building an internal SOC. Your organization s security is too important to leave to chance. ThreatManage offers a proven solution backed by the expertise of our staff to monitor and protect your most sensitive data and keep your infrastructure safe. SLAIT Consulting 9