SECURITY OPERATIONS CENTER BUY BUILD BUY. vs. Which Solution is Right for You?

Similar documents
Managed Endpoint Defense

esendpoint Next-gen endpoint threat detection and response

Incorporating Hunt Teams To Defend Your Enterprise

MANAGED DETECTION AND RESPONSE

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

SOLUTION BRIEF Virtual CISO

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Managed Detection and Response

RSA INCIDENT RESPONSE SERVICES

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

RSA INCIDENT RESPONSE SERVICES

to Enhance Your Cyber Security Needs

RSA NetWitness Suite Respond in Minutes, Not Months

BUILDING AND MAINTAINING SOC

Staffing Services UnderDefense your source of experienced professionals to solve security staffing challenges today

TRUE SECURITY-AS-A-SERVICE

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

SIEM Solutions from McAfee

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

SIEMLESS THREAT MANAGEMENT

Traditional Security Solutions Have Reached Their Limit

Popular SIEM vs aisiem

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

How to Write an MSSP RFP. White Paper

Securing Your Digital Transformation

OPERATIONS CENTER. Keep your client s data safe and business going & growing with SOC continuous protection

Security. Made Smarter.

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP

SIEM: Five Requirements that Solve the Bigger Business Issues

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

A Comprehensive Guide to Remote Managed IT Security for Higher Education

HOSTED SECURITY SERVICES

SECURITY AUTOMATION BEST PRACTICES. A Guide on Making Your Security Team Successful with Automation SECURITY AUTOMATION BEST PRACTICES - 1

CYBER SECURITY FOR BUSINESS COUNTING THE COSTS, FINDING THE VALUE

Click to edit Master title style. DIY vs. Managed SIEM

NEXT GENERATION SECURITY OPERATIONS CENTER

THE ACCENTURE CYBER DEFENSE SOLUTION

SIEMLESS THREAT DETECTION FOR AWS

White Paper. How to Write an MSSP RFP

SECURITY AUTOMATION BEST PRACTICES. A Guide to Making Your Security Team Successful with Automation

STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions.

RSA ADVANCED SOC SERVICES

INCIDENT RESPONDER'S FIELD GUIDE INCIDENT RESPONDER'S INCIDENT RESPONSE PLAN FIELD GUIDE LESSONS FROM A FORTUNE 100 INCIDENT RESPONSE LEADER

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Sage Data Security Services Directory

EXPERT SERVICES FOR IoT CYBERSECURITY AND RISK MANAGEMENT. An Insight Cyber White Paper. Copyright Insight Cyber All rights reserved.

CROWDSTRIKE FALCON FOR THE PUBLIC SECTOR

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

An Aflac Case Study: Moving a Security Program from Defense to Offense

Security Monitoring. Managed Vulnerability Services. Managed Endpoint Protection. Platform. Platform Managed Endpoint Detection and Response

Protecting organisations from the ever evolving Cyber Threat

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

Partner with an MSSP or Grow an In-House Security Team: What s Right For Your Business?

PRODUCT OVERVIEW. On-demand threat investigation, root cause analysis and remediation advice without the need for extra internal resources

ARC VIEW. Critical Industries Need Active Defense and Intelligence-driven Cybersecurity. Keywords. Summary. By Sid Snitkin

RED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE.

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

The Resilient Incident Response Platform

Reducing the Cost of Incident Response

Sustainable Security Operations

Continuous protection to reduce risk and maintain production availability

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

A Risk Management Platform

Are we breached? Deloitte's Cyber Threat Hunting

From Managed Security Services to the next evolution of CyberSoc Services

Transforming Security from Defense in Depth to Comprehensive Security Assurance

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Evolving the Security Strategy for Growth. Eric Schlesinger Global Director and CISO Polaris Alpha

Cybersecurity Considerations for GDPR

Security Automation Best Practices

WHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

An Aflac Case Study: Moving a Security Program from Defense to Offense

MATURE YOUR CYBER DEFENSE OPERATIONS with Accenture s SIEM Transformation Services

Power of the Threat Detection Trinity

Incident Response Services

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Unlocking the Power of the Cloud

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Mastering The Endpoint

BREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response

Cyber Range Buyers Guide for Fortune 1000 Security Operations

Pedal to the Metal: Mitigating New Threats Faster with Rapid Intel and Automation

Building Resilience in a Digital Enterprise

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

PORTFOLIO OVERVIEW. Security. A Comprehensive Set of Security Services for Today s Complex Cyber Security Needs. Portfolio Overview.

Best Practices in Securing a Multicloud World

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

THREAT HUNTING REPORT

CYBER SECURITY EFFECTIVENESS FOR THE RESOURCE-CONSTRAINED ORGANIZATION

CYBER RESILIENCE & INCIDENT RESPONSE

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

A Closer Look: The esentire Difference. Setting the Industry Standard for Managed Detection and Response PURPOSE WHAT YOU WILL LEARN INTENDED AUDIENCE

Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS

A Closer Look: The esentire Difference. Setting the Industry Standard for Managed Detection and Response PURPOSE WHAT YOU WILL LEARN INTENDED AUDIENCE

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Transcription:

SECURITY OPERATIONS CENTER BUY vs. BUILD BUY Which Solution is Right for You?

How Will You Protect Against Today s Cyber Threats? As cyber-attacks become more frequent and more devastating, many organizations are quickly devising plans to protect against inevitable threats that could jeopardize their business. Larger enterprises typically have the resources and wherewithal to manage cybersecurity initiatives in house, but small and mid-sized organizations are increasingly faced with the dilemma of scaling their existing IT operations to prioritize cybersecurity or looking to an external vendor to help them develop and execute a cybersecurity strategy. At the core of this debate is the decision to build your own Security Operations Center (SOC) in house using your own staff, technology and resources, or enlist the help of a Managed Detection and Response (MDR) partner. This ebook outlines the many factors that should be considered when making this important decision. 2 BUILD vs. BUY

What Does a SOC Do? A Security Operations Center (SOC) is a facility where security analysts utilize forensic tools and cyber threat intelligence to hunt, investigate and respond to cyber threats in real-time. Equipped with the advanced tools and expertise, a SOC protects an organization from known and unknown threats that can bypass traditional security technologies. If you re thinking about building an internal SOC, start by asking these critical questions: Is there budget allocated on an annual basis? Can you support a 24x7 in-house operation? Do you have enough staff to build a SOC team? Do they have the necessary knowledge and skills? Who will design the physical SOC site? Who will document SOC processes and procedures? Who will develop a training program? RESPOND How will you interpret and deliver threat intelligence insights? How will you demonstrate value to the executive team and board of directors? Security Operations Center (SOC) INVESTIGATE HUNT You can build your own, but do you really want to? An in-house SOC may seem like your best option. You have full control over how it operates and you can be sure all efforts are focused on your business, and your business alone. Consider the up-front and ongoing investment involved as you weigh out your options. As you embark on this important decision, here are some steps you can take to help you understand exactly what you need: Learn about the regulations facing your business or industry and map out your requirements. Work with your internal stakeholders to determine budget, responsibilities and timing. Assess your tools and people skills and explore how they would integrate with an external SOC. Research cybersecurity vendors that can help you develop and execute your cybersecurity strategy. 3

SOC in a Box There are many factors to consider when building your own SOC. It becomes an exercise in bringing together the right tools, intelligence and people together to create an integrated solution that can withstand the test of time and scale as quickly as the threat landscape changes. Here are the advanced security additions you would need to start building your own SOC today1. Next Gen IDS/IPS Threat Intel Subscriptions SIEM Platform Endpoint Forensics and Detection Vulnerability Scanners Forensic Tools 1-2 Full Time Employees (9-5) 3-6 Full Time Employees (24x7) 4 Based on a year 1 cost analysis for mid-sized organizations (100-999 people), conducted by esentire 1

BUILD BUY vs. In-house Technology Requires multiple product purchases and vendor contracts Tool Integration Disparate tools that are not integrated into single solution Time to Value Lengthy deployment over many months (or years) Talent and Expertise Difficulty hiring and retaining skilled forensic professionals Innovation Must be able to innovate at same pace of attackers Response Times Several hours (or days) to detect and respond to threats Ongoing CapEx and Maintenance Costly CapEx and maintenance model MDR Technology All services included in one subscription, based on one-year commitment Tool Integration Fully integrated and managed tools Time to Value 4-week deployment, with modular roll outs available Talent and Expertise Access to elite security analysts, around the clock Innovation Expertise of Threat Intelligence team included Response Times 35-second response time with full forensic capabilities Ongoing CapEx and Maintenance No CapEx or maintenance costs

Build AND Buy? The Hybrid Model A hybrid model allows an organization to leverage its own strengths and resources, while being supported by cybersecurity experts with advanced expertise and tools. Some organizations choose to supplement their in-house SOC with an outsourced second SOC, while others want to simply augment their internal resources while they work on getting their internal SOC off the ground. Either way, having a second set of eyes on the network at all times gives you a higher level of protection and confidence knowing that your valuable information is safe. Advantages of a Second SOC Expertise Supported by trained experts with extensive experience in threat management and incident response. Guidance Assistance in developing and/or validating security program strategy and meeting compliance requirements. Intelligence Global access to data and insights collected across multiple customers and industries. Tools & Technology Highly-sophisticated forensics tools that are fine-tuned over time, based on the evolving threat landscape. 24x7 Monitoring Human analysts actively and continually investigating, blocking and mitigating threats around the clock. 6

Weird Normal vs. Weird Bad: The Importance of Human Analysts Technology can do a lot of heavy lifting, sifting and candidate signal generation, but humans are uniquely capable of knowing whether something is weird good or weird bad. And more importantly, they know what question to ask next. Threat hunting is, quite simply, the pursuit of abnormal activity on servers and endpoints that may be signs of compromise, intrusion, or exfiltration of data. What Is Threat Hunting?, Carbon Black Blog Unlike traditional cybersecurity technologies like anti-virus and firewalls, with threat hunting, humans go looking for threats, rather than waiting on technology to send an alert. When an analyst sees something weird, they can apply logic and intuition combined with historical data and threat intelligence to decide what to do about it something that technology cannot do on its own. How it Works This human analysis is essential in detecting unknown threats earlier, preventing cyberattackers from carrying out their objectives. SIGNAL INGESTION SIGNAL ENRICHMENT CORRELATE & INVESTIGATION ANALYST RESPONSE Hunting for the signals in the noise Realtime Network/Cloud/ Endpoint Forensics Enrichment Full Context Attack Investigation Analyst Real-Time Forensic Hunt Containment Connection Termination Quarantine Coordinated Remediation Notification and Escalation 7

Frankly, overtaxed security teams are challenged to keep pace with this evolving and churning threat landscape, as well as the security tools they seek to master. Augmenting your team with experts can provide the talent and surge capacity that small businesses need. Cyber Security and the Small Business, Frost & Sullivan Choosing a Hunt Team A Hunt Team is a group of cybersecurity analysts trained in how to defend against the latest attack techniques. They leverage network investigation skills and offensive counterintelligence, as well as knowledge of an organization s infrastructure, to find and stop adversaries using zero-day exploits, advanced malware, or other covert means to infiltrate an organization s systems. 8

Any organization putting together a Hunt Team whether in house or via a service provider should consider the following criteria: Should be capable of operating 24/7 in your interest. Skills must include event detection, incident response including mitigation and incident investigation. Should have deep experience in a wide variety of adversaries and know the cyber threat landscape in detail. Must have experience in defensive tools, including IDS, IPS, SIEM tools, proxy servers for decryption and packet capture tools. Should have their own tools as well. The most agile and responsive Hunt Teams will have solutions that integrate the best of signature, behavioral and anomaly detection and forensic replay abilities. Should offer a hybrid architecture that enables the best use of highly-qualified experts while keeping the most sensitive data inside your network. Should have the attitudes and approaches required for victory they must have a mix of both creativity and persistence. Should have a formalized continuous learning process for mission debriefing and knowledge-sharing, especially when working in multiple locations with overlapping shifts. The best Hunt Team is made up of creative, quick-thinking professionals who have the persistence to find the adversary and to do what it takes to push them out. Incorporating Hunt Teams to Defend Your Enterprise Network, esentire 9

Cybersecurity Administrator Hunters have expert level of understanding of the IP stack, how it s used and abused, as well as a deep understanding of the capabilities of servers, endpoints and other critical assets found on a network. This understanding is foundational to a hunter s cybersecurity knowledge and experience. Hiring a Hunter Whether you re staffing your own SOC, or relying on the expertise of an outsourced partner, your hunters should have a mix of these specialized skills. Air Traffic Controller Just like an Air Traffic Controller, hunters need to understand and prioritize what s happening in real-time. They need to be able to recognize what s important, what s unusual, and determine the right course of action. Responding to threats in real-time requires focus and the ability to multi-task. World of Warcraft Attackers use a combination of tools, tactics and techniques. Knowing what to ask when presented with something unusual is the most critical function the human provides to the cybersecurity infrastructure. Of course, the stakes at play when hunting for threats are huge. There are no new lives available after a massive breach. 10

Choosing a Cybersecurity Provider What s the Difference? MDR MSSP Keeping up with the latest developments in cybersecurity services and technologies can be challenging, especially if your organization doesn t have dedicated staff or resources. But organizations that don t make an investment in cybersecurity are easy prey for modern cyber-attackers, especially those that house highly-sensitive client information. Detects known (signature-based) threats Detects unknown threats Analyzes log data Choosing a cybersecurity provider isn t easy. There are some key differences to consider before you make any important decisions. Full network packet capture to go back in time for deep forensic investigation 24x7 monitoring by a staffed security operations center Purpose-built technology for signal enrichment and event correlation to reduce false positives Watch as Managed Security Service Providers (MSSP) and Managed Detection and Response (MDR) go head to head in the video series at: www.esentire.com/mdr-difference Goes beyond alerting and responds to threats as they happen Clients should be wary of claims from traditional MSSPs on their ability to deliver MDR-like services. Delivering these services requires technologies not traditionally in scope for MSS, such as endpoint threat detection/ response, or network behavior analysis or forensic tools 1. 1 Gartner Managed Detection and Response Services Market Guide. May 2017 11

We Don t Sleep So You Can esentire Managed Detection and Response keeps organizations safe from constantly evolving cyber-attacks that technology alone cannot prevent. Our 24x7 team of elite security analysts handle everything from forensic investigation to incident response, so you can focus on managing your business not cybersecurity. esentire Managed Detection and Response We consider the SOC an extension of our team. From day one, we ve had the ability to tweak escalation path definitions as we became more familiar with the types of data we wanted and needed to see. When we have questions around any alerts we receive, we feel confident that within minutes of reaching out to the SOC we ll get a lengthy response explaining the tools and actions we need to take to remediate a threat. When speaking to SOC analysts, we feel like we re dealing with on-site team members; the SOC is an incredible resource, one that we use often enough that it s become our default. Eric Feldman, Chief Information Officer at The Riverside Company Enterprise-class detection and response leveraging proprietary technology and advanced forensic tools A 24x7x365 Security Operations Center (SOC) staffed with elite security analysts Response and resolution of cyber-threats in near real-time Ongoing access to cybersecurity experts and advisors White-glove customer service resulting in a 97% customer retention rate 12

About esentire esentire is the largest pure-play Managed Detection and Response (MDR) service provider, keeping organizations safe from constantly evolving cyber-attacks that technology alone cannot prevent. Its 24x7 Security Operations Center (SOC), staffed by elite security analysts, hunts, investigates, and responds in real time to known and unknown threats before they become business disrupting events. Protecting more than $5 trillion in corporate assets, esentire absorbs the complexity of cybersecurity, delivering enterprise-grade protection and the ability to comply with growing regulatory requirements. For more information, visit www.esentire.com and follow @esentire. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback