Best practices in IT security co-management

Similar documents
RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

RED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE.

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Grow Your Services Business

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Fundamental Shift: A LOOK INSIDE THE RISING ROLE OF IT IN PHYSICAL ACCESS CONTROL

Security-as-a-Service: The Future of Security Management

Traditional Security Solutions Have Reached Their Limit

Securing Your Digital Transformation

to Enhance Your Cyber Security Needs

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

SIEMLESS THREAT MANAGEMENT

White Paper. How to Write an MSSP RFP

J U L Y Title of Document. Here is the subtitle of the document

The power management skills gap

Symantec Security Monitoring Services

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

Professional Services for Cloud Management Solutions

Accelerate Your Enterprise Private Cloud Initiative

Best Practices in Securing a Multicloud World

Uptime and Proactive Support Services

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

CDW PARTNER REVIEW GUIDE SERVER VIRTUALIZATION

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

Cisco Collaboration Optimization Services: Tune-Up for Peak Performance

Cisco Start. IT solutions designed to propel your business

Education Brochure. Education. Accelerate your path to business discovery. qlik.com

Putting people first: Future-ready meetings and teamwork. Next-generation meeting solutions

How to Underpin Security Transformation With Complete Visibility of Your Attack Surface

Symantec Enterprise Support Services Manage IT Risk. Maximize IT Performance.

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

NEXT GENERATION SECURITY OPERATIONS CENTER

The Resilient Incident Response Platform

INTELLIGENCE DRIVEN GRC FOR SECURITY

New Zealand Government IBM Infrastructure as a Service

The Problem with Privileged Users

Google Cloud & the General Data Protection Regulation (GDPR)

A Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud

Security. Made Smarter.

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Whitepaper. 10 Reasons to Move to the Cloud

Cognizant Cloud Security Solution

ProSupport Suite. Shift from maintenance to innovation. for PCs and tablets. Dell ProSupport Suite for PCs and tablets 1

DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

PREPARE & PREVENT. The SD Comprehensive Cybersecurity Portfolio for Business Aviation

Whitepaper. 10 Reasons to Move to the Cloud

ProSupport Suite. Shift from maintenance to innovation. for PCs and tablets. Dell ProSupport Suite for PCs and tablets

VMware Cloud Operations Management Technology Consulting Services

BRING EXPERT TRAINING TO YOUR WORKPLACE.

ebook library PAGE 1 HOW TO OPTIMIZE TRANSLATIONS AND ACCELERATE TIME TO MARKET

RSA INCIDENT RESPONSE SERVICES

Proven video conference management software for Cisco Meeting Server

PLAYBOOK. How Do You Plan to Grow? Evaluating Your Critical Infrastructure Can Help Uncover the Right Strategy

PROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

KEDAYAM A KAAPAGAM MANAGED SECURITY SERVICES. Kaapagam Technologies Sdn. Bhd. ( T)

Security Automation Best Practices

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

KEYCLOUD BACKUP AND RECOVERY AS-A-SERVICE (BRAAS): A fully-managed backup and recovery solution for your mission critical data

Hybrid Cloud for Business Communications

Security Monitoring. Managed Vulnerability Services. Managed Endpoint Protection. Platform. Platform Managed Endpoint Detection and Response

Manufacturing security: Bridging the gap between IT and OT

RSA INCIDENT RESPONSE SERVICES

Case Study. Encode helps University of Aberdeen strengthen security and reduce false positives with advanced security intelligence platform

SECURITY AUTOMATION BEST PRACTICES. A Guide to Making Your Security Team Successful with Automation

Collaborative Remote Management Services for Unified Communications Customer-Facing Collateral Boilerplates

2018 MANAGED SECURITY SERVICE PROVIDER (MSSP): BENCHMARK SURVEY Insights That Inform Decision-Making for Retail Industry Outsourcing

Cloud-based data backup: a buyer s guide

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

Cylance Axiom Alliances Program

Sustainable Security Operations

EXPERT SERVICES FOR IoT CYBERSECURITY AND RISK MANAGEMENT. An Insight Cyber White Paper. Copyright Insight Cyber All rights reserved.

Total Cost of Ownership: Benefits of the OpenText Cloud

White Paper. View cyber and mission-critical data in one dashboard

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

The Windstream Enterprise Advantage for Banking

Hybrid WAN Operations: Extend Network Monitoring Across SD-WAN and Legacy WAN Infrastructure

Managed Services.

Transforming Security from Defense in Depth to Comprehensive Security Assurance

BUSTED! 5 COMMON MYTHS OF MODERN INFRASTRUCTURE. These Common Misconceptions Could Be Holding You Back

SECURITY THAT FOLLOWS YOUR FILES ANYWHERE

Build confidence in the cloud Best practice frameworks for cloud security

FROM TACTIC TO STRATEGY:

Technical Review Managing Risk, Complexity, and Cost with SanerNow Endpoint Security and Management Platform

Making the most of DCIM. Get to know your data center inside out

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Sage Data Security Services Directory

SIEMLESS THREAT DETECTION FOR AWS

Preparing your network for the next wave of innovation

HP environmental messaging

A company built on security

Reducing the Cost of Incident Response

Background FAST FACTS

CYBER SECURITY FOR BUSINESS COUNTING THE COSTS, FINDING THE VALUE

Continuous protection to reduce risk and maintain production availability

Create the ideal conditions for your network to grow.

Transcription:

Best practices in IT security co-management How to leverage a meaningful security partnership to advance business goals Whitepaper Make Security Possible

Table of Contents The rise of co-management...3 In the beginning: the rise of MSSPs...3 Unique solutions for unique organizations...3 The power of partnership...4 Making connections...4 Co-management best practices...4 Technology shouldn t matter...4 The best providers invest in themselves...5 Final notes...5 8 questions for your potential co-management partner...6 When we talk about co-management, it s not just about a technology. It s about enabling organizations to get the maximum return on their existing technology investments, while advancing their security for the future. Brian Murphy President & CEO, ReliaQuest Make Security Possible Page 2 of 76

The rise of co-management When it comes to effective IT security, having the right tools is just the beginning. Regardless of an organization s size or sophistication, security tools can only go so far given the ever-changing nature of IT security. Today s security teams must leverage a fusion of technology, highly skilled experts and adaptable processes. The best way to bring these elements together is through co-management. In the beginning: the rise of MSSPs Recognizing the labor-intensive nature of modern security tools and technology, most organizations know that it is not feasible to have one internal team responsible for managing them. As a result, most organizations have turned to third-party service providers to help with day-to-day alerts and updates. In the early years of IT security, it was assumed that the traditional managed service model used with other corporate tools or technologies could simply be adapted to security. From this assumption emerged an entire industry of Managed Security Service Providers (MSSPs) that promised a one-size-fits-all solution. But security technologies are not your average IT tools. Effective security tools must integrate massive amounts of data with sensitive business nuances. They must be as dynamic as the rapidly shifting IT security landscape, and they require constant, 24/7 monitoring and maintenance. The inflexible nature of most MSSPs means that solutions cannot be tailored to a customer s specific environment or risk profile. MSSPs also require organizations to transfer all their log data offsite to the MSSP, which raises a host of obvious security and visibility issues. Additionally, there is often a lack of clearly defined roles between the MSSP and the in-house security team. All this creates a recipe for inefficiency and conflict. Unique solutions for unique organizations Every organization is unique. Even those in the same industry often operate much differently and have different security goals. Effective IT security should take into account not only basic security needs within one particular industry, but also specific user intent, informed by specific business context. Few traditional third-party service providers have the expertise or bandwidth to address these needs. Imagine if a doctor diagnosed and treated every patient in the same demographic group exactly the same way. How effective could a medical treatment be without factoring in a person s own history, allergies, genetics or lifestyle? It s the same in security. MSSPs treat each company in the same industry the same without taking into consideration the company s distinctive tools, team, threat landscape or goals. What may seem like a security concern in one environment might be a daily operating function in another. And while an understanding of threats common to a particular industry is certainly useful, it is impractical to use this generalized information alone to inform the day-to-day security tactics of complex organizations. The issue is simple: no service provider will ever know the customer s environment as well as the customer does without actively working in that environment day in and day out. No service provider will ever be equipped to effectively guide a customer s security strategy without taking the time to comprehensively review the subtleties of that particular organization s threat landscape. Organizations that still use traditional MSSP partners often spend more time wading through false-positive alerts that are not relevant to their particular organization rather than taking action to proactively protect their organization s most precious assets. While preset alerts trigger over and over again, important information is missed. Over time, the MSSP becomes more of a burden than a benefit. In a best-case scenario, it merely serves the role of the superficial box-check for compliance purposes, rather than providing the meaningful value add that the team may have initially envisioned. Make Security Possible Page 3 of 6

The power of partnership Co-management providers are designed to fully integrate with organizations existing security and IT operations teams. This personalized partnership allows teams to work together to build custom processes and solutions to address specific business nuances. Co-management s role-based model clearly outlines the rules and objectives for each involved party, tailored to each specific customer. This adaptable approach is a more practical way for organizations to continually evolve their security strategies within the rapidly changing security landscape. Rather than removing data logs to perform an external analysis independent of the customer s security team, co-management providers actively monitor the data within the customer s own environment alongside the security team in real-time, using techniques customized to that particular organization. This model removes the black-box nature of outsourced security and creates a sustainable partnership capable of evolving over time. An effective co-management provider will connect directly into the customer s environment using a secure connection from one or more Security Operations Centers (SOCs). A site visit, verification of the connection and verification of compliance audits can provide assurance of this ability. This active connectivity, coupled with participation in team meetings and check-ins around each shift, helps the provider become a true extension of the customer team - a relationship that is only strengthened over time. Making connections How useful are multiple sources of data if they are not sufficiently connected? Data from any one point technology is often interdependent with a number of other tools or functions within an organization s environment. These connections constantly change with the introduction of new technologies, new business functions or new users, which necessitates ongoing updates and troubleshooting. With traditional MSSPs working at arm s length of a customer environment, the customer often becomes a broker between the MSSP, product manufacturers, and even the customer s own IT infrastructure team when trying to resolve problems. Co-management best practices Technology shouldn t matter Security professionals, processes, and technologies don t work in a vacuum. Everything is interconnected and interdependent within an entire organization. In this way, security and IT teams act as service-providers to the business as a whole. Effective co-management must encompass more than solitary technologies or processes. Many software manufacturers offer co-managed and managed services around their own products. The problem with these services is that they only apply to one specific technology. Effective ongoing co-management requires expertise and experience in a wide range of processes and technologies. A prime example is in the security information event management (SIEM) technology space. Many SIEM manufacturers sell the hardware and software and then overlay a service-offering to monitor and manage the technology on an ongoing basis. However, when a customer s environment requires the service provider to oversee another process or technology, it falls outside the provider s scope of services. Co-management is different. Security experts can be immediately available for a customer s needs, regardless of the technology. This concept requires service providers to connect into customer environments through their own Security Operations Center (SOC) and lab environments, where customers can test new products, upgrades, patches, and custom scripts. Make Security Possible Page 4 of 76

The best providers invest in themselves Not all co-management services are created equally. Many companies selling co-management services have very little experience as security service providers and try to cut the costs of around-the-clock management by leveraging third-party workforces. This means the customer has no assurances into the provider team s experience, training or certifications. Those manufacturers and service providers who do not use third parties may still operate in less than stellar security environments. These providers often work out of virtual SOCs, meaning that any engineer can connect to a customer environment from anywhere. While this may sound convenient, there is no way for the customer to ensure that access to their environment is being adequately protected. As a result, these environments often do not meet compliance requirements. True co-management partners invest in and maintain their own proper SOC and lab environments, which ensures effective protections and positions a company to advance its security over time. Additionally, a focus on continuous advancement of individual team members also allows the best security providers to stay ahead and provide continuity of services to their customers. If the provider isn t willing to invest in the development of its own services, infrastructure and people, what does that say about their commitment to the betterment of your organization? Final notes The definition of co-management continues to evolve in the right direction. Service providers and organizations of all sizes are expanding the capability of these offerings in a way that can help advance the overall security of complex organizations. People, processes and technology will always represent the keys to effective security, with partnership models leading the way. Visit www.reliaquest.com to learn more about our collaborative co-management approach. Make Security Possible Page 5 of 76

8 questions for your potential co-management partner STEP 1 Can the provider send you a current SAE 16 SOC 2 Type 2 (continuous) report? In some cases they may have an SAE 16 SOC 2 Type 1 (point-in-time) report, but that is not enough. At the very least, they should have a SOC 2 Type 2 audit scheduled, confirmed by the third-party audit firm performing the assessment. If they aren t investing in their own security how much will they invest in your organization s security? STEP 2 Do they have a state-of-the-art Security Operations Center (SOC) where they perform all shifts of their 24/7/365 co-managed services? Does the SOC facility meet the proper compliance, training, and facility requirements required by U.S.-based auditing and compliance standards? STEP 3 STEP 4 Can they describe in detail the distinctive roles in their security environment and strategies for hiring, retention, training and development? Without a focus on people, organizations are left with inexperienced teams or frequent turnover. A robust training program ensures that security solutions can get smarter over time, even as security challenges change. Do they have a proven engineering infrastructure? Having experienced security engineers on hand is critical to be able to maintain the wide range of technology that exists in the customer environment. This can be verified with targeted reference checks. STEP 5 Are they constantly logged in to their customer environments or do they passively rely on alerts to notify them of potential issues? Having a service provider who is actively engaged will allow your organization s team to focus on other business-critical tasks. STEP 6 Are their capabilities limited to one specific manufacturer or point technology? An effective co-management partner should be able to provide references across multiple technologies and technology categories. For example, if they are offering to co-manage SIEM, they should be able to give references for multiple SIEM technologies they are currently co-managing. The same goes for a service that claims to only manage SIEM. What good does that do if the SIEM isn t the problem? If they only know SIEM, how can they write content and rules you need to import logs from other point products that exist in your environment? They shouldn t just be relying on the out-of-box connectors built by the manufacturer. They should be able to provide examples of customer content and rules built using their own expertise while tying in to technology APIs. STEP 7 A service provider should be able to walk through a library of custom content they have built and should be able to explain how it can be tailored to enhance your specific environment. They should also have a lab environment to test and refine the various technologies with which they ll be working. STEP 8 The easiest way an organization can get to know a service provider is to visit their SOC facilities. Any legitimate provider will pay to fly an organization in for a tour. You should feel comfortable with the ability of the facility and its team to serve as a true extension of your organization. Make Security 2017 ReliaQuest, Possible Inc. All Rights Reserved. ReliaQuest, the ReliaQuest logo, RQ Labs, and RQ University are trademarks or registered trademarks of ReliaQuest, Inc. in the US and/or other countries. All other product names Page 66 of of 76 and/or slogans mentioned herein may be trademarks or registered trademarks of their respective companies. All other information presented here is subject to change and intended for general information.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback