SlideShare une entreprise Scribd logo
1  sur  13
Télécharger pour lire hors ligne
Piers Wilson, Tier-3
EUROPE
Considerations when choosing a
managed security service provider
Piers Wilson, Head of Product Management
1 May 2014
EUROPE
29 April - 01 May 2014 Earls Court London UK
Company	
  logo	
  
EUROPE
29 April - 01 May 2014 Earls Court London UK
What I will (and won’t) cover ...
Two topics :
•  What you need to have in place to gain benefits
•  How to choose a managed security service provider
I intend to focus on monitoring, detection and incident response services
WHY?
•  Limited time
•  Other types of managed security services are more commoditised and visible
–  either output-based, schedule-based or customer instigated
•  Monitoring services are event/activity driven, hence more challenging
Company	
  logo	
  
EUROPE
29 April - 01 May 2014 Earls Court London UK
Characteristics of managed security monitoring
Shared technology platform that:
•  Collects/receives logs, alerts, detections,
signature triggers etc. from customer systems
•  Underpins analysis workflow
–  Automated / manual analysis
–  Pattern / reference matching
–  Triage / diagnosis
–  Investigation
•  Provides reporting/alerts/access
•  Knowledge base and diagnostic log
–  I.e. information on the event or overall status is made
available to customers
•  Data retention
IDS	
  
Log,	
  Event,	
  Alert,	
  Detec7on,	
  Report,	
  Request	
  data	
  
AV	
  
Mail	
  
Servers	
  
	
  	
  	
  	
  Firewalls	
  
	
  	
  	
  	
  Proxies	
  
DNS	
  
Incidents	
  
Apps	
   	
  	
  	
  	
  	
  	
  Internal	
  
	
  	
  	
  	
  	
  	
  MSSP	
  
Company	
  logo	
  
EUROPE
29 April - 01 May 2014 Earls Court London UK
In-house capability
•  Still need a security operations function, even if you choose to outsource some
specialist or routine activities to an MSSP
Monitoring,	
  	
  
Detec7on	
  
No	
  MSSP	
  
Fully	
  in-­‐house	
  
Includes	
  degree	
  of	
  
analysis	
  
Includes	
  element	
  of	
  
response	
  and	
  clean-­‐
up	
  
Remediate	
  
Response	
  
Analysis	
  
Detec7on	
  
Company	
  logo	
  
EUROPE
29 April - 01 May 2014 Earls Court London UK
Retained internal capabilities
•  Internal incident management process
•  In-house diagnostic information for root cause analysis and
reporting
–  MSSP won’t have the whole picture OR be the only source of alerts
•  Internal SIEM tool to collect and analyse non-MSSP collected
information
•  Capable internal resources
–  Using an MSSP may mean this is smaller, and can focus on resolution and
decision making rather than identification and triage
You can’t outsource risk
Company	
  logo	
  
EUROPE
29 April - 01 May 2014 Earls Court London UK
End-to-end monitoring and response process
Balance the benefits of the MSSP ...
•  Early detection
•  Pan-customer and external threat data
•  24x7 operation and response
•  Incident diagnosis, response actions, resolution guidance
•  Volume processing of routine events
While retaining control and internal diagnostic capability
How far down into the incident analysis, diagnosis and
resolution process does the MSSP service extend
Company	
  logo	
  
EUROPE
29 April - 01 May 2014 Earls Court London UK
Value – costs and benefits
MSSP	
  Costs	
  
Depth	
  of	
  system	
  access/Extent	
  of	
  intelligence	
  
Process	
  coverage/involvement	
  
Security	
  Benefits	
  
Saved	
  effort	
  –	
  focus	
  on	
  what’s	
  important	
  
Improved	
  detec7on/response	
  
Range	
  of	
  customers	
  and	
  threat	
  sources	
  
Exper7se	
  and	
  resources	
  
Focus	
  on	
  non-­‐opera7onal	
  security	
  
Staff	
  development/reten7on	
  
TECHNOLOGY	
  PLATFORMS	
  
Company	
  logo	
  
EUROPE
29 April - 01 May 2014 Earls Court London UK
Choosing your MSSP: Sophistication and intelligence
What does the MSSP do? Assessing their role and
value in your process?
•  Process automation
•  Alerting, diagnostics and rapid notification of
incidents
•  Cost effectiveness
•  Intelligence from their wider customer community
•  Data separation, protection, retention, extraction
•  Detection of anomalous patterns or “unknowns”
beyond just signatures
Company	
  logo	
  
EUROPE
29 April - 01 May 2014 Earls Court London UK
Case study – Trustwave case (subsequently withdrawn)
•  Alleged Target used MSSP services
(vulnerability management and monitoring)
•  Banks sued both Target AND MSSP
Failings noted:
•  Vulnerabilities in systems remained “either
undetected or ignored” in audits as recently as
September 2013
–  These vulnerabilities included the fact that Target stored “credit and
debit card data on its servers for six full days before hackers
transmitted the data to a separate webserver outside of Target's
network”
–  Would the MSSP detect this? Depends...
•  The filing claims, the Target breach went
undetected for three weeks
–  Even though the MSSP “provided round-the-clock monitoring
services to Target”.
•  The lawsuit noted, repeated warnings and
breaches ... should have left Target in no doubt
that vulnerabilities existed
NOTE: This case was withdrawn in April
Company	
  logo	
  
EUROPE
29 April - 01 May 2014 Earls Court London UK
Summary I: Internal capability to derive value
•  Need to collect some log/event/network/diagnostic data
–  MSSP won’t cover of all the security event sources within your network
•  Data retention beyond the MSSP offering
•  Insider misuse, application issues and usage can only be monitored
internally
•  At a specific point in your incident management process YOU as a
customer (security team, management, stakeholders) will need to make
decisions
–  Ensure you/they have the right information to base those decisions upon
–  Irrespective of the level of service from the MSSP
Company	
  logo	
  
EUROPE
29 April - 01 May 2014 Earls Court London UK
Summary II: Choosing an MSSP to fit your process
•  An MSSP should free you from having to worry about the more routine parts of the
process
•  There is a price trade-off in terms of the extent of MSSP access to platforms and
information
–  i.e. the more of your environment they monitor the greater visibility they have, but the more you will pay
•  You need to consider the security, privacy and retention for data that they collect and
store
–  How does separation, long term retention, return of data work? Where is data held? What might it contain?
•  Quality of their detection, analysis, information provision, resolution support is
important
Thank you...
Contact us at:
Stand J55
www.tier-3.com
Follow us at: @tier3huntsman
info@tier-3.com
+44 (0) 7800 508517
EUROPE
29 April - 01 May 2014 Earls Court London UK

Contenu connexe

Tendances

Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectionSymantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectioninfoLock Technologies
 
A Guide to Managed Security Services
A Guide to Managed Security ServicesA Guide to Managed Security Services
A Guide to Managed Security ServicesGraham Mann
 
IT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALIT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALCYBER SENSE
 
Data Consult - Managed Security Services
Data Consult - Managed Security ServicesData Consult - Managed Security Services
Data Consult - Managed Security ServicesJad Bejjani
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centersBrencil Kaimba
 
Security operation center
Security operation centerSecurity operation center
Security operation centerMuthuKumaran267
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMEAlienVault
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextManaging risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextAlgoSec
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehReZa AdineH
 
Achieving Cyber Essentials
Achieving Cyber Essentials Achieving Cyber Essentials
Achieving Cyber Essentials Qonex
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
 SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera... SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...AlienVault
 
Cyber essentials-overview-sep-2021-211019100139
Cyber essentials-overview-sep-2021-211019100139Cyber essentials-overview-sep-2021-211019100139
Cyber essentials-overview-sep-2021-211019100139evaleng2
 
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...Brian Andrzejewski
 
What is the UK Cyber Essentials scheme?
What is the  UK Cyber Essentials scheme?What is the  UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?IT Governance Ltd
 

Tendances (20)

Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectionSymantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
 
A Guide to Managed Security Services
A Guide to Managed Security ServicesA Guide to Managed Security Services
A Guide to Managed Security Services
 
IT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSALIT SECURITY ASSESSMENT PROPOSAL
IT SECURITY ASSESSMENT PROPOSAL
 
Data Consult - Managed Security Services
Data Consult - Managed Security ServicesData Consult - Managed Security Services
Data Consult - Managed Security Services
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centers
 
Security operation center
Security operation centerSecurity operation center
Security operation center
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextManaging risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business context
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
 
Achieving Cyber Essentials
Achieving Cyber Essentials Achieving Cyber Essentials
Achieving Cyber Essentials
 
Security policies
Security policiesSecurity policies
Security policies
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
 SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera... SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
 
Cyber essentials-overview-sep-2021-211019100139
Cyber essentials-overview-sep-2021-211019100139Cyber essentials-overview-sep-2021-211019100139
Cyber essentials-overview-sep-2021-211019100139
 
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...
 
What is the UK Cyber Essentials scheme?
What is the  UK Cyber Essentials scheme?What is the  UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?
 

En vedette

To MSSP or not to MSSP IISF 2015
To MSSP or not to MSSP IISF 2015To MSSP or not to MSSP IISF 2015
To MSSP or not to MSSP IISF 2015Paul Hogan
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterKomand
 
C&W Product Portfolio
C&W Product PortfolioC&W Product Portfolio
C&W Product PortfolioCWBusiness
 
Why You Should Be Selling Business Continuity Services (5 MSP Tips to Get Sta...
Why You Should Be Selling Business Continuity Services (5 MSP Tips to Get Sta...Why You Should Be Selling Business Continuity Services (5 MSP Tips to Get Sta...
Why You Should Be Selling Business Continuity Services (5 MSP Tips to Get Sta...David Castro
 
Dizzion Channel Partner Training blow sales objections out of the water
Dizzion Channel Partner Training blow sales objections out of the waterDizzion Channel Partner Training blow sales objections out of the water
Dizzion Channel Partner Training blow sales objections out of the waterDizzion, Inc.
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleEnterpriseGRC Solutions, Inc.
 
MSP Sales Tactic | Using Kaseya to Perform an IT Network Assessment to Win Ne...
MSP Sales Tactic | Using Kaseya to Perform an IT Network Assessment to Win Ne...MSP Sales Tactic | Using Kaseya to Perform an IT Network Assessment to Win Ne...
MSP Sales Tactic | Using Kaseya to Perform an IT Network Assessment to Win Ne...David Castro
 
MSP Sales Best Practice | How to Close Sales Leads
MSP Sales Best Practice | How to Close Sales LeadsMSP Sales Best Practice | How to Close Sales Leads
MSP Sales Best Practice | How to Close Sales LeadsDavid Castro
 
Security Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif GhauriSecurity Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif GhauriAtif Ghauri
 
MT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response PlanningMT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response PlanningDell EMC World
 
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached Dell EMC World
 
Extend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPsExtend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPsIBM Security
 
Trends in network security feinstein - informatica64
Trends in network security   feinstein - informatica64Trends in network security   feinstein - informatica64
Trends in network security feinstein - informatica64Chema Alonso
 
ePlus Managed Security Services
ePlus Managed Security ServicesePlus Managed Security Services
ePlus Managed Security ServicesePlus
 
Spin Selling Fieldbook - Neil Rackham
Spin Selling Fieldbook - Neil RackhamSpin Selling Fieldbook - Neil Rackham
Spin Selling Fieldbook - Neil RackhamNirbhik Jangid
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 

En vedette (20)

To MSSP or not to MSSP IISF 2015
To MSSP or not to MSSP IISF 2015To MSSP or not to MSSP IISF 2015
To MSSP or not to MSSP IISF 2015
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations Center
 
C&W Product Portfolio
C&W Product PortfolioC&W Product Portfolio
C&W Product Portfolio
 
Citrix Day 2012: ShareFile
Citrix Day 2012: ShareFileCitrix Day 2012: ShareFile
Citrix Day 2012: ShareFile
 
Webinar: Data warehouse na nuvem da AWS
Webinar: Data warehouse na nuvem da AWSWebinar: Data warehouse na nuvem da AWS
Webinar: Data warehouse na nuvem da AWS
 
Why You Should Be Selling Business Continuity Services (5 MSP Tips to Get Sta...
Why You Should Be Selling Business Continuity Services (5 MSP Tips to Get Sta...Why You Should Be Selling Business Continuity Services (5 MSP Tips to Get Sta...
Why You Should Be Selling Business Continuity Services (5 MSP Tips to Get Sta...
 
Dizzion Channel Partner Training blow sales objections out of the water
Dizzion Channel Partner Training blow sales objections out of the waterDizzion Channel Partner Training blow sales objections out of the water
Dizzion Channel Partner Training blow sales objections out of the water
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
 
MSP Sales Tactic | Using Kaseya to Perform an IT Network Assessment to Win Ne...
MSP Sales Tactic | Using Kaseya to Perform an IT Network Assessment to Win Ne...MSP Sales Tactic | Using Kaseya to Perform an IT Network Assessment to Win Ne...
MSP Sales Tactic | Using Kaseya to Perform an IT Network Assessment to Win Ne...
 
MSP Sales Best Practice | How to Close Sales Leads
MSP Sales Best Practice | How to Close Sales LeadsMSP Sales Best Practice | How to Close Sales Leads
MSP Sales Best Practice | How to Close Sales Leads
 
Security Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif GhauriSecurity Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif Ghauri
 
MT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response PlanningMT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response Planning
 
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
 
Extend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPsExtend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPs
 
Trends in network security feinstein - informatica64
Trends in network security   feinstein - informatica64Trends in network security   feinstein - informatica64
Trends in network security feinstein - informatica64
 
SPIN Selling : HCL with CBA
SPIN Selling : HCL with CBASPIN Selling : HCL with CBA
SPIN Selling : HCL with CBA
 
Mass Customization
Mass CustomizationMass Customization
Mass Customization
 
ePlus Managed Security Services
ePlus Managed Security ServicesePlus Managed Security Services
ePlus Managed Security Services
 
Spin Selling Fieldbook - Neil Rackham
Spin Selling Fieldbook - Neil RackhamSpin Selling Fieldbook - Neil Rackham
Spin Selling Fieldbook - Neil Rackham
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
 

Similaire à Infosec 2014 - Considerations when choosing an MSSP

SLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting   itweb workshopSLVA - Security monitoring and reporting   itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA Information Security
 
Virtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - DeloitteVirtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - DeloitteSplunk
 
What Suppliers Don't Tell You About Security?
What Suppliers Don't Tell You About Security?What Suppliers Don't Tell You About Security?
What Suppliers Don't Tell You About Security?PECB
 
Information Assurance Metrics: Practical Steps to Measurement
Information Assurance Metrics: Practical Steps to MeasurementInformation Assurance Metrics: Practical Steps to Measurement
Information Assurance Metrics: Practical Steps to MeasurementEnclaveSecurity
 
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...Health IT Conference – iHT2
 
Empired Convergence 2017 - Keeping Pace, Staying Safe in the Digital World
Empired Convergence 2017 - Keeping Pace, Staying Safe in the Digital WorldEmpired Convergence 2017 - Keeping Pace, Staying Safe in the Digital World
Empired Convergence 2017 - Keeping Pace, Staying Safe in the Digital WorldEmpired
 
Identifying Safety Signals by Data Mining the FDA Adverse Event Reporting Sys...
Identifying Safety Signals by Data Mining the FDA Adverse Event Reporting Sys...Identifying Safety Signals by Data Mining the FDA Adverse Event Reporting Sys...
Identifying Safety Signals by Data Mining the FDA Adverse Event Reporting Sys...Perficient, Inc.
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metricscentralohioissa
 
Information Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsInformation Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsJack Nichelson
 
Heureka Webinar – Security, the Growth Engine for eDiscovery Professionals
Heureka Webinar – Security, the Growth Engine for eDiscovery ProfessionalsHeureka Webinar – Security, the Growth Engine for eDiscovery Professionals
Heureka Webinar – Security, the Growth Engine for eDiscovery ProfessionalsHeureka Software
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSavvius, Inc
 
Risk Factory: How to Implement an Effective Incident Response Programme
Risk Factory: How to Implement an Effective Incident Response ProgrammeRisk Factory: How to Implement an Effective Incident Response Programme
Risk Factory: How to Implement an Effective Incident Response ProgrammeRisk Crew
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMatthew Rosenquist
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
Cyber Security and Healthcare
Cyber Security and HealthcareCyber Security and Healthcare
Cyber Security and HealthcareJonathon Coulter
 
Privacies are coming
Privacies are comingPrivacies are coming
Privacies are comingErnest Staats
 

Similaire à Infosec 2014 - Considerations when choosing an MSSP (20)

SLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting   itweb workshopSLVA - Security monitoring and reporting   itweb workshop
SLVA - Security monitoring and reporting itweb workshop
 
Virtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - DeloitteVirtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - Deloitte
 
What Suppliers Don't Tell You About Security?
What Suppliers Don't Tell You About Security?What Suppliers Don't Tell You About Security?
What Suppliers Don't Tell You About Security?
 
Information Assurance Metrics: Practical Steps to Measurement
Information Assurance Metrics: Practical Steps to MeasurementInformation Assurance Metrics: Practical Steps to Measurement
Information Assurance Metrics: Practical Steps to Measurement
 
Fraud detection analysis
Fraud detection analysis Fraud detection analysis
Fraud detection analysis
 
Alpes strategie v5
Alpes strategie v5Alpes strategie v5
Alpes strategie v5
 
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
 
Empired Convergence 2017 - Keeping Pace, Staying Safe in the Digital World
Empired Convergence 2017 - Keeping Pace, Staying Safe in the Digital WorldEmpired Convergence 2017 - Keeping Pace, Staying Safe in the Digital World
Empired Convergence 2017 - Keeping Pace, Staying Safe in the Digital World
 
Secure Iowa Oct 2016
Secure Iowa Oct 2016Secure Iowa Oct 2016
Secure Iowa Oct 2016
 
Identifying Safety Signals by Data Mining the FDA Adverse Event Reporting Sys...
Identifying Safety Signals by Data Mining the FDA Adverse Event Reporting Sys...Identifying Safety Signals by Data Mining the FDA Adverse Event Reporting Sys...
Identifying Safety Signals by Data Mining the FDA Adverse Event Reporting Sys...
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metrics
 
Information Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsInformation Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security Metrics
 
Heureka Webinar – Security, the Growth Engine for eDiscovery Professionals
Heureka Webinar – Security, the Growth Engine for eDiscovery ProfessionalsHeureka Webinar – Security, the Growth Engine for eDiscovery Professionals
Heureka Webinar – Security, the Growth Engine for eDiscovery Professionals
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network Attacks
 
SORT OUT YOUR SIEM
SORT OUT YOUR SIEMSORT OUT YOUR SIEM
SORT OUT YOUR SIEM
 
Risk Factory: How to Implement an Effective Incident Response Programme
Risk Factory: How to Implement an Effective Incident Response ProgrammeRisk Factory: How to Implement an Effective Incident Response Programme
Risk Factory: How to Implement an Effective Incident Response Programme
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of Interest
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 
Cyber Security and Healthcare
Cyber Security and HealthcareCyber Security and Healthcare
Cyber Security and Healthcare
 
Privacies are coming
Privacies are comingPrivacies are coming
Privacies are coming
 

Plus de Huntsman Security

Infosecurity Europe 2016 - Low-friction Security
Infosecurity Europe 2016 - Low-friction SecurityInfosecurity Europe 2016 - Low-friction Security
Infosecurity Europe 2016 - Low-friction SecurityHuntsman Security
 
Infosec 2015 - Using threat intelligence to improve security response
Infosec 2015 - Using threat intelligence to improve security responseInfosec 2015 - Using threat intelligence to improve security response
Infosec 2015 - Using threat intelligence to improve security responseHuntsman Security
 
Huntsman - Threat intelligence (for IAP2015)
Huntsman - Threat intelligence (for IAP2015)Huntsman - Threat intelligence (for IAP2015)
Huntsman - Threat intelligence (for IAP2015)Huntsman Security
 
Huntsman - Internet of things (for IAP2015)
Huntsman - Internet of things (for IAP2015)Huntsman - Internet of things (for IAP2015)
Huntsman - Internet of things (for IAP2015)Huntsman Security
 
Internet of Things: Dealing with the enterprise network of things
Internet of Things: Dealing with the enterprise network of thingsInternet of Things: Dealing with the enterprise network of things
Internet of Things: Dealing with the enterprise network of thingsHuntsman Security
 
Intelligence-based computer network defence: Understanding the cyber kill cha...
Intelligence-based computer network defence: Understanding the cyber kill cha...Intelligence-based computer network defence: Understanding the cyber kill cha...
Intelligence-based computer network defence: Understanding the cyber kill cha...Huntsman Security
 
Using automation to improve the effectiveness of security operations
Using automation to improve the effectiveness of security operationsUsing automation to improve the effectiveness of security operations
Using automation to improve the effectiveness of security operationsHuntsman Security
 
Insider threats - Lessons from Snowden (ISF UK Chapter)
Insider threats - Lessons from Snowden (ISF UK Chapter)Insider threats - Lessons from Snowden (ISF UK Chapter)
Insider threats - Lessons from Snowden (ISF UK Chapter)Huntsman Security
 
Monitoring security in the externalised organisation (Auscert 2013)
Monitoring security in the externalised organisation (Auscert 2013)Monitoring security in the externalised organisation (Auscert 2013)
Monitoring security in the externalised organisation (Auscert 2013)Huntsman Security
 
Hidden security and privacy consequences around mobility (Infosec 2013)
Hidden security and privacy consequences around mobility (Infosec 2013)Hidden security and privacy consequences around mobility (Infosec 2013)
Hidden security and privacy consequences around mobility (Infosec 2013)Huntsman Security
 

Plus de Huntsman Security (10)

Infosecurity Europe 2016 - Low-friction Security
Infosecurity Europe 2016 - Low-friction SecurityInfosecurity Europe 2016 - Low-friction Security
Infosecurity Europe 2016 - Low-friction Security
 
Infosec 2015 - Using threat intelligence to improve security response
Infosec 2015 - Using threat intelligence to improve security responseInfosec 2015 - Using threat intelligence to improve security response
Infosec 2015 - Using threat intelligence to improve security response
 
Huntsman - Threat intelligence (for IAP2015)
Huntsman - Threat intelligence (for IAP2015)Huntsman - Threat intelligence (for IAP2015)
Huntsman - Threat intelligence (for IAP2015)
 
Huntsman - Internet of things (for IAP2015)
Huntsman - Internet of things (for IAP2015)Huntsman - Internet of things (for IAP2015)
Huntsman - Internet of things (for IAP2015)
 
Internet of Things: Dealing with the enterprise network of things
Internet of Things: Dealing with the enterprise network of thingsInternet of Things: Dealing with the enterprise network of things
Internet of Things: Dealing with the enterprise network of things
 
Intelligence-based computer network defence: Understanding the cyber kill cha...
Intelligence-based computer network defence: Understanding the cyber kill cha...Intelligence-based computer network defence: Understanding the cyber kill cha...
Intelligence-based computer network defence: Understanding the cyber kill cha...
 
Using automation to improve the effectiveness of security operations
Using automation to improve the effectiveness of security operationsUsing automation to improve the effectiveness of security operations
Using automation to improve the effectiveness of security operations
 
Insider threats - Lessons from Snowden (ISF UK Chapter)
Insider threats - Lessons from Snowden (ISF UK Chapter)Insider threats - Lessons from Snowden (ISF UK Chapter)
Insider threats - Lessons from Snowden (ISF UK Chapter)
 
Monitoring security in the externalised organisation (Auscert 2013)
Monitoring security in the externalised organisation (Auscert 2013)Monitoring security in the externalised organisation (Auscert 2013)
Monitoring security in the externalised organisation (Auscert 2013)
 
Hidden security and privacy consequences around mobility (Infosec 2013)
Hidden security and privacy consequences around mobility (Infosec 2013)Hidden security and privacy consequences around mobility (Infosec 2013)
Hidden security and privacy consequences around mobility (Infosec 2013)
 

Dernier

UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 

Dernier (20)

UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 

Infosec 2014 - Considerations when choosing an MSSP

  • 2. Considerations when choosing a managed security service provider Piers Wilson, Head of Product Management 1 May 2014 EUROPE 29 April - 01 May 2014 Earls Court London UK
  • 3. Company  logo   EUROPE 29 April - 01 May 2014 Earls Court London UK What I will (and won’t) cover ... Two topics : •  What you need to have in place to gain benefits •  How to choose a managed security service provider I intend to focus on monitoring, detection and incident response services WHY? •  Limited time •  Other types of managed security services are more commoditised and visible –  either output-based, schedule-based or customer instigated •  Monitoring services are event/activity driven, hence more challenging
  • 4. Company  logo   EUROPE 29 April - 01 May 2014 Earls Court London UK Characteristics of managed security monitoring Shared technology platform that: •  Collects/receives logs, alerts, detections, signature triggers etc. from customer systems •  Underpins analysis workflow –  Automated / manual analysis –  Pattern / reference matching –  Triage / diagnosis –  Investigation •  Provides reporting/alerts/access •  Knowledge base and diagnostic log –  I.e. information on the event or overall status is made available to customers •  Data retention IDS   Log,  Event,  Alert,  Detec7on,  Report,  Request  data   AV   Mail   Servers          Firewalls          Proxies   DNS   Incidents   Apps              Internal              MSSP  
  • 5. Company  logo   EUROPE 29 April - 01 May 2014 Earls Court London UK In-house capability •  Still need a security operations function, even if you choose to outsource some specialist or routine activities to an MSSP Monitoring,     Detec7on   No  MSSP   Fully  in-­‐house   Includes  degree  of   analysis   Includes  element  of   response  and  clean-­‐ up   Remediate   Response   Analysis   Detec7on  
  • 6. Company  logo   EUROPE 29 April - 01 May 2014 Earls Court London UK Retained internal capabilities •  Internal incident management process •  In-house diagnostic information for root cause analysis and reporting –  MSSP won’t have the whole picture OR be the only source of alerts •  Internal SIEM tool to collect and analyse non-MSSP collected information •  Capable internal resources –  Using an MSSP may mean this is smaller, and can focus on resolution and decision making rather than identification and triage You can’t outsource risk
  • 7. Company  logo   EUROPE 29 April - 01 May 2014 Earls Court London UK End-to-end monitoring and response process Balance the benefits of the MSSP ... •  Early detection •  Pan-customer and external threat data •  24x7 operation and response •  Incident diagnosis, response actions, resolution guidance •  Volume processing of routine events While retaining control and internal diagnostic capability How far down into the incident analysis, diagnosis and resolution process does the MSSP service extend
  • 8. Company  logo   EUROPE 29 April - 01 May 2014 Earls Court London UK Value – costs and benefits MSSP  Costs   Depth  of  system  access/Extent  of  intelligence   Process  coverage/involvement   Security  Benefits   Saved  effort  –  focus  on  what’s  important   Improved  detec7on/response   Range  of  customers  and  threat  sources   Exper7se  and  resources   Focus  on  non-­‐opera7onal  security   Staff  development/reten7on   TECHNOLOGY  PLATFORMS  
  • 9. Company  logo   EUROPE 29 April - 01 May 2014 Earls Court London UK Choosing your MSSP: Sophistication and intelligence What does the MSSP do? Assessing their role and value in your process? •  Process automation •  Alerting, diagnostics and rapid notification of incidents •  Cost effectiveness •  Intelligence from their wider customer community •  Data separation, protection, retention, extraction •  Detection of anomalous patterns or “unknowns” beyond just signatures
  • 10. Company  logo   EUROPE 29 April - 01 May 2014 Earls Court London UK Case study – Trustwave case (subsequently withdrawn) •  Alleged Target used MSSP services (vulnerability management and monitoring) •  Banks sued both Target AND MSSP Failings noted: •  Vulnerabilities in systems remained “either undetected or ignored” in audits as recently as September 2013 –  These vulnerabilities included the fact that Target stored “credit and debit card data on its servers for six full days before hackers transmitted the data to a separate webserver outside of Target's network” –  Would the MSSP detect this? Depends... •  The filing claims, the Target breach went undetected for three weeks –  Even though the MSSP “provided round-the-clock monitoring services to Target”. •  The lawsuit noted, repeated warnings and breaches ... should have left Target in no doubt that vulnerabilities existed NOTE: This case was withdrawn in April
  • 11. Company  logo   EUROPE 29 April - 01 May 2014 Earls Court London UK Summary I: Internal capability to derive value •  Need to collect some log/event/network/diagnostic data –  MSSP won’t cover of all the security event sources within your network •  Data retention beyond the MSSP offering •  Insider misuse, application issues and usage can only be monitored internally •  At a specific point in your incident management process YOU as a customer (security team, management, stakeholders) will need to make decisions –  Ensure you/they have the right information to base those decisions upon –  Irrespective of the level of service from the MSSP
  • 12. Company  logo   EUROPE 29 April - 01 May 2014 Earls Court London UK Summary II: Choosing an MSSP to fit your process •  An MSSP should free you from having to worry about the more routine parts of the process •  There is a price trade-off in terms of the extent of MSSP access to platforms and information –  i.e. the more of your environment they monitor the greater visibility they have, but the more you will pay •  You need to consider the security, privacy and retention for data that they collect and store –  How does separation, long term retention, return of data work? Where is data held? What might it contain? •  Quality of their detection, analysis, information provision, resolution support is important
  • 13. Thank you... Contact us at: Stand J55 www.tier-3.com Follow us at: @tier3huntsman info@tier-3.com +44 (0) 7800 508517 EUROPE 29 April - 01 May 2014 Earls Court London UK