The Case for Managed Security Services for Log Monitoring and Management
|
|
- Egbert Crawford
- 8 years ago
- Views:
Transcription
1 White Paper The Case for Managed Security Services for Log Monitoring and Management (866)
2 The Case for Managed Security Services for Log Monitoring and Management Contents Introduction...3 Benefits of On-Premise SIEM Solutions Security and Privacy...3 Benefits of an MSSP Efficiency, Scalability and Intelligence...4 Security experts dedicated to your enterprise...5 Efficiency and workflow automation...5 Cost savings and scalability...6 Perspective and intelligence...6 SIEM or MSSP? Comparing Capabilities and Cost...7 Cost analysis for MSSP and SIEM solutions...8 Barriers to Success Operational Risk Factors for SIEMs and MSSPs...10 Assigning resources for an on-premise SIEM...10 Continuous security staffing challenges...11 Risky staff allocation...11 The Cost of Failure...12 Conclusion and Recommendations...13 About Solutionary...13 Appendix...14 Flexible service delivery...14 ActiveGuard service platform...14 Purpose-built for big data
3 Introduction When it comes to security log monitoring and management, enterprises can opt to purchase, install and manage an on-premise Security Information and Event Management (SIEM) product, or they can partner with a Managed Security Service Provider (MSSP). Log monitoring is an important part of an enterprise security program, enabling enterprises to detect and protect against threats. The need for a log monitoring solution may also be rooted in a compliance requirement, such as the Payment Card Industry Data Security Standard (PCI DSS), it may be driven by an internal audit process or it may be required by the organization s customers. Merger and acquisition activity may also play a role. Log monitoring is an important part of an enterprise security program, enabling enterprises to detect and protect against threats. This whitepaper compares the benefits of on-premise SIEM products with the advantages of an MSSP engagement. It also discusses the financial, operational and organizational considerations that may accompany a purchasing decision. For example, when legal requirements prevent an enterprise from exporting log data for analysis, a SIEM solution (managed and maintained in-house) may be needed. However, for many other organizations unfettered by legal and regulatory requirements, an MSSP can deliver greater cost efficiency and more effective security monitoring. By comparing and contrasting the strengths and weaknesses of both options for log monitoring and management, enterprises can make an informed and intelligent choice about which solution is right for their business. Benefits of On-Premise SIEM Solutions Security and Privacy There are numerous vendors that provide products that range from standard log collection without analytics or intelligence to full-blown SIEM solutions that integrate with disparate systems and provide comprehensive threat detection. SIEM solutions are often scoped, priced and sold with a great deal of customization, based on the buyer s specific needs. 3
4 The primary benefits of on-premise SIEM solutions include: A highly secure log collection, correlation and analysis environment to accommodate non-internet-facing systems. No external transfer of security log data for organizations subject to stringent privacy requirements. The ability to customize SIEM solutions to accommodate the unique needs of each enterprise customer. Certain environments are not well-suited to an MSSP solution. If an organization has systems with no Internet connectivity, an on-premise SIEM deployment may be needed to provide security monitoring. Also, if an organization has systems that produce sensitive log data that cannot leave the network infrastructure (such as government systems that require specialized clearance or access) these may require the use of an on-premise, product-based solution. Certain environments are not well-suited to an MSSP solution. If an organization has systems with no Internet connectivity, an on-premise SIEM deployment may be needed to provide security monitoring. Benefits of an MSSP Efficiency, Scalability and Intelligence As with on-premise SIEM products, MSSP solutions for log monitoring and management can satisfy compliance mandates and increase security. These can range from self-service solutions that require clients to view their own incident alerts in a portal to full-service solutions that will proactively alert clients when security incidents occur. Some MSSPs also provide forensically sound log storage to satisfy regulatory requirements without demanding the enterprise to acquire and maintain more on-site hardware. The top benefits of partnering with an MSSP for log monitoring and management include: Access to security expertise, research and threat intelligence. Highly efficient processes and workflow automation to significantly improve time to remediation for security issues. Cost savings and scalability achieved by outsourcing time-consuming manual correlation and analysis. Cross-device and cross-vendor correlation to improve security awareness and reduce risk. 4
5 MSSPs range from niche vendors with a narrow focus on only certain types of devices or logs, to enterprise-class providers offering a full suite of security management capabilities for the entire IT infrastructure. Regardless of the provider s size or the scale of specific deployments, MSSP solutions can be divided into two types of service: Monitoring only In this deployment, an MSSP takes in security logs and other device logs, only alerting and advising the client about security events based on some level of service (e.g., 15 minute notice for high priority alerts, daily log reviews to minimally meet compliance, etc.). Monitoring and Management In this deployment, an MSSP monitors security logs, and additionally makes changes to the client s environment based on event analysis and security intelligence. MSSPs bear the cost of keeping personnel trained on the latest equipment from multiple vendors, and they have crossplatform experience, which is key for managing multi-vendor client environments. For many organizations, the highly-qualified MSSP team becomes, in effect, an extension of in-house resources. Security experts dedicated to your enterprise One of the biggest advantages of working with an MSSP is access to a dedicated team of security experts. Organizations may lack the in-house security expertise needed to monitor and/or manage devices from a wide variety of sources or vendors. Some large enterprises have dedicated security teams and security researchers. However, that is certainly not typical. For many organizations, the highly-qualified MSSP team becomes, in effect, an extension of in-house resources. Organizations are able to take advantage of the security expertise that the MSSP has acquired by working with numerous clients across a variety of industries. Typically, MSSPs will also have a security research team that is consistently focused on threat intelligence. Efficiency and workflow automation In many cases it s not lack of knowledge, but business constraints that prevent in-house security staff from complete and efficient access to all device logs. For example, business controls may dictate that firewalls are only accessed by a networking group, or that VPN and single sign-on logs only be viewed by the identity management or user compliance team. Once an MSSP is set up to receive logs from all enterprise devices, or whatever portion is preferred, it can assist with tasks such as maintaining clear and consistent rule sets for firewalls and other network security devices. As an external vendor, an MSSP can also provide independent and overarching change control procedures as to how, when, and why the rules on these in-scope devices get updated. 5
6 Since MSSPs work with multiple clients and have documented, repeatable processes, they are able to provide workflow automation and to significantly improve time to remediation for security issues. MSSPs validate security events in the Security Operations Center (SOC) before notifying the client. This helps to dramatically reduce the number of false positive alerts clients must respond to, reducing costs and increasing efficiency. Cost savings and scalability MSSP solutions offer a cost-effective option for 24/7 log monitoring and management. Many organizations do not have a dedicated Security Operations Center (SOC) or the ability to staff three shifts of analysts year-round. While a SIEM solution requires constant monitoring by in-house staff, MSSP solutions provide 24/7 monitoring without the need for additional headcount. With a SIEM product, there is a constant need for manual review and confirmation of security events, correlation with other incidents or tickets and remediation of any issues identified. MSSPs can fill this need for organizations, identifying the real security incidents and notifying clients in a timely manner. With a view of the threat landscape across their client base, MSSPs are also able to incorporate intelligence gleaned across the client base to improve threat detection and response. MSSP solutions also have the advantage of scale. There are many organizations that are already using the MSSP service, so the infrastructure and processes needed to support new organizations has already been built. The MSSP works with clients to customize rules and notifications, reducing the burden on in-house resources. Perspective and intelligence The lessons learned from managing hundreds or even thousands of client environments gives MSSPs a much broader view than a single in-house security organization. MSSPs leverage that knowledge and experience across their entire client base. With a view of the threat landscape across their client base, MSSPs are also able to incorporate intelligence gleaned across the client base to improve threat detection and response. Many organizations that purchase SIEM solutions are unpleasantly surprised by the amount of data the SIEM produces. Their in-house resources are often overwhelmed by the number of security events, making it impossible to identify actual security incidents among the many false positives. Given their economies of scale, purpose-built technology and expertise, MSSPs are able to filter the events and validate the actual security incidents for improved security intelligence. 6
7 SIEM or MSSP? Comparing Capabilities and Cost On-premise SIEM solutions and managed security services can both solve log monitoring and management challenges. However, they work from very different approaches, with different advantages and disadvantages. The following table outlines the similarities and differences between SIEM and MSSP solutions. Feature SIEM MSSP Monitors log events Helps attain regulatory compliance Flexible service delivery Provides 24/7 analysis by security analysts Stores logs off-site in forensically-sound facility* Provides security intelligence and expertise as part of the solution Built-in disaster recovery and business continuity planning (DR/BCP) Predictable fixed cost May require additional infrastructure (server, network devices, storage, etc.) Must be routinely updated, patched, and upgraded * Some MSSPs store raw log data on customers premises, which may involve additional cost, and where it may not be protected against alteration or theft. 7
8 Cost analysis for MSSP and SIEM solutions Cost is an important factor when deciding whether to purchase a product-based SIEM for internal deployment or engage an MSSP. SIEM products are usually purchased and financed as a capital expense (CAPEX), while a service is typically purchased and financed as an operating expense (OPEX). With an MSSP, the annual cost of maintenance for three years (the typical MSSP contract term) is defined and known, whereas the maintenance and other costs related to product purchases can adjust annually. The initial training and personnel costs will be higher for any product purchase since the product needs to be installed and configured (usually by a reseller or consultant), and because internal staff will require training and planning for the tool s utilization in the security environment. On-premise SIEM solutions also incur operational costs such as rack space, power, network connectivity, database configuration and connectivity. The following example details an actual cost comparison recently performed by a Solutionary enterprise client. The client evaluated the cost differences between the purchase and ongoing maintenance of a SIEM tool versus an MSSP approach. Note: In this analysis, the customer planned to staff the SIEM with one SIEM Engineer and one Security Analyst. As a result, there would be very little ability to provide off-hours support. In contrast, the MSSP service would provide full 24x7 monitoring support. Cost Breakdown SIEM MSSP Savings % Initial One-Time Costs SIEM Platform (including data storage) $892,500 Included SIEM Implementation Labor Costs $20,000 Included Computers and Software for Additional Employees $8,000 Included Initial SIEM Training $12,000 Included MSSP Fees/Charges $20,000 Total - Initial $932,500 $20,000 $912,500 98% Annual/Ongoing Expenses SIEM Engineer $125,000 Included Security Analyst $80,000 $8,000 Personnel Management Cost $75,000 Included Security Engineering Costs $8,000 Included Maintenance and Support Contracts $44,625 Included Depreciation and Amortization $300,167 $6,667 MSSP Fees/Charges $550,000 Total Recurring $632,792 $564,667 $68,125 11% 8
9 As shown in the table below, the client realized an immediate capital expense reduction of $912,500 by selecting an MSSP. When the recurring costs required to support an SIEM solution (extra headcount, training, consulting, equipment for added employees) and the first-year costs for the MSSP service are factored in, the client realizes a year one cost reduction of $687,125 (a 54 percent savings). While the cost analysis for initial deployment definitely favors an MSSP solution, the question remains, does the cost benefit hold up over time? The table below shows a ten year comparison between SIEM and MSSP costs. The nearly linear cost curve of the MSSP service contrasts with the three-year upgrade cycle of the SIEM product. Annual costs for the SIEM solution are lower in years two and three and in years five and six. However, when factoring the initial purchase and installation cost of an SIEM, and the periodic upgrade and re-initialization costs, the SIEM approach represents a higher accumulated cost throughout the 10-year projected analysis. $1,400,000 When the recurring costs required to support an SIEM solution (extra headcount, training, consulting, equipment for added employees) and the first-year costs for the MSSP service are factored in, the client realizes a year one cost reduction of $687,125 (a 54 percent savings). $1,200,000 $1,000,000 $800,000 $600,000 SIEM MSSP $400,000 $200,000 $
10 Barriers to Success Operational Risk Factors for SIEMs and MSSPs In-house SIEM projects and MSSP implementations also differ regarding the prospects for immediate and long-term success. For an MSSP engagement to succeed, the client must verify that the features and capabilities of the MSSP meet the project requirements. The client should monitor the implementation and ongoing service delivery to verify and ensure the provider s effectiveness. Assigning resources for an on-premise SIEM The barriers to success for an on-premise SIEM project are much more extensive. First, adequate staff resources must be assigned to the project. These resources also need the right expertise to deploy, configure and manage the SIEM. Unfortunately, many times the needed employees are not actually hired or they are assigned additional duties that detract from their focus on the SIEM solution. It can also be difficult and cost-prohibitive to find new employees or contractors with the skills and experience required. Training can fill some gaps, but is unlikely to provide the depth of knowledge needed to meet project goals. For an MSSP engagement to succeed, the client must verify that the features and capabilities of the MSSP meet the project requirements. Several implementation tasks require in-depth knowledge of the SIEM tool and related systems, and may add unexpected time and cost to the SIEM project. These include: Configuring logging on standard and non-standard systems. Tuning complex devices, such as network IDS/IPS, web application firewalls and file integrity monitoring systems. Writing custom rules and tuning existing correlation rules in the SIEM. Configuring thresholds and advanced features in the SIEM. Customizing report data and formatting. Defining environment assets, subnets and zones. 10
11 Once the SIEM solution is up and running, its continued effectiveness relies on performing an additional set of tasks. Monitored devices and the SIEM tool must be frequently updated in order to: Reflect changes in the computing environment. Support version upgrades. Respond to changes in the threat landscape. Continuous security staffing challenges Ongoing internal monitoring efforts are subject to several challenges as well. One particular challenge is the limited view afforded to the security staff. Seeing only the events that hit their organization makes it difficult to develop and maintain staff skills. Since serious security events are infrequent, it s also difficult for the staff to stay focused on the monitoring effort. Even with rotation, the need for night, weekend and holiday coverage places a significant burden on security staff. Review and response to alerts is an ongoing responsibility. Even with rotation, the need for night, weekend and holiday coverage places a significant burden on security staff. Another staffing challenge for in-house solutions is employee development. To stay motivated and focused, security staff needs training and a career path. The small size of internal security departments limits the opportunity for advancement. These factors of limited view, off-hours support and lack of advancement opportunities combine to drive a high turnover rate for security staff. In addition to the time and cost involved in backfilling positions, the employees who leave take their knowledge of the environment with them. Organizations that cannot find a replacement before the previous employee leaves lose valuable knowledge transfer and suffer gaps in security monitoring. Risky staff allocation Enterprises commonly place a single staff member in charge of the SIEM solution who is solely responsible for the configuration and operation of the tool. As a result, many of these organizations experience a systematic failure. The project of installing and configuring a SIEM tool is much more interesting and rewarding than the dayto-day operation of that system. After completing the installation, the employee has a significantly enhanced skillset and resume. At this point, the employee commonly makes a career change, taking their knowledge of the SIEM tool with them and leaving the enterprise without the resources needed for ongoing success with the SIEM. 11
12 In a different scenario, enterprises may staff their SIEM projects with employees who have other responsibilities. If another project needs additional resources, the enterprise may borrow the security analysts to help. While assigned to these other tasks, the security employees create an immediate, measureable business benefit. Assuming that a critical security event doesn t happen at the same time, there s no downside to this approach. Unfortunately, this means that staff originally assigned to security monitoring often wind up permanently engaged in other work. Should a critical security event occur, it may go undetected. If the SIEM goes without administrative oversight for a significant period of time, whatever the reason, data overflows at the collection agents, consoles and databases can cause system failures and data corruption. This situation can even necessitate a complete re-installation of the SIEM. The Cost of Failure If the SIEM goes without administrative oversight for a significant period of time, whatever the reason, data overflows at the collection agents, consoles and databases can cause system failures and data corruption. If an MSSP does not perform successfully, the client can terminate the contract. In this case, the organization has lost the time and effort of the project, some minor hardware and setup fees, and the service fees for the time the contract was in effect. At that point, another MSSP or a SIEM product could be implemented as an alternative. If an SIEM project fails, it s much more serious. The initial costs of an SIEM project include licensing the product, purchasing needed servers and storage infrastructure, hiring employees or contractors, training and provisioning equipment and software needed for the added staff. Typically, organizations plan to amortize these costs over a three-year period. However, project failure leaves no way to recoup these sunk costs. The organization is faced with the choice of investing significant additional funds into fixing or replacing the solution, or trying to somehow limp along with the failed system until the end of the amortization period. 12
13 Conclusion and Recommendations Organizations can meet their log monitoring requirements by using SIEM products or MSSP services. SIEM products are needed for organizations that have legal or other requirements that do not allow them to export log data for analysis, and for sites that do not have Internet connectivity. For organizations that have the option, however, MSSPs can provide lower cost, more effective monitoring solutions. An MSSP can provide visibility into organizations environments and the ability to comply with regulations without the hassles and costs of managing and maintaining an on-premise, product-based solution. In addition, the MSSP approach reduces both the likelihood and the cost of failure to meet project goals. About Solutionary Learn More To learn more about Managed Security Services and find ways to implement it in your security plan, contact Solutionary today. Solutionary, an NTT Group security company (NYSE: NTT), is the next generation managed security service provider (MSSP), focused on delivering managed security services and global threat intelligence. Comprehensive Solutionary security monitoring and security device management services protect traditional and virtual IT infrastructures, cloud environments and mobile data. Solutionary clients are able to optimize current security programs, make informed security decisions, achieve regulatory compliance and reduce costs. The patented, cloud-based ActiveGuard service platform uses multiple detection technologies and advanced analytics to protect against advanced threats. The Solutionary Security Engineering Research Team (SERT) researches the global threat landscape, providing actionable threat intelligence, enhanced threat detection and mitigating controls. Experienced, certified Solutionary security experts act as an extension of clients internal teams, providing industry-leading client service to global enterprise and mid-market clients in a wide range of industries, including financial services, healthcare, retail and government. Services are delivered 24/7 through multiple state-of-the-art Security Operations Centers (SOCs). For more information, visit 13
14 Appendix Flexible service delivery Solutionary puts the service in managed security services, operating as an extension of the client s internal security team. At Solutionary, clients come first and each employee, from the management team to the analysts in the SOC, is dedicated to client satisfaction. Understanding and addressing these individual client needs is key to the Solutionary client-first culture. By gaining a detailed understanding of individual client needs, Solutionary combines deep security expertise and proven operational processes with the patented ActiveGuard service platform to enhance security and address regulatory compliance. All Solutionary managed security services clients receive Log Management services that provide one year of log retention for all logs collected and analyzed. ActiveGuard service platform The cloud-based, patented ActiveGuard service platform provides powerful crosscorrelation and event-handling capabilities to recognize threats and reduce false positives, making security more operationally efficient. ActiveGuard is able to accurately collect and correlate vast amounts of data from virtually any device capable of producing a log file, including applications, databases, endpoints, firewalls, and network devices. ActiveGuard uses multiple detection methods, including signatures, anomaly detection, statistical analysis, heuristics and global threat intelligence from the Solutionary Security Engineering Research Team (SERT) to detect advanced threats. Security experts in the Solutionary Security Operations Center (SOC) provide additional analysis, validation and response for security threats. Purpose-built for big data ActiveGuard was purpose-built to handle large amounts of disparate data. As the number of devices that require monitoring has increased, so has the ability of ActiveGuard to scale. The volume of log data produced by enterprises requires more scale and better analytics in order to provide intelligence about the information being gathered. The ability to handle big data of this type is a key component of ActiveGuard. Contact Solutionary at SCSManagement@solutionary.com or Solutionary, an NTT Group security company, is the next generation managed security services provider (MSSP), focused on delivering managed security services and global threat intelligence. ActiveGuard US Patent Numbers: 7,168,093; 7,424,743; 6,988,208; 7,370,359; 7,673,049; 7,954,159; 8,261,347. Solutionary, the Solutionary logo, ActiveGuard, the ActiveGuard logo, are registered trademarks or service marks of Solutionary, Inc. in the United States. Other marks and brands may be claimed as the property of others. The product plans, specifications, and descriptions herein are provided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied. Copyright 2014 Solutionary, Inc. Solutionary.com Solutionary, Inc Underwood Ave. Omaha, NE WP 03/13
Managed Security Service Providers vs. SIEM Product Solutions
White Paper The Business Case for Managed Security Services Managed Security Service Providers vs. SIEM Product Solutions www.solutionary.com (866) 333-2133 The Business Case for Managed Security Services
More informationWell-Documented Controls Reduce Risk and Support Compliance Initiatives
White Paper Risks Associated with Missing Documentation for Health Care Providers Well-Documented Controls Reduce Risk and Support Compliance Initiatives www.solutionary.com (866) 333-2133 Many Health
More informationNEC Managed Security Services
NEC Managed Security Services www.necam.com/managedsecurity How do you know your company is protected? Are you keeping up with emerging threats? Are security incident investigations holding you back? Is
More informationBusiness Case Outsourcing Information Security: The Benefits of a Managed Security Service
Business Case Outsourcing Information Security: The Benefits of a Managed Security Service seccuris.com (866) 644-8442 Contents Introduction... 3 Full- Time Experts vs. a Part- Time In- House Staff...
More informationCaretower s SIEM Managed Security Services
Caretower s SIEM Managed Security Services Enterprise Security Manager MSS -TRUE 24/7 Service I.T. Security Specialists Caretower s SIEM Managed Security Services 1 Challenges & Solution Challenges During
More informationAN EXECUTIVE S GUIDE TO BUDGETING FOR SECURITY INFORMATION & EVENT MANAGEMENT
WHITE PAPER AN EXECUTIVE S GUIDE TO BUDGETING FOR SECURITY INFORMATION & EVENT MANAGEMENT COST ANALYSIS OF TWO DELIVERY MODELS: SELF-MANAGED SIEM VS. MANAGED SIEM SERVICES AN EXECUTIVE S GUIDE TO BUDGETING
More informationSecurity Monitoring and Alerting: Managed Security Service Providers (MSSP) vs. Security Incident & Event Management (SIEM)
Security Monitoring and Alerting: Managed Security Service Providers (MSSP) vs. Security Incident & Event Management (SIEM) ActiveGuard U.S. Patent Nos 6,988,208; 7,168,093; 7,370,359; 7,424,743; 2015
More informationPCI DSS Reporting WHITEPAPER
WHITEPAPER PCI DSS Reporting CONTENTS Executive Summary 2 Latest Patches not Installed 3 Vulnerability Dashboard 4 Web Application Protection 5 Users Logging into Sensitive Servers 6 Failed Login Attempts
More informationSolutionary provides security and compliance platform
Solutionary provides security and compliance platform Analyst: Rick Kurtzbein 4 Oct, 2012 As readers of the Daily T1R know, we just held our annual Hosting and Cloud Transformation Summit (HCTS) in Las
More informationHow To Buy Nitro Security
McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security
More informationHow To Protect Yourself From A Dos/Ddos Attack
RELEVANT. INTELLIGENT. SECURITY White Paper In Denial?...Follow Seven Steps for Better DoS and DDoS Protection www.solutionary.com (866) 333-2133 In Denial?...Follow Seven Steps for Better DoS and DDoS
More informationWhy cloud backup? Top 10 reasons
Why cloud backup? Top 10 reasons HP Autonomy solutions Table of contents 3 Achieve disaster recovery with secure offsite cloud backup 4 Free yourself from manual and complex tape backup tasks 4 Get predictable
More informationMANAGED SECURITY SERVICES (MSS)
MANAGED SECURITY SERVICES (MSS) The Cyber Security Initiative. Cybercrime is becoming an important factor for CIOs and IT professionals, but also for CFOs, compliance officers and business owners. The
More informationLeveraging security from the cloud
IBM Global Technology Services Thought Leadership White Paper IBM Security Services Leveraging security from the cloud The who, what, when, why and how of cloud-based security services 2 Leveraging security
More informationCompliance Management, made easy
Compliance Management, made easy LOGPOINT SECURING BUSINESS ASSETS SECURING BUSINESS ASSETS LogPoint 5.1: Protecting your data, intellectual property and your company Log and Compliance Management in one
More informationNorth American Electric Reliability Corporation (NERC) Cyber Security Standard
North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation
More informationBlackStratus for Managed Service Providers
BLACKSTRATUS FOR MSP SOLUTION GUIDE PAGE TM BlackStratus for Managed Service Providers With BlackStratus MSP suite of solutions, you can quickly and effectively ramp up customer security offerings and
More informationnfx One for Managed Service Providers
NFX FOR MSP SOLUTION GUIDE nfx One for Managed Service Providers With netforensics MSP suite of solutions, you can quickly and effectively ramp up customer security offerings and increase your bottom line
More informationDoes Security in the Cloud Get More or Less Complex? Jozef Krakora, Senior Product Manager October 7, 2014
Does Security in the Cloud Get More or Less Complex? Jozef Krakora, Senior Product Manager October 7, 2014 Physical Cloud - Benefits & Drawbacks Infrastructure Benefits Drawbacks Physical Cloud Familiarity
More informationCautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work
Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture
More informationCONTINUOUS LOG MANAGEMENT & MONITORING
OFFERING BRIEF: CONTINUOUS LOG MANAGEMENT & MONITORING ALERT LOGIC LOG MANAGER AND ALERT LOGIC ACTIVEWATCH FOR LOG MANAGER Virtually every system you use to manage and run your business creates log data.
More informationTOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series
TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE ebook Series 2 Headlines have been written, fines have been issued and companies around the world have been challenged to find the resources, time and capital
More informationDEMONSTRATING THE ROI FOR SIEM
DEMONSTRATING THE ROI FOR SIEM Tales from the Trenches HP Enterprise Security Business Whitepaper Introduction Security professionals sometimes struggle to demonstrate the return on investment for new
More informationPublished April 2010. Executive Summary
Effective Incident, Problem, and Change Management Integrating People, Process, and Technology in the Datacenter Published April 2010 Executive Summary Information technology (IT) organizations today must
More informationPreemptive security solutions for healthcare
Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare
More informationSecurity Event and Log Management Service:
IBM Global Technology Services December 2007 Security Event and Log Management Service: Comprehensive, Cost-effective Approach to Enhance Network Security and Security Data Management Page 2 Contents 2
More informationTotal Protection for Compliance: Unified IT Policy Auditing
Total Protection for Compliance: Unified IT Policy Auditing McAfee Total Protection for Compliance Regulations and standards are growing in number, and IT audits are increasing in complexity and cost.
More informationIdentifying Cloud Management Options for Increased Security, Efficiency and Reliability
White Paper Cloud vs. Managed Cloud Identifying Cloud Management Options for Increased Security, Efficiency and Reliability Introduction Today, enterprises of all sizes are leveraging cloud computing in
More informationHow To Protect Your Network From Attack From A Network Security Threat
Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your
More informationRight-Sizing Electronic Discovery: The Case For Managed Services. A White Paper
Right-Sizing Electronic Discovery: The Case For Managed Services A White Paper 1 2 Table of Contents Introduction....4 An Overview of the Options...4 Insourcing: Bringing E-Discovery Processes In-House....4
More informationSYMANTEC MANAGED SECURITY SERVICES. Superior information security delivered with exceptional value.
SYMANTEC MANAGED SECURITY SERVICES Superior information security delivered with exceptional value. A strong security posture starts with a smart business decision. In today s complex enterprise environments,
More informationIBM Tivoli Netcool network management solutions for enterprise
IBM Netcool network management solutions for enterprise The big picture view that focuses on optimizing complex enterprise environments Highlights Enhance network functions in support of business goals
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationSecuring business data. CNS White Paper. Cloud for Enterprise. Effective Management of Data Security
Securing business data CNS White Paper Cloud for Enterprise Effective Management of Data Security Jeff Finch, Head of Business Development, CNS Mosaic 2nd July 2015 Contents 1 Non-Disclosure Statement...
More informationFIVE PRACTICAL STEPS
WHITEPAPER FIVE PRACTICAL STEPS To Protecting Your Organization Against Breach How Security Intelligence & Reducing Information Risk Play Strategic Roles in Driving Your Business CEOs, CIOs, CTOs, AND
More informationChoosing Between Managed Security Services or In-house SIEM? Consider the Benefits of both!
Choosing Between Managed Security Services or In-house SIEM? Consider the Benefits of both! Matteo Masserini Steven Kulley Tarun Sondhi Emerging Region Sales Specialist Regional Product Manager - EMEA
More informationWHY CLOUD COMPUTING MAKES SENSE FOR NONPROFITS
WHY CLOUD COMPUTING MAKES SENSE FOR NONPROFITS Nonprofits are experiencing increased pressure, oversight, and demand for transparency from all sides. Whether the focus is government compliance, competition
More informationIBM Security QRadar Risk Manager
IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Collect network security device configuration data to
More informationBIG SHIFT TO CLOUD-BASED SECURITY
GUIDE THE BIG SHIFT TO CLOUD-BASED SECURITY How mid-sized and smaller organizations can manage their IT risks and meet regulatory compliance with minimal staff and budget. CONTINUOUS SECURITY TABLE OF
More informationPCI DSS Top 10 Reports March 2011
PCI DSS Top 10 Reports March 2011 The Payment Card Industry Data Security Standard (PCI DSS) Requirements 6, 10 and 11 can be the most costly and resource intensive to meet as they require log management,
More informationLeveraging a Maturity Model to Achieve Proactive Compliance
Leveraging a Maturity Model to Achieve Proactive Compliance White Paper: Proactive Compliance Leveraging a Maturity Model to Achieve Proactive Compliance Contents Introduction............................................................................................
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationClick to edit Master title style. How To Choose The Right MSSP
How To Choose The Right MSSP Meet Eric Eric Devansky Director of Global Security Services 15 Years of experience in the Cyber Security industry CISSP Palo Alto CNSE VMWare VCP Connect with me: @TruShield
More informationWhitepaper: 7 Steps to Developing a Cloud Security Plan
Whitepaper: 7 Steps to Developing a Cloud Security Plan Executive Summary: 7 Steps to Developing a Cloud Security Plan Designing and implementing an enterprise security plan can be a daunting task for
More information2012 North American Managed Security Service Providers Growth Leadership Award
2011 South African Data Centre Green Excellence Award in Technology Innovation Cybernest 2012 2012 North American Managed Security Service Providers Growth Leadership Award 2011 Frost & Sullivan 1 We Accelerate
More informationHP and netforensics Security Information Management solutions. Business blueprint
HP and netforensics Security Information Management solutions Business blueprint Executive Summary Every day there are new destructive cyber-threats and vulnerabilities that may limit your organization
More informationDemonstrating the ROI for SIEM: Tales from the Trenches
Whitepaper Demonstrating the ROI for SIEM: Tales from the Trenches Research 018-101409-01 ArcSight, Inc. 5 Results Way, Cupertino, CA 95014, USA www.arcsight.com info@arcsight.com Corporate Headquarters:
More informationSymantec Residency and Managed Services
Symantec Residency and Managed Services Flexible options for staff augmentation and IT out-tasking Symantec Global Services Confidence in a connected world. Symantec Residency and Managed Services provide
More informationWhy Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it
The Cloud Threat Why Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it This white paper outlines the concerns that often prevent midsized enterprises from taking advantage of the Cloud.
More informationTraditionally, large IT organizations have utilized their own
White Paper Cloud Identity Services Cloud Identity Services TCO Substantially Reducing Cost with Cloud Identity Services Traditionally, large IT organizations have utilized their own resources to design,
More informationWhite Paper. 1 800 FASTFILE / www.ironmountain.ca Page 1
White Paper LIVEVAULT Top 10 Reasons for Using Online Server Backup and Recovery Introduction Backup of vital company information is critical to a company s survival, no matter what size the company. Recent
More informationIBM Security QRadar Risk Manager
IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Visualize current and potential network traffic patterns
More informationLog Management How to Develop the Right Strategy for Business and Compliance. Log Management
Log Management How to Develop the Right Strategy for Business and Compliance An Allstream / Dell SecureWorks White Paper 1 Table of contents Executive Summary 1 Current State of Log Monitoring 2 Five Steps
More informationA Global IT Managed Service Provider
A Global IT Managed Service Provider Service Catalog 2013 www.presilient.com We help ensure that you maximize your current infrastructure investments, while increasing performance across your enterprise.
More informationMANAGED SECURITY SERVICES (MSS)
MANAGED SECURITY SERVICES (MSS) THE CYBER SECURITY INITIATIVE. Cybercrime is becoming an important factor for CIOs and IT professionals, but also for CFOs, compliance officers and business owners. The
More informationWHY CLOUD BACKUP: TOP 10 REASONS
WHITE PAPER DATA PROTECTION WHY CLOUD BACKUP: TOP 10 REASONS Contents REASON #1: Achieve disaster recovery with secure offsite cloud backup REASON #2: Freedom from manual and complex tape backup tasks
More informationTRIPWIRE REMOTE OPERATIONS: STOP OPERATING, START ANALYZING
SERVICES TRIPWIRE REMOTE OPERATIONS: STOP OPERATING, START ANALYZING WHY COUNT ON TRIPWIRE REMOTE OPERATIONS? Free up time for more strategic projects Benefit from Tripwire s in-house expertise Achieve
More informationDETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD
SOLUTION OVERVIEW: ALERT LOGIC THREAT MANAGER WITH ACTIVEWATCH DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD Protecting your infrastructure requires you to detect threats, identify suspicious
More informationLOG INTELLIGENCE FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF uugiven today s environment of sophisticated security threats, big data security intelligence solutions and regulatory compliance demands, the need for a log intelligence solution has become
More informationThe Advantages of Security as a Service versus On-Premise Security
The Advantages of Security as a Service versus On-Premise Security ABSTRACT: This document explores the growing trend of hosted/managed security as a service and why the cloud is quickly becoming the preferred
More informationTop 10 Reasons for Using Disk-based Online Server Backup and Recovery
ADVISORY Top 10 Reasons for Using Disk-based Online Server Backup and Recovery INTRODUCTION Backup of vital company information is critical to a company s survival, no matter what size the company. Recent
More informationHow to Develop a Log Management Strategy
Information Security Services Log Management: How to develop the right strategy for business and compliance The purpose of this whitepaper is to provide the reader with guidance on developing a strategic
More informationSIEM Implementation Approach Discussion. April 2012
SIEM Implementation Approach Discussion April 2012 Agenda What are we trying to solve? Summary Observations from the Security Assessments related to Logging & Monitoring Problem Statement Solution Conceptual
More informationEND TO END DATA CENTRE SOLUTIONS COMPANY PROFILE
END TO END DATA CENTRE SOLUTIONS COMPANY PROFILE About M 2 TD M2 TD is a wholly black Owned IT Consulting Business. M 2 TD is a provider of data center consulting and managed services. In a rapidly changing
More informationEARTHLINK BUSINESS. Simplify the Complex
EARTHLINK BUSINESS IT Simplify the Complex IS YOUR IT VENDOR A TRUSTED BUSINESS PARTNER? With all of the hype surrounding virtualization, cloud computing, and managed services, how do you assess the best
More informationagility made possible
SOLUTION BRIEF Flexibility and Choices in Infrastructure Management can IT live up to business expectations with soaring infrastructure complexity and challenging resource constraints? agility made possible
More informationLOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE As part of the Tripwire VIA platform, Tripwire Log Center offers out-of-the-box integration with Tripwire Enterprise to offer visibility
More informationBoosting enterprise security with integrated log management
IBM Software Thought Leadership White Paper May 2013 Boosting enterprise security with integrated log management Reduce security risks and improve compliance across diverse IT environments 2 Boosting enterprise
More informationTake Your Vision to the Cloud
Take Your Vision to the Cloud Executive Summary Many Professional Service firms are moving their Deltek Vision solution to cloud with the aim of focusing limited IT resources on core business requirements
More informationInstilling Confidence in Security and Risk Operations with Behavioral Analytics and Contextualization
WHITEPAPER Instilling Confidence in Security and Risk Operations with Behavioral Analytics and Contextualization Understanding Why Automated Machine Learning Behavioral Analytics with Contextualization
More informationCustomer Profile. The client was concerned that time-consuming systems upkeep would hamper the goals of both IT and the organization itself.
CUSTOMER CASE STUDY: ENTERPRISE HEALTHCARE SERVICES PROVIDER CLOUD MANAGEMENT AS A SERVICE (: INFRASTRUCTURE OPERATIONS The client was concerned that time-consuming systems upkeep would hamper the goals
More informationDEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER
DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target
More informationIBM Security QRadar Vulnerability Manager
IBM Security QRadar Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution Highlights Help prevent security breaches by discovering and highlighting high-risk
More informationPublic or Private Cloud: The Choice is Yours
white paper Public or Private Cloud: The Choice is Yours Current Cloudy Situation Facing Businesses There is no debate that most businesses are adopting cloud services at a rapid pace. In fact, a recent
More informationwith Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief
RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking
More informationThe Business Value of Managed Security Services
The Business Value of Managed Security Services SilverSky 440 Wheelers Farm Road Suite 202 Milford CT 06461 silversky.com 2013 SilverSky P.2 The Business Value of Managed Security Services Contents Abstract...
More informationeguide: Designing a Continuous Response Architecture Executive s Guide to Windows Server 2003 End of Life
Executive s Guide to Windows Server 2003 End of Life Facts About Windows Server 2003 Introduction On July 14, 2015 Microsoft will end support for Windows Sever 2003 and Windows Server 2003 R2. Like Windows
More informationThe case for cloud-based data backup
IBM Global Technology Services IBM SmartCloud IBM Managed Backupi The case for cloud-based data backup IBM SmartCloud Managed Backup offers significant improvement over traditional data backup methods
More informationExtreme Networks Security Analytics G2 Vulnerability Manager
DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering
More informationSP Monitor. nfx One gives MSPs the agility and power they need to confidently grow their security services business. NFX FOR MSP SOLUTION BRIEF
NFX FOR MSP SOLUTION BRIEF SP Monitor Jump Start Security-as-a-Service Designed to give you everything you need to get started immediately providing security-as-a service, SP Monitor is a real-time event
More informationWhat you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered
What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered Over the last decade, cloud backup, recovery and restore (BURR) options have emerged
More informationSOLUTION WHITE PAPER. Remedyforce Powerful Platform
SOLUTION WHITE PAPER Remedyforce Powerful Platform INTRODUCTION Any type of service desk needs a powerful technology platform to support their customers. However, several challenges arise when attempting
More informationWhat You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility
Your Guide to Cost, Security, and Flexibility What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility 10 common questions answered Over the last decade, cloud backup, recovery
More informationIBM QRadar Security Intelligence Platform appliances
IBM QRadar Security Intelligence Platform Comprehensive, state-of-the-art solutions providing next-generation security intelligence Highlights Get integrated log management, security information and event
More informationEXECUTIVE SUMMARY THE STATE OF BEHAVIORAL ANALYSIS
EXECUTIVE SUMMARY Behavioral Analysis is becoming a huge buzzword in the IT and Information Security industries. With the idea that you can automatically determine whether or not what s going on within
More informationCA Service Desk Manager
PRODUCT BRIEF: CA SERVICE DESK MANAGER CA Service Desk Manager CA SERVICE DESK MANAGER IS A VERSATILE, COMPREHENSIVE IT SUPPORT SOLUTION THAT HELPS YOU BUILD SUPERIOR INCIDENT AND PROBLEM MANAGEMENT PROCESSES
More informationWHITEPAPER. Addressing Them with Adaptive Network Security. Executive Summary... An Evolving Network Environment... 2. Adaptive Network Security...
WHITEPAPER Top 4 Network Security Challenges in Healthcare Addressing Them with Adaptive Network Security Executive Summary... 1 Top 4 Network Security Challenges Addressing Security Challenges with Adaptive
More informationHow To Use Cautela Labs Cloud Agile.Com
1 Correlation and analysis of security and network events in one integrated solution Cautela Labs Cloud Agile. Secured. Log Management 1 Log Management A great deal of events cross your network, servers,
More informationManaged Network Services: The TCO Payoff
Managed Network Services: The TCO Payoff s Executive Summary Three out of four midsize businesses describe themselves as network dependent. Cloud computing and mobility are important drivers of network-centric
More informationALERT LOGIC FOR HIPAA COMPLIANCE
SOLUTION OVERVIEW: ALERT LOGIC FOR HIPAA COMPLIANCE AN OUNCE OF PREVENTION IS WORTH A POUND OF CURE Alert Logic provides organizations with the most advanced and cost-effective means to secure their healthcare
More informationInformation Security Services. Achieving PCI compliance with Dell SecureWorks security services
Information Security Services Achieving PCI compliance with Dell SecureWorks security services Executive summary In October 2010, the Payment Card Industry (PCI) issued the new Data Security Standard (DSS)
More information2015 GLOBAL THREAT INTELLIGENCE REPORT EXECUTIVE SUMMARY
2015 GLOBAL THREAT INTELLIGENCE REPORT EXECUTIVE SUMMARY 1 EXECUTIVE SUMMARY INTRODUCING THE 2015 GLOBAL THREAT INTELLIGENCE REPORT Over the last several years, there has been significant security industry
More informationSEVEN REASONS TO CONSIDER ERP IN THE CLOUD SPECIAL REPORT SERIES ERP IN 2014 AND BEYOND
SEVEN REASONS TO CONSIDER ERP IN THE CLOUD SPECIAL REPORT SERIES ERP IN 2014 AND BEYOND CONTENTS INTRODUCTION 3 TRY BEFORE YOU BUY 4 TAKE ADVANTAGE OF THE MOST ADVANCED TECHNOLOGY 6 GENERATE MEASURABLE
More informationClavister InSight TM. Protecting Values
Clavister InSight TM Clavister SSP Security Services Platform firewall VPN termination intrusion prevention anti-virus anti-spam content filtering traffic shaping authentication Protecting Values & Enterprise-wide
More informationCurrent IBAT Endorsed Services
Current IBAT Endorsed Services Managed Network Intrusion Prevention and Detection Service SecureWorks provides proactive management and real-time security event monitoring and analysis across your network
More informationV1.4. Spambrella Email Continuity SaaS. August 2
V1.4 August 2 Spambrella Email Continuity SaaS Easy to implement, manage and use, Message Continuity is a scalable, reliable and secure service with no set-up fees. Built on a highly reliable and scalable
More informationBeyond Point Technology and The Managed Security Service Provider (MSSP) Co-management applied across the entire security environment
Beyond Point Technology and The Managed Security Service Provider (MSSP) Co-management applied across the entire security environment Whitepaper May 2015 2 Table of Contents THE RISE OF CO-MANAGEMENT...
More informationHow to Define SIEM Strategy, Management and Success in the Enterprise
How to Define SIEM Strategy, Management and Success in the Enterprise Security information and event management (SIEM) projects continue to challenge enterprises. The editors at SearchSecurity.com have
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationQRadar SIEM 6.3 Datasheet
QRadar SIEM 6.3 Datasheet Overview Q1 Labs flagship solution QRadar SIEM is unrivaled in its ability to provide an organization centralized IT security command and control. The unique capabilities of QRadar
More information