Managed Service Solutions Catalogue. MANAGED SERVICES SOLUTIONS CATALOGUE MS Offering Overview June 2014

Transcription

1 Managed Service Solutions Catalogue MANAGED SERVICES SOLUTIONS CATALOGUE MS Offering Overview June

2 MANAGED SERVICES SOLUTIONS CATALOGUE Managed Services Solutions Catalogue

3 Managed Service Solutions Catalogue 12 Years of Expertise At Your Side Outpost24 offers a full service alternative to internal management of vulnerability assessments, reducing the costs and time needed to hire, train and manage an in-house IT security team. Regardless of business size, Outpost24 s Managed Services (MS) will seamlessly integrate the vulnerability management solution that meets the needs of your organization. Why Combine Managed Services with Outpost24 Tools? Managed Service allows you to quickly and easily adopt a vulnerability management program with constant support of vulnerability management experts, so that you can focus on your core business. Our team of highly experienced technical experts will partner with your organization throughout the initial implementation, scanning and remediation reporting, and provide the most secure, efficient and costeffective recommendations. As your organization establishes processes and adopts best practices, we maintain ultimate flexibility and allow you to oversee your vulnerability management program internally. Outpost24 offers four levels of managed service solutions: Basic Advanced Custom PCI 11.2 Includes basic set-up of Outpost24 tools, monitoring and automated reporting Includes basic set up of our tools, customized reporting, analysis, interpretation of results and follow up A customized service offering best suited for large organizations with complex networks or geographic distribution Outpost24 PCI certified vulnerability scanning reports All levels include implementation services, reporting on a scheduled monthly or quarterly basis. Additional adhoc reporting is also available, depending on organization s needs. 3

4 Managed Service Solutions Catalogue Basic Implementation and Automation Description Key Benefits Solution Includes This solution is best suited for small to medium sized organizations looking to get basic parameters for a vulnerability management program in place. Twelve years of VM experience combined with our team will ensure best practices set-up and configuration of the Outpost24 tools.! Gain support in defining VM goals, establishing risk acceptance levels for your organization, and maintaining acceptable risk levels! Ensures best practice set-up, customized to specific needs and existing business processes! Organizations can maintain their business operations, while Outpost24 helps maintain their VM program efforts! Sign-off on VM efforts can be delivered at once, organizations can be up and running with tools properly from week 1 Vulnerability Management Program Outpost24 designs a program to meet organizational requirements such as remediation contacts, assessment schedules, asset management, alerting, etc. Statement of Work Outpost24 provides assessment activities, deliverables and a timeline for the organization s VM program upfront. Scanning Templates Configuration Outpost24 will configure the scanning templates based on organizational requirements and adjust them based on the assets in scope. Asset Management (Discovery, Groups) Assets will be managed according to organizational setup allowing the organization to track them using customizable attributes and allocate them into groups. Proactive Alerting Using Scanning-less Scanning When scanning is at least monthly, the organization s assets will be monitored for new vulnerabilities using Outpost24 s SLS technology. Alerting (Rogue Systems, Vulnerabilities) Outpost24 can configure alerts organizations to be notified when a new device is discovered on an IP range, or when a specific level of risk is found on an asset. Automated Vulnerability Assessment Reports Outpost24 will set up automated reporting according to organization s needs, ensuring that after each assessment, the right contact will receive the right information. Full Year Executive Report At the end of each contracted year, Outpost24 will provide a full report to showcase the current risk posture of the organization, and what was achieved based on established goals of the VM program. 4

5 Managed Services Solutions Catalogue Advanced Reporting & Analysis Description This solution combines best practices set-up, configuration and implementation of Outpost24 technology, with expert analysis of scan results on a monthly or quarterly basis. The Advanced offering is perfect for an organization looking for a firm understanding and analysis of their scanning results, in relation to organizational goals and objectives. Key Benefits Package Includes In addition to the Basic Solution benefits, organizations with Outpost24 s Advanced MS offering will also benefit from:! Combined expertise in analysis and interpretation of results! Expert Feedback and tracking ensures effectiveness of vulnerability remediation! Help in visualizing strategic, high-level results to identify and illustrate the effectiveness and value of investment Includes all Basic Offerings: Vulnerability Management Program Statement of Work Scanning Templates Configuration Asset Management (Discovery, Groups) Proactive Alerting Using Scanning-less Scanning Alerting (Rogue Systems, Vulnerabilities) Automated Vulnerability Assessment Reports Full Year Executive Report Plus: Custom Reporting The organization can define what information they need to see in their quarterly or monthly reports. This could be a customized report for Management or for Technical teams and can be delivered in various formats including Powerpoint, PDF and Excel. High Risk Verifications Outpost24 will verify new High Risks found in the organization s systems, verify that they are not a false positive, then send a notification upon discovery. False Positives Review Outpost24 s team of experts will analyse false positives reported in scanning results to ensure the quality of findings and to help guide remediation efforts. Follow-up Calls Outpost24 will schedule follow-up calls to discuss results of the report findings, and to guide remediation efforts, and to gauge the impact of remediation activities. Expert Analysis & Interpretation Outpost24 s team will analyse and interpret scan results to help organizations focus and prioritize their remediation efforts, and to illustrate success and impact over time. 5

6 Managed Services Solutions Catalogue Custom Description For organizations with a complex network set up, widespread geographic distribution, or unique organizational goals, Outpost24 is able to offer a fully customizable solution tailored specifically to the organization s needs. Key Benefits In addition to the Basic & Advanced benefits, customers also benefit from:! The ability to have Outpost24 experts serve as an extension of their team toward their VM efforts! Moulding a fully customizable solution to their existing business processes! Complete support in clarifying, presenting, and reporting to upper level management (depending on scope) Package Includes Includes all Basic and Advanced Offerings: Vulnerability Management Program Statement of Work Scanning Templates Configuration Asset Management (Discovery, Groups) Proactive alerting using Scan-less Scanning Alerting (Rogue Systems, Vulnerabilities) Automated Vulnerability Assessment Reports Full Year Executive Report Custom Reporting False Positives Review Follow-up Calls Expert Analysis & Interpretation Additional offerings are entirely customizable to customers needs. This can include, but is not limited to: Management level comparisons between business units Trend analysis to find process errors in change and problem management Reporting to different business units, IT teams, management or various other levels Strategic reporting on progress of VM efforts Analysis of effectiveness of VM efforts and investments 6

7 Managed Services Solutions Catalogue PCI 11.2 Description For organizations looking for the fastest, most reliable way to achieve PCI compliance, Outpost24 s PCI ASV managed services are a great solution. PCI 11.2 guidance dictates that there are three types of vulnerability scanning required: Internal quarterly scanning, External quarterly scanning, and as needed after significant changes. Outpost24 can support in all three of these areas. Key Benefits! This is the fastest way to achieve compliance for external vulnerability scanning! Organizations can maintain their business operations, while Outpost24 guides them to PCI ASV compliance! Assistance in navigating false positives related to PCI ASV requirements! Outpost24 identifies controls necessary to compensate on PCI ASV requirement failures! Adhoc assessment after any significant network changes Package Includes Vulnerability Management Program for PCI ASV Perimeter Scans Outpost24 works with the organization to establish a VM program and create a workflow for PCI ASV scanning requirements Asset Discovery to Scope Active IP Addresses for PCI ASV Scans Outpost24 will launch an asset discovery in order to assess the Live IP addresses on organization s networks. Asset CMDB for Reporting Purposes Outpost24 will help customer understand assets in scope and formulate solutions. Quarterly Assessments Quarterly assessments are scheduled according to Requirement 11.2 & (NOTE: to fulfill 11.2, both HIAB Internal and External scanning are required) Reporting - Quarterly Trackers Outpost24 provides Quarterly Trackers allowing our customers to concentrate on issues that require attention in order to be compliant. False Positives Review Outpost24 s expert VM team will help separate potential vulnerabilities from real ones. Quarterly Follow-up Calls to Review Findings Outpost24 will conduct follow-up calls to discuss results, solutions and next steps toward ongoing compliance. Unlimited Rescans Allows organizations to rescan their assets in scope in order to verify remediation activities. Disputes and Special Notes Handling Outpost24 will provide these as proof of mitigation by uploading screenshots, configuration files and false positives information. Reporting - Attestation of Compliance for 11.2 After all findings that failed PCI ASC Program Guide Requirements have been resolved or disputed, we will provide an Attestation Report. 7

8 Managed Service Solutions Catalogue Methodology Much like our technology, our team uses a proven methodology to help organizations achieve vulnerability management success. DEFINE THE PROGRAM We work with you to establish roles, responsibilities and goals, then define a security policy and suggest the best tool for your organization based on factors like risk aversion, threat exposure and costs. DISCOVER ASSETS We use our smart technology to quickly and accurately discover and take inventory of the assets in your network, enabling you to group assets by business unit, environment, location, etc. ASSESS THE NETWORK We schedule scanning based on your organizational processes, industry best practices and security policies. Then, you can scan or create templates based on your organization s needs. PRIORITIZE REMEDIATION Our format of reporting includes descriptions of vulnerabilities on your network and recommendations for mitigation and remediation that are rated by threat-level and prioritized for impact and efficiency. TRACK PROGRESS Our system also allows you to view trending data and graphs to show statistics about risk exposure and vulnerabilities in your network over time and create reports to demonstrate improvement. Getting Started To get started one of our account managers accompanied by a security consultant will work with your organization to explore the offering that is best suited to your needs by following these 5 steps: Once the SOW is agreed upon and finalized, an Outpost24 Security Consultant will begin our onboarding process to begin managed services as quickly and smooth as possible. 8