W H I T E P A P E R A T r u s t e d S e c u r i t y P a r t n e r : A M u s t - H a v e i n T o d a y ' s T h r e a t L a n d s c a p e
|
|
- Easter Hensley
- 8 years ago
- Views:
Transcription
1 Global Headquarters: 5 Speen Street Framingham, MA USA P F W H I T E P A P E R A T r u s t e d S e c u r i t y P a r t n e r : A M u s t - H a v e i n T o d a y ' s T h r e a t L a n d s c a p e Sponsored by: AT&T Christina Richmond Curtis Price August 2013 Christian A. Christiansen I D C O P I N I O N Given today's ever-evolving threat landscape of increasingly sophisticated and difficult-to-detect advanced persistent threats (APTs), denial of service (DoS), and distributed denial of service (DDoS) attacks, the enterprise faces a severe challenge in defending the entire environment, from the perimeter to the endpoint, completely alone. At the same time, IT organizations are pressured by board-level oversight to improve the administrative efficacy of security. This antagonistic situation represents a seemingly insolvable conundrum because it seems impossible to reconcile these opposing forces. Threat actors with their actions often have the ability to be more successful than the enterprise with its protection and defense. They continue to come up with increasingly imaginative strategies for their profit, which might be intellectual property, customer identities, or monetary gain. It is becoming harder and harder for IT to keep up with this dynamic landscape, especially when it is imperative for the enterprise whether small, large, or multinational to have a comprehensive and holistic security posture that covers all infrastructure and data, from the network to the application layer and beyond. Security is changing, and enterprises must adapt policies and procedures to stay ahead of threats. IDC believes that for the enterprise to effectively build its security posture, it must partner with a company that can provide the requisite professional security services (PSS) to assess security vulnerabilities, build a suitable strategy, and deploy plans that cover every aspect of the company's security needs. Moreover, IDC finds that managed security services (MSS) can offer advantages in reducing these vulnerabilities, predicting attacks, suggesting remediation, responding to incidents, and analyzing forensics to reduce the possibility of future events. I N T H I S W H I T E P A P E R In this white paper, IDC discusses the need for the enterprise to engage with a broad spectrum end-to-end security provider a "trusted security partner" to facilitate an overarching security plan for today's rapidly changing threat landscape. This white paper also takes a look at the services offered by AT&T that make it one of a handful of vendors that can claim to be a trusted security partner.
2 S I T U A T I O N O V E R V I E W B r o a d S e c u r i t y C o n c e r n s o f t h e E n t e r p r i s e Businesses feel the budget squeeze of doing more with less while also feeling the impact either directly or vicariously through the media of APTs, DoS, and DDoS attacks. A company's chief information security officer (CISO) knows that it is only a matter of time before the company ends up in the same position as its competitors. Additionally, the board desires more transparency into what has always been somewhat of a mystery: the "crying wolf" spend on security products to protect something that has never, to their knowledge, been breached. This is a key point: "to their knowledge" their organization may not have lost data through a breach. But the CISO knows that it is entirely possible that the company has in fact already lost critical intellectual, financial, or customer data without any awareness of the event. It is true many chief executive officers (CEOs) understand the need for security, but it is also true they face a daily battle to convince the lines of business to spend money to help protect an infrastructure that may or may not be necessary, that may or may not need defending, and that will almost assuredly continue to require increased budget. The board demands predictability in the budget and reduction of capital spending (capex) such as security hardware and software, and it pressures IT to reduce software and system integration costs. Concurrently, the security organization is faced with maintaining an effective department, responding to increasing worldwide compliance and privacy regulations, attempting to help fend off incidents, and leading a coordinated incident response if incidents do occur. All the while, media continues to highlight a growing concern about intellectual property protection. All this translates into a need for a seasoned security services provider that offers in-depth and mature assessment, design, integration, and operational expertise and, preferably, can also provision the enterprise with the necessary point products as needed. T h e E v o l v i n g L a n d s c a p e When it comes to security, there are as many ways to look at the organization's security protection as there are ways to compromise it. Key points to consider include: Publicly available reports from private and government sources agree that: Threats to online security have grown and evolved considerably in recent years. Malware authors have created a collaborative business network for bad, and their creations show constant innovation. Traditional threats are expanding into new forums. Social media and mobile devices are coming under increasing attack. Bring your own device (BYOD) is a growing trend and is expected to continue to rise, which will drive increased security concerns for the enterprise. 2 # IDC
3 Advanced persistent threats and DoS/DDoS are widely discussed in the media and are increasingly dangerous diversionary and extortion tactics to extract intellectual property and monetary assets. The cloud is here to stay, and while there are many benefits to migrating to a private, hybrid, or public cloud environment, there are equally as many security policy questions to be answered. A security detection and mitigation strategy is no longer enough; greater prediction of threats and correlation of these insights drive the requirement to have a threat intelligence solution broader than just a deployed security information and event management (SIEM) product. New Concerns for Security As today's CISOs understand, just because appliances are in place to protect the network, it may not be impenetrable to intrusion. Threats are more versatile and diverse and threat actors are more patient, mature, and creative than in the past. These new security concerns demand greater knowledge, coordination, and attention than previous and more "basic" threats to the network. They demand either a scaleup of both security products and resources or an engagement with a security partner that can assess, advise, design strategy for, and even where desired assume some or all of this for the organization. W h a t I s a C I S O t o D o? Secure the Network? Network security products are a necessary staple in any IT department, but now more than ever, an overarching and holistic security strategy is critical. It is no longer enough to throw more point products at the problem hoping they will fill all the holes. Web and attacks continue to evolve, and security systems must be managed to ensure that they identify and mitigate these challenges. To do this, they must be updated to stay relevant in this ever-changing landscape. In addition, access management needs to be comprehensive but not so restrictive that employees revolt. The incoming younger generation of workers desire access to the network from any device, any time, but IT still wants full control over who goes where and when. Load Up on Heavy Artillery? It is not enough to deploy SIEM to capture and log security events. In addition to SIEM, the department must have round-the-clock analysts to analyze logs to assist in predicting future threats. The amount of data captured and correlated can be astounding and the effort massive. These efforts fold in with an overarching breach management posture that most companies have not fully thought through, stopping at mitigation but not considering how to manage a possible public relations and brand reputation nightmare. Comply with Regulatory Standards? Regulatory compliance is like an octopus that extends its limbs into all areas of the business. Simply ticking off a checklist of compliance actions opens up additional 2013 IDC #
4 security concerns and questions for IT. Now more than ever, as regulatory standards cycle through changes at a faster and faster pace, companies are hiring an army of compliance and security consulting experts to assist in this rapidly evolving arena. Consider a Security Services Advisor? To navigate the challenges in today's threat landscape, IT managers know that at a minimum in addition to a security operation center (SOC) they must have enhanced analytics, data consolidation, and global threat intelligence knowledge of APTs and other adaptive, complex, and dynamic threats. 24 x 7 in-house security solutions are expensive, and expertise is scarce. In addition, they know that they must have the correlation capability to keep the information of these threats flowing to critical areas of the organization. Given the budgetary pressures CISOs face, this conversation can become a "build versus buy" discussion. First and foremost, the CISO looks for a trusted advisor to walk his or her department through a series of assessments to better understand gaps and opportunities for improvement. Next, this advisor will help to design a security policy and implementation strategy for the future. And finally, the CISO may look to engage a managed security services provider (MSSP) that can enable an organization to transfer the cost of ownership from capex to an operational expense (opex), thereby making security more of a predictable expense with a regular cadence in the budget cycle. Professional S e c u r i ty S ervices Engaging with a reputable professional security services partner can help the CISO enhance security capabilities while also creating a corporate culture that understands security and risk management. Such an engagement looks to increase cost efficiency in spite of mounting threats and regulatory burdens. Professional security consultants work to develop a comprehensive information security framework that addresses requirements for information protection, incident prevention, and detection and response, consistent with industry best practices. They look to establish a plan that addresses risk monitoring and mitigation requirements that encompass emerging technologies such as mobile and cloud computing. The outcome of a security consulting engagement will provide a detailed roadmap for effective implementation of the security strategies proposed. M a n aged Security Services An MSSP will have an enhanced security environment, with scalable and flexible security platforms capable of handling future expansion. MSSPs often have research labs that study and monitor threat trends on a global basis, and the findings from these organizations are critical to helping enterprises deal with the latest threats. In addition, many MSSPs offer compliance solutions to help clients adhere to mandates and prepare for audits. Leveraging the scale and expertise of a service provider can be beneficial to companies with many geographically dispersed sites. The large number of customers an MSSP supports gives them visibility into a large variety of threats on a global basis. An MSS engagement is not a one-size-fits-all proposition: no matter the size of the company and the current maturity of its security infrastructure, the organization can approach such an engagement gradually or entirely, depending on its needs. 4 # IDC
5 H a n d f u l o f V e n d o r s C a n F u l f i l l t h e " T r u s t e d S e c u r i t y P a r t n e r " R o l e In an ideal world, the security partner selected by an enterprise will have a broad array of professional services that work with the company's security and IT organizations to assess the current security posture, identify existing gaps, develop practices and procedures, design architectures, perform penetration and vulnerability tests, provide incident investigation and forensic data compilation, and perform compliance audits. If the enterprise is looking for predictable opex and desires to move to a managed security engagement, the security partner selected should be able to provide a wide range of managed security solutions, including network-based security services, from firewalls to monitoring and management services and emergency response services, all in a partnership that recognizes shared risk and responsibility. Only a handful of vendors can be the end-to-end partner that can seamlessly move from assessing the enterprise security posture to recommending and fulfilling hardware and software security deployments, implementing the products and, where needed, manage and monitor the environment. Add to that the need in many different size organizations for a partner to perform assessments and pre-audits on regulatory and compliance issues and even in some cases to manage the overall risk posture of the company. IDC believes that AT&T is one such partner. There are many other providers in the telecommunication industry that offer a broad lineup of security services, from professional consulting and integration to managed security services such as Verizon and CenturyLink. IT vendors such as HP, IBM, and Dell SecureWorks and security vendors such as Symantec and McAfee also offer security services comparable to AT&T's. It is a diverse and fragmented market and value can be found in many different forms along the continuum. Increased merger and acquisition (M&A) activity has brought consolidation, especially in the MSS space, leading IDC to believe that this will become a telco-versus-integrator battle. AT&T is extremely well positioned both in its network capabilities and in the very broad portfolio it has fashioned in security services. AT&T offers a complete Security Services portfolio where enterprises have a choice of network-based or premises-based security solutions that provide them with the level of support and the cost structure that best meet the needs of the business. The AT&T Security Services portfolio includes the services discussed in the sections that follow (see Figure 1) IDC #
6 F I G U R E 1 A T & T S e c u r i t y S e r v i c e s : A L a y e r e d " T h r e a t P r o t e c t i o n " S u i t e Source: AT&T, 2013 Consulting AT&T Security Consulting provides a portfolio of compliance and related security services. AT&T Security teams are focused in six areas: Security Strategy; PCI Solutions; Governance, Risk, and Compliance (GRC) Solutions; Secure Infrastructure Solutions; Threat and Vulnerability Management; and Application Security. These services help clients develop security strategies and roadmaps; assess gaps in and meet governance, risk, and compliance requirements; create payment card industry (PCI) solutions; install and assist with infrastructure; and manage threats and vulnerabilities. Specific features include the following: AT&T's Security Strategy and Roadmap service offers an advisory service to assist with the development of comprehensive and informative security strategies. An information security framework is developed for information protection, incident prevention, and detection and response, consistent with industry best practices. The plan addresses risk monitoring and mitigation requirements as well as emerging technologies such as mobile and cloud computing. A customized roadmap is developed with detailed project plans, identified owners, timelines, and resource allocation for the implementation of the security strategies. AT&T Governance, Risk, and Compliance provides consulting and advisory services for information security, governance, risk management, compliance, and implementation to develop, update, and/or validate security. 6 # IDC
7 AT&T Consulting is a PCI Qualified Security Assessor (QSA), a Payment Application Qualified Security Assessor (PA-QSA), and a Qualified Incident Response Assessor (QIRA). The PCI Consulting offer assesses the client business model and the critical supporting components and systems. The offer also performs assessments as well as strategic and tactical advice in the event that a PCI objective or control is not met or there is a data breach. AT&T's Secure Infrastructure Services assesses the security infrastructure, making recommendations on network consolidation and the analysis of data and packet flow with the goal of fine-tuning security devices to improve performance and minimize impact. Data leakage, data loss prevention, and security event management devices are assessed to develop an integrated and adaptive security architecture. AT&T's Vulnerability and Threat Management offer provides an independent baseline and validation of the organization's security posture through vulnerability assessment and penetration testing services. AT&T Consulting simulates realworld attacks to identify vulnerabilities in the network, evaluate risks, and develop remediation plans. AT&T Application Security Services offers four categories of application security services: Application Security Assessment provides automated and manual testing designed to circumvent the logic of the application in order to gain elevated access to systems or information. Application Security Program Management provides an application inventory, identification, and assignment of risk classification, development of testing plans, and management and execution of the program. Security Code Review examines all codes to identify potential weaknesses and vulnerabilities that could put the application and sensitive data at risk of disclosure or loss. PCI PA-QSA Application Security Assessment offers an assessment of certifications of payment applications in accordance with the PCI Payment Applications Best Practices program. AT&T's Security Event and Threat Analysis Service is a virtual security operation center that provides security analysis and operations to correlate information from multiple devices and device types, on premises and embedded in the AT&T network. Based on information gathered, AT&T provides notification of prioritized events based on risk and the ability to mitigate them. AT&T Security Device Management provides monitoring and management of security hardware and software located on premise or the implementation of complex and customer security solutions. Clients utilize the AT&T Security Network Operations Center (S/NOC) to monitor and manage security hardware and security infrastructure or to migrate to a custom security architecture designed to meet specific requirements IDC #
8 Managed Security Services At the operations level, AT&T provides customers with security solutions, including network-based security services, from firewalls to monitoring and management services, rapid response services, and security options on individual network services. Managed security services features include: AT&T Internet Protect provides security alerting and mitigation of attacks, including viruses, worms, and DDoS attacks that are in the early formulation stages. AT&T Private Intranet Protect analyzes traffic on the client's virtual private network (VPN), looking for known threats that originate both internal and external to the network. AT&T Mobile Security extends security controls beyond the mobile device into the AT&T network including the use of application controls and antivirus/antimalware scans. It provides access to an organization's VPN, the Internet, or cloud-based services as well as additional traffic filtering and scanning and is mobile-carrier agnostic. AT&T Network-Based Firewall Services provides enforcement of policy in the cloud or on the premises with a network-based firewall; premises-based firewall and Web application firewall services; day-to-day management, maintenance, support; and proactive 24 x 7 x 365 security monitoring. AT&T Web Security Service offers a managed network solution for content filtering and Web control. AT&T Intrusion Detection/Prevention Service helps detect and respond to malicious activities by sending the client alerts specific to the network and provides tools to assist the client with implementing internal network defense. AT&T Secure Gateway Services is a security-as-a-service solution that offers protection against inbound -borne threats, such as malicious Web links and attachments, and targeted phishing in addition to blocking traditional spam and viruses. AT&T Endpoint Security Service is a fully managed solution that helps protect both end users' and companies' internal systems from external hazards posed by doing business on the Internet. The service is designed to enforce compliance with customer-defined policies for firewall, antivirus, and software compliance at remote endpoints. AT&T Threat Management scans traffic and helps AT&T Security managers identify emerging problems, as well as see the sources of the problems, and take preventative action. This is both a standalone offering and an offering that integrates with the managed security services offering. 8 # IDC
9 AT&T DDoS Defense consists of detection and mitigation service components that examine net flow data, sending an alarm to an AT&T operations center and to the client with notification of the detected attack. AT&T Secure Network Gateway bundles AT&T Network-Based Firewall Services, AT&T Secure Gateway Service, and AT&T Web Security Service. AT&T also provides encryption services for and data encryption as well as token authentication services to help organizations know who is gaining access to network applications using two-factor authentication. F U T U R E O U T L O O K I D C F o r e c a s t s S t r o n g G r o w t h i n S e c u r i t y S e r v i c e s The increased complexity of security threats along with the need to evaluate various consumption models (on-premise, managed, hosted, and cloud) will require enterprises to seek consulting and strategy engagements from third-party providers to help align technology requirements with business objectives. IDC predicts that the total worldwide professional security services market is expected to reach $17.4 billion in 2013 and will grow to $22 billion by 2017, with a five-year compound annual growth rate (CAGR) of 5.9%. As discussed, MSS can provide reduction of capex and offer predictable opex and is therefore often a perfect solution to the security/boardroom conundrum discussed previously. IDC expects double-digit growth in the MSS market. C H A L L E N G E S / O P P O R T U N I T I E S Keeping pace with threats and staying on the cutting edge of mitigation at all layers of the network is a challenge that most security organizations cannot meet without some assistance. Given the nature of the constantly evolving threat landscape we've discussed and the budgetary pressures and board-level oversight to improve the administrative efficacy of security, it is critical to select a security services partner that provides the following at a minimum: A comprehensive security services offerings portfolio, from consulting and implementation through managed security services offerings Threat intelligence that creates actionable data that feeds into a managed service A broad array of security products and partnerships with vendors 2013 IDC #
10 C O N C L U S I O N IDC believes that to stay ahead of threats in this ever-increasingly complex landscape, it is important to work with a partner that supports a broad spectrum of security needs. As this paper discusses, some providers bring pieces of the solution, while AT&T does it all, from the perimeter to the endpoint. In addition, AT&T offers a menu of security services offerings that allows the customer flexibility and scale of solutions. C o p y r i g h t N o t i c e External Publication of IDC Information and Data Any IDC information that is to be used in advertising, press releases, or promotional materials requires prior written approval from the appropriate IDC Vice President or Country Manager. A draft of the proposed document should accompany any such request. IDC reserves the right to deny approval of external usage for any reason. Copyright 2013 IDC. Reproduction without written permission is completely forbidden. 10 # IDC
2012 North American Managed Security Service Providers Growth Leadership Award
2011 South African Data Centre Green Excellence Award in Technology Innovation Cybernest 2012 2012 North American Managed Security Service Providers Growth Leadership Award 2011 Frost & Sullivan 1 We Accelerate
More informationWorldwide Security and Vulnerability Management 2009 2013 Forecast and 2008 Vendor Shares
EXCERPT Worldwide Security and Vulnerability Management 2009 2013 Forecast and 2008 Vendor Shares IN THIS EXCERPT Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015
More informationSluggish Incident Response: Next-Generation Security Problems and Solutions
CUSTOMER NEEDS AND STRATEGIES Sluggish Incident Response: Next-Generation Security Problems and Solutions Christian A. Christiansen Christina Richmond Robert Westervelt IDC OPINION The rush to adopt technologies
More informationSymantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape
WHITE PAPER: SYMANTEC GLOBAL INTELLIGENCE NETWORK 2.0.... ARCHITECTURE.................................... Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Who
More informationWorldwide Security and Vulnerability Management 2014 2018 Forecast and 2013 Vendor Shares
Market Analysis Worldwide Security and Vulnerability Management 2014 2018 Forecast and 2013 Vendor Shares Charles J. Kolodgy IN THIS EXCERPT The content for this excerpt was taken directly from IDC Market
More informationW H I T E P A P E R I m p a c t o f C y b e r s e c u r i t y A t t a c k s a n d N e w - A g e S e c u r i t y S t r a t e g i e s
W H I T E P A P E R I m p a c t o f C y b e r s e c u r i t y A t t a c k s a n d N e w - A g e S e c u r i t y S t r a t e g i e s IDC Middle East, Africa, and Turkey, Al Thuraya Tower 1, Level 15, Dubai
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationAdvanced Threat Protection with Dell SecureWorks Security Services
Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5
More informationThe Benefits of an Integrated Approach to Security in the Cloud
The Benefits of an Integrated Approach to Security in the Cloud Judith Hurwitz President and CEO Marcia Kaufman COO and Principal Analyst Daniel Kirsch Senior Analyst Sponsored by IBM Introduction The
More informationHow To Buy Nitro Security
McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security
More informationHow To Protect Your Network From Attack From A Network Security Threat
Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your
More informationWhat is Security Intelligence?
2 What is Security Intelligence? Security Intelligence --noun 1. the real-time collection, normalization, and analytics of the data generated by users, applications and infrastructure that impacts the
More informationCloud Assurance: Ensuring Security and Compliance for your IT Environment
Cloud Assurance: Ensuring Security and Compliance for your IT Environment A large global enterprise has to deal with all sorts of potential threats: advanced persistent threats (APTs), phishing, malware
More informationI D C A N A L Y S T C O N N E C T I O N
I D C A N A L Y S T C O N N E C T I O N Robert Westervelt Research Manager, Security Products T h e R o l e a nd Value of Continuous Security M o nitoring August 2015 Continuous security monitoring (CSM)
More informationWAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales
WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales The Cost of Cybercrime Sony $171m PlayStation 3 data breach (April 2011) $3 trillion
More informationQ1 Labs Corporate Overview
Q1 Labs Corporate Overview The Security Intelligence Leader Who we are: Innovative Security Intelligence software company One of the largest and most successful SIEM vendors Leader in Gartner 2011, 2010,
More informationWith Cloud Defender, Alert Logic combines products to deliver outcome-based security
With Cloud Defender, Alert Logic combines products to deliver outcome-based security Analyst: Javvad Malik 13 Nov, 2014 Security has typically been a technology-driven area. If a company puts up a website,
More informationPreemptive security solutions for healthcare
Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare
More informationHow To Understand Cloud Economics
WHITE PAPER Cloud Economics: A Financial Analysis of Information Management IT Delivery Models Sponsored by: Viewpointe LLC Michael Versace October 2013 Randy Perry IDC OPINION Executive Summary Cost optimization
More informationCompany-owned managed security technologies, in addition to more than 500 third-party technologies that Trustwave manages and monitors
VENDOR PROFILE Trustwave: Solutions and Services for Security and Compliance Christina Richmond IDC OPINION Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com
More informationLeveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs
IBM Global Technology Services Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs Achieving a secure government
More informationSecurity. Security consulting and Integration: Definition and Deliverables. Introduction
Security Security Introduction Businesses today need to defend themselves against an evolving set of threats, from malicious software to other vulnerabilities introduced by newly converged voice and data
More informationAddress C-level Cybersecurity issues to enable and secure Digital transformation
Home Overview Challenges Global Resource Growth Impacting Industries Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments,
More informationNEC Managed Security Services
NEC Managed Security Services www.necam.com/managedsecurity How do you know your company is protected? Are you keeping up with emerging threats? Are security incident investigations holding you back? Is
More informationIBM Security QRadar Vulnerability Manager
IBM Security QRadar Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution Highlights Help prevent security breaches by discovering and highlighting high-risk
More informationFIVE PRACTICAL STEPS
WHITEPAPER FIVE PRACTICAL STEPS To Protecting Your Organization Against Breach How Security Intelligence & Reducing Information Risk Play Strategic Roles in Driving Your Business CEOs, CIOs, CTOs, AND
More informationI D C T E C H N O L O G Y S P O T L I G H T. S e r ve r S e c u rity: N o t W h a t It U s e d t o Be!
I D C T E C H N O L O G Y S P O T L I G H T S e r ve r S e c u rity: N o t W h a t It U s e d t o Be! December 2014 Adapted from Worldwide Endpoint Security 2013 2017 Forecast and 2012 Vendor Shares by
More informationAddressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationNorth American Electric Reliability Corporation (NERC) Cyber Security Standard
North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation
More informationTata Communications Security Outsourcing. A Must-have for Entry into the Global Economy. www.tatacommunications.com. www.tatacommunications.
Tata Communications Security Outsourcing A Must-have for Entry into the Global Economy www.tatacommunications.com www.tatacommunications.com 2 Tata Communications Security Outsourcing A Must-have for Entry
More informationSOLUTION BRIEF. Next Generation APT Defense for Healthcare
SOLUTION BRIEF Next Generation APT Defense for Healthcare Overview Next Generation APT Defense for Healthcare Healthcare records with patients personally identifiable information (PII) combined with their
More informationCisco Security Optimization Service
Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless
More informationRequirements When Considering a Next- Generation Firewall
White Paper Requirements When Considering a Next- Generation Firewall What You Will Learn The checklist provided in this document details six must-have capabilities to look for when evaluating a nextgeneration
More informationSimplify Your Network Security with All-In-One Unified Threat Management
Singtel Business Product Factsheet Brochure Managed Defense Unified Services Management Simplify Your Network Security with All-In-One Unified Management Singtel Managed Unified Management (UTM) Services,
More informationCYBER SECURITY, A GROWING CIO PRIORITY
www.wipro.com CYBER SECURITY, A GROWING CIO PRIORITY Bivin John Verghese, Practitioner - Managed Security Services, Wipro Ltd. Contents 03 ------------------------------------- Abstract 03 -------------------------------------
More informationCaretower s SIEM Managed Security Services
Caretower s SIEM Managed Security Services Enterprise Security Manager MSS -TRUE 24/7 Service I.T. Security Specialists Caretower s SIEM Managed Security Services 1 Challenges & Solution Challenges During
More informationESG Brief. Overview. 2014 by The Enterprise Strategy Group, Inc. All Rights Reserved.
ESG Brief Webroot Delivers Enterprise-Class Threat Intelligence to Security Technology Providers and Large Organizations Date: September 2014 Author: Jon Oltsik, Senior Principal Analyst; Kyle Prigmore,
More informationIBM QRadar Security Intelligence April 2013
IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence
More informationAssessing the Business Value of the Secured Datacenter
IDC SOLUTION BRIEF Assessing the Business Value of the Secured Datacenter Sponsored by: Cisco Pete Lindstrom Matthew Marden December 2014 Richard L. Villars OVERVIEW The world of IT is in the midst of
More informationMANAGED SECURITY SERVICES (MSS)
MANAGED SECURITY SERVICES (MSS) The Cyber Security Initiative. Cybercrime is becoming an important factor for CIOs and IT professionals, but also for CFOs, compliance officers and business owners. The
More informationI D C E X E C U T I V E B R I E F
Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com I D C E X E C U T I V E B R I E F P e netration Testing: Taking the Guesswork Out of Vulnerability
More informationOVERVIEW. Enterprise Security Solutions
Enterprise Security Solutions OVERVIEW For more than 25 years, Trend Micro has innovated constantly to keep our customers ahead of an everevolving IT threat landscape. It s how we got to be the world s
More informationA HELPING HAND TO PROTECT YOUR REPUTATION
OVERVIEW SECURITY SOLUTIONS A HELPING HAND TO PROTECT YOUR REPUTATION CONTENTS INFORMATION SECURITY MATTERS 01 TAKE NOTE! 02 LAYERS OF PROTECTION 04 ON GUARD WITH OPTUS 05 THREE STEPS TO SECURITY PROTECTION
More informationLeveraging security from the cloud
IBM Global Technology Services Thought Leadership White Paper IBM Security Services Leveraging security from the cloud The who, what, when, why and how of cloud-based security services 2 Leveraging security
More informationAdvantages of Managed Security Services
Advantages of Managed Security Services Cloud services via MPLS networks for high security at low cost Get Started Now: 877.611.6342 to learn more. www.megapath.com Executive Summary Protecting Your Network
More informationManaged Security Services for Data
A v a y a G l o b a l S e r v i c e s Managed Security Services for Data P r o a c t i v e l y M a n a g i n g Y o u r N e t w o r k S e c u r i t y 2 4 x 7 x 3 6 5 IP Telephony Contact Centers Unified
More informationDEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER
DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target
More informationConquering PCI DSS Compliance
Any organization that stores, processes or transmits information related to credit and debit card payments has a responsibility to protect each cardholder s personal data. To help accomplish this goal,
More informationInformation & Asset Protection with SIEM and DLP
Information & Asset Protection with SIEM and DLP Keeping the Good Stuff in and the Bad Stuff Out Professional Services: Doug Crich Practice Leader Infrastructure Protection Solutions What s driving the
More information2011 Forrester Research, Inc. Reproduction Prohibited
1 2011 Forrester Research, Inc. Reproduction Prohibited Information Security Metrics Present Information that Matters to the Business Ed Ferrara, Principal Research Analyst July 12, 2011 2 2009 2011 Forrester
More informationBlackRidge Technology Transport Access Control: Overview
2011 BlackRidge Technology Transport Access Control: Overview 1 Introduction Enterprises and government agencies are under repeated cyber attack. Attacks range in scope from distributed denial of service
More informationTrustwave blocks Web-borne malware - guaranteed, or your money back
Trustwave blocks Web-borne malware - guaranteed, or your money back Analyst: Adrian Sanabria 16 Jul, 2014 Today, Trustwave makes a bold announcement a zero malware guarantee. The anti-malware market has
More informationItaly. EY s Global Information Security Survey 2013
Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information
More informationBusiness Case Outsourcing Information Security: The Benefits of a Managed Security Service
Business Case Outsourcing Information Security: The Benefits of a Managed Security Service seccuris.com (866) 644-8442 Contents Introduction... 3 Full- Time Experts vs. a Part- Time In- House Staff...
More informationIncrease insight. Reduce risk. Feel confident.
Increase insight. Reduce risk. Feel confident. Define critical goals with enhanced visibility then enable security and compliance across your complex IT infrastructure. VIRTUALIZATION + CLOUD NETWORKING
More informationUnified Threat Management, Managed Security, and the Cloud Services Model
Unified Threat Management, Managed Security, and the Cloud Services Model Kurtis E. Minder CISSP Global Account Manager - Service Provider Group Fortinet, Inc. Introduction Kurtis E. Minder, Technical
More informationCombating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center
Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored. It takes an average
More informationClavister InSight TM. Protecting Values
Clavister InSight TM Clavister SSP Security Services Platform firewall VPN termination intrusion prevention anti-virus anti-spam content filtering traffic shaping authentication Protecting Values & Enterprise-wide
More informationCORE Security and GLBA
CORE Security and GLBA Addressing the Graham-Leach-Bliley Act with Predictive Security Intelligence Solutions from CORE Security CORE Security +1 617.399-6980 info@coresecurity.com www.coresecurity.com
More informationBuilding a Web Security Ecosystem to Combat Emerging Internet Threats
I D C V E N D O R S P O T L I G H T Building a Web Security Ecosystem to Combat Emerging Internet Threats September 2005 Adapted from: Worldwide Secure Content Management 2005 2009 Forecast Update and
More informationContent Security: Protect Your Network with Five Must-Haves
White Paper Content Security: Protect Your Network with Five Must-Haves What You Will Learn The continually evolving threat landscape is what makes the discovery of threats more relevant than defense as
More informationW H I T E P A P E R W e b S e c u r i t y S a a S : T h e N ext Generation of Web Security
W H I T E P A P E R W e b S e c u r i t y S a a S : T h e N ext Generation of Web Security Sponsored by: Webroot Software Christian A. Christiansen Gerry Pintal April 2008 Brian E. Burke IDC OPINION Global
More informationCombating a new generation of cybercriminal with in-depth security monitoring
Cybersecurity Services Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored.
More informationTransformative Technology in Document Security
INSIGHT Transformative Technology in Document Security Arianna Valentini IDC OPINION The majority of organizations have taken steps in making sure that their IT environments are secure. Worldwide Security
More informationMike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program
Cyber: The Catalyst to Transform the Security Program Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA A Common Language? Hyper Connected World Rapid IT Evolution Agile Targeted Threat
More information2015 GLOBAL THREAT INTELLIGENCE REPORT EXECUTIVE SUMMARY
2015 GLOBAL THREAT INTELLIGENCE REPORT EXECUTIVE SUMMARY 1 EXECUTIVE SUMMARY INTRODUCING THE 2015 GLOBAL THREAT INTELLIGENCE REPORT Over the last several years, there has been significant security industry
More informationSeven Things To Consider When Evaluating Privileged Account Security Solutions
Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?
More informationBy John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION
THE NEXT (FRONT) TIER IN SECURITY When conventional security falls short, breach detection systems and other tier 2 technologies can bolster your network s defenses. By John Pirc THREAT HAS moved beyond
More informationBoosting enterprise security with integrated log management
IBM Software Thought Leadership White Paper May 2013 Boosting enterprise security with integrated log management Reduce security risks and improve compliance across diverse IT environments 2 Boosting enterprise
More informationSecuring business data. CNS White Paper. Cloud for Enterprise. Effective Management of Data Security
Securing business data CNS White Paper Cloud for Enterprise Effective Management of Data Security Jeff Finch, Head of Business Development, CNS Mosaic 2nd July 2015 Contents 1 Non-Disclosure Statement...
More informationIBM Security Intelligence Strategy
IBM Security Intelligence Strategy Delivering Insight with Agility October 17, 2014 Victor Margina Security Solutions Accent Electronic 12013 IBM Corporation We are in an era of continuous breaches Operational
More informationWHITE PAPER Practical Information Governance: Balancing Cost, Risk, and Productivity
WHITE PAPER Practical Information Governance: Balancing Cost, Risk, and Productivity Sponsored by: EMC Corporation Laura DuBois August 2010 Vivian Tero EXECUTIVE SUMMARY Global Headquarters: 5 Speen Street
More informationREVOLUTIONIZING ADVANCED THREAT PROTECTION
REVOLUTIONIZING ADVANCED THREAT PROTECTION A NEW, MODERN APPROACH Blue Coat Advanced Threat Protection Group GRANT ASPLUND Senior Technology Evangelist 1 WHY DO I STAND ON MY DESK? "...I stand upon my
More informationDNS Server Security Survey
EXECUTIVE BRIEF DNS Server Security Survey Sponsored by: EfficientIP Romain Fouchereau June 2014 INTRODUCTION With most organizations having some business linked to and more importantly relying on an online
More informationData Center Security in a World Without Perimeters
www.iss.net Data Center Security in a World Without Perimeters September 19, 2006 Dave McGinnis Director of MSS Architecture Agenda Securing the Data Center What threats are we facing? What are the risks?
More informationIBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer
IBM Security QRadar SIEM & Fortinet / FortiAnalyzer Introducing new functionality for IBM QRadar Security Intelligence Platform: integration with Fortinet s firewalls and logs forwarded by FortiAnalyzer.
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationAlcatel-Lucent Services
SOLUTION DESCRIPTION Alcatel-Lucent Services Security Introduction Security is a sophisticated business and technical challenge, and it plays an important role in the success of any network, service or
More informationManaged Security Services. Leverage our experienced security operations team to improve your cyber security posture
Managed Security Services Leverage our experienced security operations team to improve your cyber security posture Our approach to Managed Security Services Enterprises spend millions on technology to
More informationMobile Devices and Malicious Code Attack Prevention
Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com WHITE PAPER Malicious Code and Mobile Devices: Best Practices for Securing Mobile Environments Sponsored
More informationSecurity for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape
White Paper Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape Financial services organizations have a unique relationship with technology: electronic data and transactions
More informationBringing Continuous Security to the Global Enterprise
Bringing Continuous to the Global Enterprise Asset Discovery Network Web App Compliance Monitoring Threat Protection The Most Advanced Platform 3+ Billion IP Scans/Audits a Year 1+ Trillion Events The
More informationHigh End Information Security Services
High End Information Security Services Welcome Trion Logics Security Solutions was established after understanding the market's need for a high end - End to end security integration and consulting company.
More informationIBM Security Strategy
IBM Security Strategy Intelligence, Integration and Expertise Kate Scarcella CISSP Security Tiger Team Executive M.S. Information Security IBM Security Systems IBM Security: Delivering intelligence, integration
More informationINFORMATION PROTECTED
INFORMATION PROTECTED Symantec Protection Suite Effective, comprehensive threat protection Safeguarding your organization s business-critical assets in today s ever-changing threat landscape has never
More informationWhite. Paper. Understanding and Addressing APTs. September 2012
White Paper Understanding and Addressing APTs By Jon Oltsik, Senior Principal Analyst September 2012 This ESG White Paper was commissioned by Trend Micro and is distributed under license from ESG. 2012,
More informationDETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD
SOLUTION OVERVIEW: ALERT LOGIC THREAT MANAGER WITH ACTIVEWATCH DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD Protecting your infrastructure requires you to detect threats, identify suspicious
More informationSecureData: A Fast-Growing, U.K.-Headquartered Security Services Vendor
VENDOR PROFILE SecureData: A Fast-Growing, U.K.-Headquartered Security Services Vendor Juan Sacchi IDC OPINION SecureData is a growing managed security services provider headquartered in the U.K. with
More informationExtreme Networks Security Analytics G2 Vulnerability Manager
DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering
More informationCurrent IBAT Endorsed Services
Current IBAT Endorsed Services Managed Network Intrusion Prevention and Detection Service SecureWorks provides proactive management and real-time security event monitoring and analysis across your network
More informationWHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?
WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? Contents Introduction.... 3 What Types of Network Security Services are Available?... 4 Penetration Testing and Vulnerability Assessment... 4 Cyber
More informationMANAGED SECURITY SERVICES (MSS)
MANAGED SECURITY SERVICES (MSS) THE CYBER SECURITY INITIATIVE. Cybercrime is becoming an important factor for CIOs and IT professionals, but also for CFOs, compliance officers and business owners. The
More informationProtecting against cyber threats and security breaches
Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez abenaventem@es.ibm.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So
More informationHP and netforensics Security Information Management solutions. Business blueprint
HP and netforensics Security Information Management solutions Business blueprint Executive Summary Every day there are new destructive cyber-threats and vulnerabilities that may limit your organization
More informationInformation Security Services. Achieving PCI compliance with Dell SecureWorks security services
Information Security Services Achieving PCI compliance with Dell SecureWorks security services Executive summary In October 2010, the Payment Card Industry (PCI) issued the new Data Security Standard (DSS)
More informationCompliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.
ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework
More information