Choosing Between Managed Security Services or In-house SIEM? Consider the Benefits of both! Matteo Masserini Steven Kulley Tarun Sondhi Emerging Region Sales Specialist Regional Product Manager - EMEA Group Product Manager Choosing Between Managed Security Services or In-house SIEM 1
Is IT Security Keeping Pace? Source: Symantec 2011 Threat Management Survey 2
Key Customer Challenges How do I demonstrate due care around security incident handling? How do I meet compliance needs? How can I manage both broad and targeted threats? How do I stay on top of emerging threats? How do I meet both needs affordably with the same staff? Am I running in place or innovating? Choosing Between Managed Security Services or In-house SIEM SYMANTEC VISION 2012 3
Common Decision Drivers Multiple Compliance Regulations Establish IT Controls Monitoring and Incident Response Reporting and Metrics Security Challenges Threats from hackers: Casual to Targeted Shinking Vulnerability disclosure to exploit window Malicious and Criminal Motivation Cost Challenges CapEx vs. OpEx Buy vs. Build Planning for Growth 4
Operations Structure Security Strategy Planning and Design Execution/Implementations Operations Change Management Incident Management Monitoring Ticketing systems Escalation processes Moves/Adds/Changes etc Service Improvement/Optimization People Tools Process 5
Cost Center Are you a Cost Center or Profit Center? Worst Case Best Case 20% Innovating 80% Sustaining and Running Increase Value Creation Decrease Low Value Operations 80% Innovating 20% Sustaining and Running Profit Generator 6 Choosing Between Managed Security Services or In-house SIEM SYMANTEC VISION 2012
What makes up the 80 % Incident Monitoring Out-Tasking 80% Performance Management Availability Monitoring Problem Management Capacity Management Change Management Patch Management Configuration Management Availability Management MAC s Symantec Customer Confidential SYMANTEC VISION 2012 7
Traditionally Two Silos Characteristics MSSPs SIEMs Location Cloud Delivered On Premise Primary Use Case Compliance & Security Compliance & Security Technologies Comprehensive Comprehensive Customizability Limited Extensive Time to Value Faster Slower Global Visibility Broad Limited Cost Opex + Capex + 8
Investment in Outcome MSSP s Drivers: Staffing challenges - 24x7 coverage - Recruiting and retention - Headcount restrictions Skills gaps - Threat expertise Higher priority projects Urgency to deliver outcomes Advantages Out-tasked 24/7/365 solution Offers offsite log retention Minimum Build - faster time to value Cautions Effort to transfer domain knowledge Customization options are limited Choosing Between Managed Security Services or In-house SIEM SYMANTEC VISION 2012 9
Invest In Effort - SIEM Drivers: Specific regulations prevent exporting log data to third parties Already have investments in internal staff/expertise High customization needs Advantages Flexible and customizable Enables effective management of security incidents Local log storage Cautions Time to value is steep Substantial infrastructure requirements Significant effort to sustain long term Choosing Between Managed Security Services or In-house SIEM SYMANTEC VISION 2012 10
Security Security Management Maturity Model E D A B C Functional Maturity A B C D E Labor Centric Tools Based Integrated Picture Dynamic Defense Agile Management Use of individual tool consoles to manage and monitor the environment Investment in smart tooling, integration intensive with reporting benefits Centralized tool platform, automated processes Change in emphasis from reactive to proactive, understanding security risk posture Becoming threat aware, efficient and effective granular controls to focus on specific threats 11
Security Security Management Maturity Model Current State Current State Target State E X X D A B C Functional Maturity A B C D E Labor Centric Tools Based Integrated Picture Dynamic Defense Agile Management Use of individual tool consoles to manage and monitor the environment Investment in smart tooling, integration intensive with reporting benefits Centralized tool platform, automated processes Change in emphasis from reactive to proactive, understanding security risk posture Becoming threat aware, efficient and effective granular controls to focus on specific threats 12
Security Security Management Maturity Model Step 1 SIEM Target State E A B C X D X MSSP Functional Maturity A B C D E Labor Centric Tools Based Integrated Picture Dynamic Defense Agile Management Use of individual tool consoles to manage and monitor the environment Investment in smart tooling, integration intensive with reporting benefits Centralized tool platform, automated processes Change in emphasis from reactive to proactive, understanding security risk posture Becoming threat aware, efficient and effective granular controls to focus on specific threats 13
Security Security Management Maturity Model Step 2 SIEM Target State E A B C X D X MSSP Functional Maturity A B C D E Labor Centric Tools Based Integrated Picture Dynamic Defense Agile Management Use of individual tool consoles to manage and monitor the environment Investment in smart tooling, integration intensive with reporting benefits Centralized tool platform, automated processes Change in emphasis from reactive to proactive, understanding security risk posture Becoming threat aware, efficient and effective granular controls to focus on specific threats 14
Security Security Management Maturity Model Step 3 SIEM Target State E X X A B C D MSSP Functional Maturity A B C D E Labor Centric Tools Based Integrated Picture Dynamic Defense Agile Management Use of individual tool consoles to manage and monitor the environment Investment in smart tooling, integration intensive with reporting benefits Centralized tool platform, automated processes Change in emphasis from reactive to proactive, understanding security risk posture Becoming threat aware, efficient and effective granular controls to focus on specific threats 15
MSSP and SIEM A combined Approach Policy Violation & Compliance 8x5 Attack Monitoring 24x7 Choosing Between Managed Security Services or In-house SIEM SYMANTEC VISION 2012 16
Thank you! Copyright 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Choosing Between Managed Security Services or In-house SIEM 17
Symantec Global Intelligence Network Identifies more threats, takes action faster & prevents impact Calgary, Alberta Dublin, Ireland San Francisco, CA Mountain View, CA Culver City, CA Austin, TX Pune, India Chengdu, China Chennai, India Taipei, Taiwan Tokyo, Japan Worldwide Coverage Global Scope and Scale Rapid Detection 24x7 Event Logging MSS Monitoring 4 SOC s 1,100+ MSS Customers, 15 billion logs a day Preemptive Security Alerts Malware Intelligence 180M Norton client Botnet Command & Control Servers Information Protection Email/Web.Cloud 5M decoy accounts 8B+ email messages/day 1B+ web requests/day Threat Triggered Actions Vulnerabilities SecurityFocus / BugTraq 45,000+ vulnerabilities 105,000 technologies 18