To Outsource or not to Outsource: That is the Network Security Question



Similar documents
The Business Value of Managed Security Services

THE BUSINESS VALUE OF MANAGED SECURITY SERVICES.

NEC Managed Security Services

UiBScfs Cloud Financial Services

Managed Security Monitoring Quick Guide 5/26/ EarthLink. Trademarks are property of their respective owners. All rights reserved.

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

How To Use Cautela Labs Cloud Agile.Com

Conquering PCI DSS Compliance

Security is a top priority. The reasons for reliable network security keep growing.

Payment Card Industry Data Security Standard

BIG SHIFT TO CLOUD-BASED SECURITY

Five Strategies for Data Loss Prevention

Boosting enterprise security with integrated log management

Proactive Security through Effective Management

INSIDE. Demystifying the Managed Security Service Provider Market. Symantec Enterprise Security

Managed Security Service Providers vs. SIEM Product Solutions

QRadar SIEM 6.3 Datasheet

BlackStratus for Managed Service Providers

Clavister InSight TM. Protecting Values

Best Practices for Building a Security Operations Center

Managing the Unpredictable Human Element of Cybersecurity

Log Management How to Develop the Right Strategy for Business and Compliance. Log Management

Security solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments.

How To Manage Log Management

MANAGED SECURITY SERVICES (MSS)

$ Drive awareness and increase participation. National account program. Flexible managed Security Solutions for hospitality

Protecting Your Business with a More Mature IT Security Strategy

Current IBAT Endorsed Services

Beyond Mobile Device Security: Why Comprehensive Endpoint Security and Management is a Must-Have for Small and Medium Enterprises

Fortify. Securing Your Entire Software Portfolio

Reneaué Railton Sr. Informa2on Security Analyst, Duke Medicine Cyber Defense & Response

Your world runs on applications. Secure them with Veracode.

SAP Cybersecurity Solution Brief. Objectives Solution Benefits Quick Facts

nfx One for Managed Service Providers

Product Factsheet MANAGED SECURITY SERVICES - FIREWALLS - FACT SHEET

Total Protection for Compliance: Unified IT Policy Auditing

FIVE STRATEGIES FOR DATA LOSS PREVENTION.

Advanced Threat Protection with Dell SecureWorks Security Services

RISK MANAGEMENT PROGRAM THAT WORKS FOUR KEYS TO CREATING A VENDOR. HEADQUARTERS 33 Bradford Street Concord, MA PHONE:

Unified Threat Management, Managed Security, and the Cloud Services Model

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Continuous Network Monitoring

MANAGED SERVICES PROVIDER. Dynamic Solutions. Superior Results.

Global IT Security Risks

The Right Way to do Exchange in the Cloud

74% 2014 SIEM Efficiency Survey Report. Hunting out IT changes with SIEM

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks

Scalability in Log Management

Security Event and Log Management Service:

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

SP Monitor. nfx One gives MSPs the agility and power they need to confidently grow their security services business. NFX FOR MSP SOLUTION BRIEF

2012 Bit9 Cyber Security Research Report

The business case for managed next generation firewalls. Six reasons why IT decision makers should sit up and take notice

Achieving Regulatory Compliance through Security Information Management

A BUSINESS CASE FOR BEHAVIORAL ANALYTICS. White Paper

SOC & HIPAA Compliance

White Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI

Trend Micro Cloud Security for Citrix CloudPlatform

THREE KEYS TO COST-EFFECTIVE SECURITY FOR YOUR SMALL BUSINESS

SYMANTEC MANAGED SECURITY SERVICES. Superior information security delivered with exceptional value.

THE TOP 4 CONTROLS.

White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management

2012 North American Managed Security Service Providers Growth Leadership Award

I D C A N A L Y S T C O N N E C T I O N

Retail Security: Enabling Retail Business Innovation with Threat-Centric Security.

THE IMPACT OF SECURITY ON APPLICATION DEVELOPMENT

Readiness Assessments: Vital to Secure Mobility

Clean VPN Approach to Secure Remote Access for the SMB

IBM Security QRadar Risk Manager

Vulnerability Management for the Distributed Enterprise. The Integration Challenge

Is Your Network a Sitting Duck? 3 Secrets to Securing Your Information Systems. Presenter: Matt Harkrider. Founder, Alert Logic

How To Protect Your Cloud From Attack

Business Case Outsourcing Information Security: The Benefits of a Managed Security Service

UNIFIED THREAT MANAGEMENT SOLUTIONS AND NEXT-GENERATION FIREWALLS ADMINISTRATION TOOLS NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

CONTINUOUS LOG MANAGEMENT & MONITORING

Tough Times. Tough Choices.

Simple. Smart. Professional. A 2BSecured Company

Why a Network-based Security Solution is Better than Using Point Solutions Architectures

North American Electric Reliability Corporation (NERC) Cyber Security Standard

HP Fortify Software Security Center

FIVE PRACTICAL STEPS

Wireless Services. The Top Questions to Help You Choose the Right Wireless Solution for Your Business.

Strategies for assessing cloud security

2012 North American Enterprise Firewalls Market Penetration Leadership Award

Running Head: OUTSOURCING SECURITY 1. Outsourcing/Off-shoring IT Security: Is It worth the Risk? Wil Rodriguez. East Carolina University

WHY YOU SHOULD CONSIDER CLOUD BASED ARCHIVING.

TRIPWIRE NERC SOLUTION SUITE

It s Time to Outsource the Dirty Work

Imperva Cloud WAF. How to Protect Your Website from Hackers. Hackers. *Bots. Legitimate. Your Websites. Scrapers. Comment Spammers

How To Secure Your Store Data With Fortinet

Selecting a Managed Security Services Provider: The 10 most important criteria to consider

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

End-user Security Analytics Strengthens Protection with ArcSight

Can Your Organization Brave The New World of Advanced Cyber Attacks?

CHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

Managing IT Security Risks (Build, Buy, or Both?)

Everything You Wanted to Know about DISA STIGs but were Afraid to Ask

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS

Transcription:

To Outsource or not to Outsource: That is the Network Security Question SilverSky 440 Wheelers Farm Road Suite 202 Milford CT 06461 silversky.com 2013 SilverSky

Contents The Network Security Challenge... 1 The Options... 1 How Do You Decide?... 2 SilverSky Value Proposition... 3 SilverSky s Network Security Solutions... 3 About SilverSky... 3 About SilverSky SilverSky is the expert provider of cloud security solutions. We deliver the industry s only advanced Security-as-a-Service platform from the cloud, dramatically simplifying how growth-minded companies secure their most important information. Forged from our success as a managed services provider, our Security-as-a-Service platform delivers comprehensive network security and email security services that protect critical information simply and cost effectively. As companies struggle with the increasing security requirements placed on their information-intensive businesses, SilverSky s cloud-based security solutions simultaneously reduce cost, manage complexity and master all your compliance requirements from a single powerful platform. Guided by a mission to simplify how our customers secure their most important information, we create solutions that enable you to pursue your business ambitions without security worry.

P.1 The Network Security Challenge Network security today is a massive challenge. Increasingly sophisticated threats, new regulatory compliance requirements, more expensive personnel, and tight budgets all contribute to the complexity of securing the network. There are no easy answers for protecting critical assets. Security is an absolute requirement in a world filled with cyber threats, organized digital crime, and identity thieves. Government, company, or individual assets are at risk from theft. These assets can range from life and death information, mission-critical intellectual property, or personal information such as social security numbers. Digital assets are rapidly becoming some of the most significant assets on a company s balance sheet. IT executives are ultimately responsible for protecting these assets from compromise. Companies both large and small are holding IT leaders personally accountable for FFIEC, HIPAA, GLBA, SOX and PCI compliance. IT leaders are rising to this challenge but are often out gunned in the fight against dedicated, well-armed cyber criminals. This paper discusses how to cost-effectively turn the tables and ultimately win the battle for securing the network. We will discuss different options and the methodology for making critical decisions about how to tackle your network security challenges. The Options Organizations today have two security options insource their network security or outsource it to a managed security service provider (MSSP). A few years ago, most organizations were limited to the do-it-yourself insourcing option. MSSPs weren t sophisticated enough, clients weren t ready to trust third parties with their sensitive data, and the network security problem wasn t as complex. That s changed. Today MSSPs are part of a multi-billion-dollar industry that manages security for some of the world s most sophisticated organizations. There are pros and cons to each option (i.e., insource vs outsource), and certain organizations can dismiss one or the other out of hand. A highly secretive national intelligence organization will simply not outsource network security. Financial institutions, retailers and healthcare organizations subject to compliance requirements may be in a perfect position to outsource network security to a service provider. Wherever you fit along the spectrum, it s critical to thoroughly evaluate your choices and optimize for security, cost-effectiveness, and compliance. The table below presents the high-level pros and cons of each option. Creating a deeper list of positives Insource Pros Perceived control Internal accountability Tailor solution to internal situation Cons Expensive 24x7x365 monitoring and management may be cost prohibitive Likely limited breadth of administrator experience Outsource Focus on core business Cost-effective Leverage security experts Leverage compliance experience Shared control with MSSP Contractual accountability Standardized offerings The high-level tradeoffs of insourcing and outsourcing security

P.2 How do You Decide? Understanding the tradeoffs between insourcing and outsourcing security is straightforward. Unfortunately, the decision making process is not. Deciding which approach is the best for your organization can be subject to a wide range of subjective factors including the whim and politics of individuals. To avoid arbitrary and capricious decisions, a strong methodology for choosing insourced or outsourced security is critical. Such a methodology involves reviewing five key areas. These areas should be prioritized according to their importance within the organization. + Level of risk A key determinant in whether you outsource security or leave it in house is the criticality of the assets being protected. Of course, each organization s digital assets are critical to success; however, from an external viewpoint how great is the risk if information is compromised? Is it a catastrophic event, or a major public relations nightmare? No compromise is good news, however, where you fall on the spectrum will help you decide whether you should insource or outsource. + Regulatory compliance issues Federal, state, and industry regulations can be an immense challenge. Many of these regulations cover personnel (e.g., certifications), processes (e.g., due care with your infrastructure), and policies (e.g., acceptable use) and can be inordinately complex. Are they so complex that specialized in-house expertise or knowledge is necessary? Or, are the regulations standardized where outsourcing for that expertise is more cost-effective? + Level of visibility in the organization Does the board of directors want to know how secure the organization s assets are? Are you regularly in meetings with executives where security is the primary topic? Very few organizations exist to secure information, but there are many where security of information is critical for accomplishing their mission. The obvious examples are easy to name intelligence agencies, defense organizations, and the highend investment banks. Many more are in the category of having critical security needs, but security is not core to their goals. They need to be secure, but internal security expertise is not required. Those organizations are excellent candidates to leverage third-party relationships. + Budget Even in a difficult economy budgets reflect what is important to an organization. What is your organization telling you with the budget you are being handed? Are they prioritizing security in a way that says own it, manage it, control it? Or, are they saying, leverage third-party resources for the biggest bang for the buck? + Resources available and expertise Is security in the hands of IT generalists who can be incredibly valuable for a properly functioning network, or managed by a separate, specialized IT security group? Even with security experts, what is their mission and can they accomplish it while also manning the security console for alerts and attacks? Often, larger organizations may have 24x7 helpdesks or network operation centers. Can these organizations be leveraged to manage the security solutions? Efficiently utilizing the resources available is critical, but do the personnel on hand have the expertise and knowledge to accomplish the task? Being cost effective can become being foolish if the team isn t capable or qualified to do the task at hand. There is no right answer to these questions, but a strong, open methodology for assessing the insource/outsource options will help an organization make a good decision. There will always be some intangibles that need to be included in the decision matrix, but the more defined the process can be with clear and open data, the better the resulting decision

P.3 SilverSky Value Proposition SilverSky s Managed Security Services can help your organization reduce the costs and complexity of network security, improve security posture, and ease the compliance burden. By leveraging SilverSky s security expertise, you can empower your IT department to focus on core business activities without security worry. SilverSky s Network Security Solutions UTM Management - SilverSky s UTM Management solution enables organizations to reduce costs and complexity and drive down security risk. Our security experts manage your UTM devices and monitor your network 24x7, empowering your IT team to focus on core business activities. We also leverage our extensive compliance expertise to reduce the costs and headaches associated with meeting regulatory compliance. SilverSky offers Firewall, IDS/IPS, VPN Remote User Access, Web Content Filtering, Web Application Firewall, and Anti-Virus solutions as part of a multi-layered UTM package or on an a-la-carte basis. Event Monitoring and Response - SilverSky s team of security experts monitors the critical devices on your network 24x7, eliminating the need to staff an internal security team around the clock. Our team utilizes advanced techniques to investigate any suspicious activity and will take immediate action to prevent attacks from occurring. Because SilverSky correlates all security events across our massive customer base, we can identify and respond to emerging threats more quickly we call this the neighborhood watch effect. Network Device Management - Network devices such as routers, switches, and circuits must be managed and monitored carefully to prevent security breaches and maintain compliance. SilverSky will monitor these devices 24x7, handle all configurations and updates, and immediately notify your team of any potential issues. Network Protection Suite - SilverSky s Network Protection Suite is comprised of several software-asa-service (SaaS) products. Our software helps organizations reduce the costs and complexity of network security, reduce security risk, and reduce the compliance burden. By automating processes that are complicated and time-consuming (but necessary to protect your network from malicious attacks), SilverSky s software empowers your IT department to improve productivity and do more with less. Products include log management, vulnerability management, mobile device management (MDM), and brand protection. About SilverSky SilverSky is the expert provider of cloud security solutions. We deliver the industry s only advanced Security-as-a-Service platform from the cloud, dramatically simplifying how growth-minded companies secure their most important information. Forged from our success as a managed services provider, our Security-as-a-Service platform delivers comprehensive network security and email security services that protect critical information simply and cost effectively. As companies struggle with the increasing security requirements placed on their information-intensive businesses, SilverSky s cloud-based security solutions simultaneously reduce cost, manage complexity and master all your compliance requirements from a single powerful platform. Guided by a mission to simplify how our customers secure their most important information, we create solutions that enable you to pursue your business ambitions without security worry.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information