In this evolving cyber landscape, adversaries are well funded and moving faster, attacks are getting more sophisticated and time to detection is taking too long. Yet, budgets are constrained, and in-house resources are lacking. Also, 86 percent of companies report that there is a shortage of professionals available to fill the growing cybersecurity need.[1] With these issues front and center, CISOs are asking questions and looking for answers.
At Symantec, we have been helping executives fill the voids in their security operation for more than a decade. Through our work around the globe, we are seeing trends that are shaping the marketplace and that are bound to have an impact on your security plans for the future. Here are six things you will want to consider as you determine how to best strengthen your security posture.
As the threat environment grows, regulatory compliance becomes more complicated. The growth of technology and the explosion of the threat landscape is making compliance to existing regulations more and more challenging – whether PCI DSS, ISO 27001, SOX or any number of other specifications that call for consistent oversight and reporting. Finding the time, resources, and budget to stay on top of these ever-changing demands can be costly and distracting. It is critical that you have professional help. A Managed Security Service Provider (MSSP) can help you simplify the process and manage compliance details as well as keep up-to-date with credentialing, such as certification with ISO 27001, compliance as a PCI service provider, SSAE16/SOC1 Type II reporting and demonstrating attestation from both internal and external auditors, multiple times each year.
Millions are being spent on IT migration to the cloud. It follows that your security plan should keep in step. Don’t compromise the robust security infrastructure you have attained in recent years. Whether your data and applications reside in your data center or someone else’s, ensure the same level of protection for both. An MSSP should be able to provide you with the same level of security monitoring for both your cloud and on-premises application infrastructure.
Advanced detection techniques could head off new risks. Some threats leave traces that by themselves could be false positives, yet they may actually represent an incident. Many security products have limited visibility, seeing only part of the threat, missing the whole pattern and thus allowing the threat to go undetected. That is why it is critical that your MSSP have advanced analytic capabilities, such as machine learning, to identify potential incidents that are missed by control points. Correspondingly, your MSSP’s SOC personnel should be dedicated to your industry and business so that they are able to view alerts in context, paint a picture of potential impacts on your organization and possibly initiate a new incident investigation.
Your existing security infrastructure holds value. You’ve spent most of your budget the past few years building a security infrastructure to support your business. But, threats have grown, and talent is scarce. You need help! Your MSSP should take time to understand your operational framework and work with you to fill your critical gaps. Your MSSP should be able to help you build a security monitoring plan that integrates into your existing workflows, complements your assets and actually strengthens your security profile.
Being proactive is being prepared. Threats are taking longer to uncover and becoming more costly to remediate. As a result there are bigger impacts on businesses. Gone are the days when identifying a breach or compromise was enough. The potential for loss of data or money is far too great to wait for a malicious event to occur. You must prepare for what might happen long before your income or your reputation is affected. Your MSSP should have deep knowledge of what’s happening outside of your company -- in your industry or region. This knowledge should come from a vast collection network that draws from millions of endpoints around the world. The output from that should be an ongoing stream of intelligence to you about IoCs and attacks that have occurred in organizations similar to yours, so you can deploy your people and technology to address any oncoming threats.
There is no substitution for human intelligence in the fight against today’s cyber threats. Technology can help identify threats in the wild and associate technical indicators with IP addresses and domains or hashes that reveal themselves on your network, servers or endpoints. But nothing can replace the rich contextual information that comes from the human inputs of skilled security analysts – analysts with specializations in threat-hunting, y and z and certifications in GIAC or z or training with governmental or intelligence entities. Your MSSP should have multiple, global SOCs, staffed with analysts and service teams who provide local language support as well as specific knowledge of your organization, industry and geography. This type of dedication is necessary to create linkages between the technical and the contextual that is specific to your business.
Learn More: Symantec™ Managed Security Services (MSS) acts as an extension of your security operations team. We have been recognized as an industry leader in Gartner’s managed security services provider category for 12 consecutive years. We work with you to extend and complement your current team so you can focus on what’s critical to your strategic agenda. Through our Cyber Security Services, we help you to address a broad spectrum of cyber security challenges. Our suite includes DeepSight Threat Intelligence, Managed Security Services, Incident Response and Cyber Skills Development.
[1] ISACA, CyberSecurity Nexus