Latest news
11 Elements of a Successful Managed Security Partnership
by Steven Drew - Monday, 02 February 2003.
The MSSP should have processes in place to feed information from one service to the next, in order to accurately identify threats and respond to them immediately. With an integrated delivery platform, the MSSP's services will work together to protect client organizations. With integrated services, threat research teams are able to supply intrusion analysts with emerging threat information. Analysts can then proactively update signatures and increase vigilance over vulnerable client networks. Without integrated services each team would operate as a silo of information, which causes service latency and increases the potential for threats to cause damage.
Technology
Technology is the foundation of a Managed Security Service Provider's ability to deliver quality service. Without the right technology solutions, it is difficult for the provider's analysts to properly investigate and respond to threats. One example is whether the MSSP decides to outsource core competencies by buying off-the-shelf solutions or to build these competencies in-house. Of particular importance is the security event monitoring platform and threat intelligence they use to deliver their services. If the platform they use was not developed in-house, then the provider is at the mercy of the software company they bought it from. Over time, this will inhibit their ability to improve analysis and response times since they will not be able to make the changes necessary to manage the ever-increasing amounts of security events. The bottom line is that by using off-the-shelf solutions for their underlying platform, a provider's ability to innovate, scale and deliver an exceptional service will be outside of their control. Organizations should consider using providers that have developed their core service foundations in-house to ensure they receive a high level of service over time.
Having an in-house team of researchers delivering threat intelligence is important because it improves the time it takes to deliver advanced warnings to emerging threats. Additionally, having an in-house team further protects an organization by enabling the intrusion analysts to use this valuable information to proactively update signatures and take other measures against the impending threat. Organizations will attain a higher-level of service from a provider that focuses on MSS and has developed the necessary infrastructure in-house.
A key element of effective security monitoring is the ability to examine the packet decode from a network intrusion detection system. The packet decode provides you with the raw packet information. With this information a skilled analyst will be able to analyze the packet to reduce the likelihood of a false positive. Most MSSPs only look at an event as it is recorded in an SNMP trap or syslog. This hinders their ability for thorough examination and may result in unnecessary calls to their customers. MSSPs that can collect the packet decode with the actual event in real-time and deliver this information to the analysts in one, integrated view will demonstrate a consistently higher level of accuracy in their analysis of a threat. Organizations should seek out providers that form tight relationships with network intrusion detection providers to attain and integrate real-time packet decodes from the events they produce.
Technology
Technology is the foundation of a Managed Security Service Provider's ability to deliver quality service. Without the right technology solutions, it is difficult for the provider's analysts to properly investigate and respond to threats. One example is whether the MSSP decides to outsource core competencies by buying off-the-shelf solutions or to build these competencies in-house. Of particular importance is the security event monitoring platform and threat intelligence they use to deliver their services. If the platform they use was not developed in-house, then the provider is at the mercy of the software company they bought it from. Over time, this will inhibit their ability to improve analysis and response times since they will not be able to make the changes necessary to manage the ever-increasing amounts of security events. The bottom line is that by using off-the-shelf solutions for their underlying platform, a provider's ability to innovate, scale and deliver an exceptional service will be outside of their control. Organizations should consider using providers that have developed their core service foundations in-house to ensure they receive a high level of service over time.
Having an in-house team of researchers delivering threat intelligence is important because it improves the time it takes to deliver advanced warnings to emerging threats. Additionally, having an in-house team further protects an organization by enabling the intrusion analysts to use this valuable information to proactively update signatures and take other measures against the impending threat. Organizations will attain a higher-level of service from a provider that focuses on MSS and has developed the necessary infrastructure in-house.
A key element of effective security monitoring is the ability to examine the packet decode from a network intrusion detection system. The packet decode provides you with the raw packet information. With this information a skilled analyst will be able to analyze the packet to reduce the likelihood of a false positive. Most MSSPs only look at an event as it is recorded in an SNMP trap or syslog. This hinders their ability for thorough examination and may result in unnecessary calls to their customers. MSSPs that can collect the packet decode with the actual event in real-time and deliver this information to the analysts in one, integrated view will demonstrate a consistently higher level of accuracy in their analysis of a threat. Organizations should seek out providers that form tight relationships with network intrusion detection providers to attain and integrate real-time packet decodes from the events they produce.
Spotlight
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
Ransomware adds password stealing to its arsenal
Posted on 17 May 2013. | Microsoft researchers are warning about a new variant of the well-known Reveton ransomware doing rounds.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Hacking charge stations for electric cars
Posted on 15 May 2013. | Ofer Shezaf talks about what charge stations really are, why they have to be ‘smart’ and the potential risks created to the grid, to the car and most importantly to its owner’s privacy and safety.
Daily digest
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
Weekly newsletter
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
