Beruflich Dokumente
Kultur Dokumente
Conclusion ............................................................................ 12
Many organizations outsource basic security tasks to a Managed Security Services Provider (MSSP).
Unlike an IT department, the MSSP has purpose-built tools and processes focused solely on securing
your environment. MSSPs also have better visibility into the broad threat landscape because they
manage thousands of networks. Given those factors, its widely assumed a MSSP can deliver security
more effectively and efficiently than you can do on your own.
A mature MSSP can also investigate and remediate attacks. Incident Responders are specially trained
to deal with the entirety of a breach, which includes containing and eradicating the adversary, malware
code analysis, digital forensics investigation, and post-event corrective action.
This paper presents the advantages of a single-outsourced solution for managed security services and
incident response. A qualified MSSP with experienced incident responders on staff can significantly
reduce the time it takes to control a breach. Using security operations data gathered from monitoring
and managing the network, responders have a head start on a swift response.
Consequentially, security becomes an exercise in risk management. Your leadership team must decide
what level of risk your organization will accept:
Eliminate as much risk as possible operating within budget and resource constraints
Implement strategies or policies to treat known or understood risk
Leave some level of known or identified risk as untreated
Acknowledge unmitigated risk, which are unknown and/or not manageable due to the
organizations capabilities and resources
When building your security program, consider mapping it to your risk profile. The approach you take
will determine your risk exposure.
In the context of risk, MSSPs can eliminate and reduce risk faced by organizations to a more
acceptable level than what most can achieve internally. This is due to a number of operational factors.
In addition, the use of integrated services can boost efficiencies and ultimately mitigate more risk than
what can be done through siloed operations.
Even the best in-house managed security operations team can only address
a portion of the actual threats you face. You need information about what is
happening beyond your perimeter to understand the full scope. You then
need the ability to consume the data and act on it.
Very few organizations can find that caliber of expertise. Fewer still can
afford to staff their bench with full-time talent. Every gap in your security
program creates more risk.
Internal
security
operations, no
Response
capability
Consider that attackers have the time and patience to execute their plan.
They strike when theyre ready, not when you are best prepared. Therefore,
you have to bring real-world intelligence into the fight. The effective
formulation and application of intelligence plays a significant role in reducing
unmitigated risk. A mature MSSP will have some level of research and
intelligence capabilities.
Third, researchers can reverse-engineer malware found in the wild during incident response activities.
Their findings benefit the spectrum of MSSP customers.
MSSPs with extensive intelligence and research capabilities can provide valuable insights into attacker
motivations, actions and planning methods. This cycle of intelligence-sharing is the best defense
against threats.
Single-
sourced
integrated
MSS +
Response
capability
An incident response retainer can shorten the time to resolution from days to minutes. During an
active incident, the last thing you want to do is waste time selecting an IR partner. If you have a
retainer in place, you have a team on deck that can be deployed immediately.
However, all retainers are not created equal. Theres a good chance your organization will not
experience any major issues or concerns related to a potential incident. Its for this reason
organizations should look for an Incident Response provider that allows unused retainer hours to be
used toward other services for when a breach doesnt occur.
Information security best practices are all about mitigating risks. There is no 100 percent fail-safe
security program, device or system. It takes an orchestrated effort between managed security services,
threat intelligence and incident response to provide the strongest defense.
This paper provides a business case for single-sourcing these functions to gain benefits that include:
Call us at 877-905-6661
Visit www.secureworks.com
Email us at info@secureworks.com
Dell SecureWorks uses cyber threat intelligence to provide predictive, continuous and responsive
protection for thousands of organizations worldwide. Enriched by intelligence from our Counter
Threat Unit research team, Dell SecureWorks Information Security Services help organizations
proactively fortify defenses, continuously detect and stop cyber-attacks, and recover faster from
security breaches. For more information, visit http://www.secureworks.com.