Did you ever wonder what it’s like to work on the front lines of the cybersecurity battlefield …. what the war room looks like … how battle cries and alarms are sounded … how troops are mobilized and dispatched to take on enemies at the gates and on the walls?
In my last post, I discussed the differences between Managed Service Providers (MSP) and a Managed Security Service Provider (MSSP). I hope that I’ve made a compelling case for why your company or organization may need both. In this post, I do a deeper dive to take you behind the scenes of a typical day in the life of a MSSP Cybersecurity Analyst to bring those differences to life in a vivid way.
Inside the Managed Security Service Provider Control Center … an Alarm Goes Off
Imagine, if you will, a team of contracted Tier 1 SOC Analysts sitting at their workstation, surrounded by monitors tracking internal and external movements within your IT network, when an alarm goes off that’s an indication of mischief.
Immediately, the Analyst will log the alarm, use their training to do an assessment of the criticality of the alarm using a 15-step checklist to determine if a quick and aggressive response and remediation is warranted. To provide some perspective, DataSure24 sees about 150 alerts per day per Analyst over the entire scope of clients we are monitoring.
Within 10 minutes, the alarm will be deemed either harmless or harmful, and if the latter, escalated immediately to our Tier 2 SOC Analyst. If it’s relatively harmless, the incident is still tracked but not treated with same urgency.
Later that Morning at the Desk of the Tier 2 SOC Analyst
On an average month, we see about 18,000 alarms and of those, about one out of every 100 of alarms gets escalated to a Tier 2 SOC Analyst.
Within minutes, that Analyst will initiate a significantly deeper investigation, using our proprietary predictive algorithms, research, team discussions, and instinct to identify the exact nature of the intrusion and best possible responses.
Companies that use an MSSP will generally have a previously developed Cybersecurity Response and Remediation Planning which is then put into play. That plan is executed coolly, professionally and swiftly by the SOC 2 Analysists in conjunction with the client’s IT team. On average, once an alarm has been escalated to a Tier 2 Analyst, the time from assessment to response and remediation is less than an hour.
A Managed Security Service Provider’s Response to a Zero Day Attack
Three to five times a year, every company may experience a Zero Day Attack launched by hackers and cybercriminals.
According to Norton, the term “zero-day” refers to a newly discovered software vulnerability. Because the developer has just learned of the flaw, it also means an official patch or update to fix the issue hasn’t been released.
So, “zero-day” refers to the fact that the developers have “zero days” to fix the problem that has just been exposed — and perhaps already exploited by hackers.
Once the vulnerability becomes publicly known, the vendor has to work quickly to fix the issue to protect its users.
But the software vendor may fail to release a patch before hackers manage to exploit the security hole. That’s known as a zero-day attack.
If a zero-day attack is detected via monitoring by a Tier 1 Analyst, escalation takes on a sense of greater urgency and requires greater speed before what may be a small breech turns into a major headache, resource drain, financial loss, and reputation damage. While neither a Tier 1 or Tier 2 Analyst can patch the weakness, they can put a pre-determined Incident Response Plan into effect, and work with the client’s IT team to isolate, protect or even shut down critical servers and other hardware.
As you might imagine, it’s a bit more hectic and stressful both in our Mission Control room and at the client’s site when zero-day attacks occur, but teamwork and professionalism generally go a long way to short circuit an attack of this type before a software patch is applied. The human element in place, always monitoring, can be the difference between a catastrophe and a ‘dodged a bullet’ scenario.
Later That Day, It’s Time to Catch Up on a Few Reports and Do a Vulnerability Scan or Two
A day in the life of a DataSure24 Tier 1 or 2 SOC analyst is a lot more than just sitting around, drinking coffee and waiting for an alarm to ping!
They’re also preparing and delivering monthly reports to clients showcasing alarms caught and resolved, actions taken regarding elevated alarms and responses, zero-day attack incidents, and news or updates from the world of cybersecurity that merit a watchful eye.
There are also specialists hard at work doing contracted vulnerability scanning work, trying to identify and exploit security weaknesses, including phishing employees to determine their levels of awareness and compliance with company IT security policies. Generally, these network vulnerability scans reveal hundreds of vulnerabilities, most of which are easily resolved, but it some cases a significant vulnerability will be discovered or a trend indicating a security lapse identified. At that point, Network Vulnerability Analysts and other members of the MSSP team will develop a plan and identify resources that should be directed to executing remediation strategies, policies or actions.
Our team is always looking for ways to improve ourselves, from upgrading our technologies to continued and consistent training in our specialized environment. Staying globally aware of Cybersecurity current events is a linchpin of our daily routine.
Meanwhile, On Your Calendar of Daily Activities
I hope that this brief overview into the life of a Cybersecurity Analysts provides the additional insight and guidance you need to make an investment in MSSP services happen. At a minimum, 24/7/365 cybersecurity monitoring has become a “must” and a necessary part of doing business.
I am available for a no cost or obligation discussion of the pros, cons and costs of MSSP services, including a deeper dive on how these services work can with your current IT department or MSP.
Complete and submit a contact form, here. Let’s put something on your calendar.View full article
Don’t make a mistake and put the security and future of your company at risk
It’s not an exaggeration to say that you may be putting the future of your company at risk if you don’t know the differences between a Managed Service Provider (MSP) and Managed Security Service Provider (MSSP). While there may be some crossover of functions between these two types of outsourced services, the fact remains that it’s highly likely that you will need to invest time, resources and budget for each.
MSP vs MSSP: Comparison of Missions and Functions
Perhaps the simplest way to understand the variation between these two different types of providers is as follows. MSPs operate in the world of IT network management – keeping your infrastructure up to date, troubleshooting problems users are experiencing, and maintaining IT operations. MSSPs operate in the world of cybersecurity and the detection, prevention and remediation of cyberthreats that have the potential to ruin a company’s reputation and pocketbook – kind of like an ever vigilant and on guard police force.
Key differences include:
Managed Service Provider (MSP)
Managed Security Service Provider (MSSP)
· Ensures IT systems are operational, reliable, available and useful for employees and customers
· Key focus is on administrative functions of an IT system and network, and typically serves as a company’s outsourced IT department
· Costs based on a fixed fee model - per device, per user or some combination
· Characterized by tools and technologies like remote monitoring and management and troubleshooting / ticketing systems or a help desk
· Generally, will not provide clients with a complete cyber security posture, but will offer a minimum level of security services, like firewalls and anti-virus software.
· Mission critical: ensure that IT systems are up and running and that data remains available for employees and customers.
· May include offerings from other providers like application service providers (ASPs), Web hosting companies and network service providers (NSPs).
· 24/7/365 cybersecurity monitoring primarily focused on IT security with key objectives of preventing, detecting and responding to threats across IT infrastructure, network and applications
· Serves in a consulting and advisory role, providing cybersecurity insights to help make proactive changes to policies and procedures in order to prevent security incidents that might result in breach, data loss, or any other incident that could negatively impact a business.
· Requires expertise for aligning security with IT compliance frameworks and ensures that people and systems are safe, secure and compliant.
· Includes deployment of a Security Operations Center – a physical facility staffed by analysts responsible for real time investigation of network and logs, hunting for threats, creating alerts for incidents, and executing plans for remediation.
· Requires a deep understanding of client’s current policies and regulatory compliance issues that affect the company and its data.
· MSSP requirement: implementing complex security procedures to ensure that the system and each employee is protected through the latest advances in security and compliance methods.
· In other words, the primary focus of an MSSP is to provide the ultimate cybersecurity protection through around-the-clock monitoring to determine any potential security breaches
Should You Hire BOTH a Managed Service Provider (MSP) and a Managed Security Service Provider (MSSP)?
The answer in a nutshell, is YES.
While some MSPs claim they can bring security functionality to their clients, the truth is that many offer only the most rudimentary and easily defeatable security services. Their measurement of success is not upon how many threats they have detected and foiled, but upon other metrics like downtime and user satisfaction.
MSSPs measure their success with a vastly different set of standards, using different tools, methods and technologies in executing their mission. They’re responsible for keeping up to speed on the nature and risk exposure you may have from new (and existing) cyberthreats, and for managing, maintain and responding to threats using state of the art tools and technologies that typical MSPs cannot bring to the table.
Structuring a Managed Security Service Provider Contract
If you are interested in learning more about what a MSSP can do for your company or organization, contact our managed security services team here or call (name) at (number) today. We’ll have a no cost or obligation discussion on the scope of MSSP services you might require for your industry or situation, as well as the fee structures that are typical of an MSSP engagement.View full article
6 questions You Need to Ask Your IT Team About Your Company’s Cybersecurity Defense
Many executives make the mistake of thinking that if their cybersystems are working right, their business must be maintaining adequate information security programs. If airlines used the same logic for their planes, they would only perform repairs when something failed. In most cases, that would be too late to save the plane or the passengers.
Like an airplane, your information security systems need to be checked before, during and after every use in order to identify the minor glitches that can lead to catastrophic failure under stress. They also need to be pulled out of service from time to time so they can be checked and overhauled more thoroughly.
Six Cybersecurity Questions CEOs Should be Asking
Most executives don’t have the technological experience to analyze systems on their own, but there are questions you can ask your team in order to gauge the effectiveness of your current information security strategies. They include:
- Do we have an information security program?
This may sound crazy, but some businesses do manage to get by with just a collection of different security practices that don’t link together to form a solid wall around your data. If you ask this question, the answer should describe a network of interconnected hardware, software, and employee training and awareness protocols that form a cohesive defense, not a list of standalone items like passwords and anti-virus software.
- What is the organization’s information security framework?
Most programs are based on an information security framework, which is basically a checklist of best practices readily available from places like the National Institutes of Standards and Technology (NIST). Is your IT Department and cybersecurity team using a checklist and reporting results to you?
- Have we done an information security assessment? If so when, and what were the results?
An assessment is basically a review of your current information security program using the framework checklist. On an ongoing basis, your systems should get a thorough review, and you should get a thorough briefing, to make sure that your company’s cybersecurity defenses are adequate to address the latest threats.
- What is our information security commitment? Does our information security budget commitment match our threat level?
Cybersecurity budget numbers will drive what your business can do within the budget period. If your assessment shows that information security is lacking, what resources are available to improve it?
In an upcoming blog post, I’ll be discussing cybersecurity budgeting in greater detail, but to give you a bird’s eye view of what spending looks like on a worldwide basis, look at the following data from Gartner, Inc.
The takeaway? Spending has increased by about 23% over the past 3 years.
- What is our information security training?
Information security training needs to work at two levels. You need your information security staff to learn constantly about the new threats that businesses face. But a business’ information protection efforts are only as strong as its least wary employee. Everyone who touches a keyboard linked to your servers, even people who use private devices on your Wi-Fi network, can expose your digital assets to breaches, viruses and ransomware.
All those users need to stay on the lookout to prevent an attack, and you need to know how your IT team is bringing employees to the battlefield when it comes to protecting your company and its customers from hackers.
- What is our plan for an information security failure?
These days, no information security plan is complete until it acknowledges the possibility that it can be breached and includes instructions for people to follow if that happens. Customers are much more willing to forgive a breach when a business shares accurate information about it quickly and helps to minimize the damage done.
Review your company’s plan with your IT and cybersecurity team, and if necessary, engage the services of a cybersecurity consultant to help you prepare for a response to a breach to your customer’s data and your reputation.
Put a Cybersecurity Assessment, Remediation and Action Plan in Place
With the information gained from a self-assessment, many executives wonder what their next step should be.
Above all, do SOMETHING.
Many organizations paralyze themselves trying to choose between good options when the most important thing they need to do is move forward. For example, say a business performs a security assessment and determines that their password protocols are weak. To strengthen protocols, it could either require longer passwords with a wide variety of characters that remain stable over time or it could allow less rigorous passwords but require that they be changed frequently. Either option is a positive step. But every day that the business delays implementation with discussions about which is best is a step backward.
When you’re ready to do something, here’s a suggested order for addressing your information security concerns:
- First, protect against the major vulnerabilities.
- Next, implement changes that address multiple weaknesses. Some improvements can address several red flags on your checklist at once.
- Fix the easy stuff. Some changes can be as quick as instructing all employees to change their passwords this week. If vulnerabilities have been identified in connections to the network from offsite, a temporary ban on telecommuting could prevent a situation from getting worse while you work on a more permanent fix.
Contact the Cybersecurity Experts at Datasure24
For more information about maintaining and improving the day-to-day information security functionality of your business’ systems, contact DataSure24 at 716.600.3724 or connect with us here.View full article
Cybersecurity budget benchmarks and guidance
As you might imagine, we get asked this question a lot.
And our response often surprises people because the answer isn’t some formula that says “x percent of your budget should go to cybersecurity.”
We respond by pointing out that the question isn’t just “How much should you budget for cybersecurity,” but instead, “How should you budget for cybersecurity?” and “What should you budget for?” The important factor isn’t so much the amount you spend so much as it is the need to spend it wisely.
How Should a Company Budget for Cybersecurity in 2019?
When you’re trying to figure out how much to budget for cybersecurity, here are three factors to keep in mind:
Assessment is key. You can’t solve a problem if you don’t understand what it is. Every business today is legitimately concerned about its cybersecurity, but very few understand the strengths and weaknesses of their current structure, policies and processes, and by extension, how to spend wisely to shore up weaknesses. We see companies that make their situations worse by buying a security “solution” that doesn’t solve any of their existing problems or redress weaknesses, and in some cases, create new problems.
“Magic Bullets” are neither. This is the natural follow-up to the assessment item above. There is no software or hardware or combination of the two that will solve every cybersecurity problem. If it did exist, it would be outdated tomorrow. There is no substitute for finding a combination of hardware, software, training and support that focuses on the day-to-day operational security of your business in an environment where new threats arise every day.
You can’t set it and forget it. The days when cybersecurity amounted to a firewall or an encryption program that could be installed and forgotten about are over. Protecting the sensitive data of your business and your customers is a constant battle. To give you some idea of how much this aspect of cybersecurity has grown in recent years, one of the standards that we use to measure the effectiveness of cybersecurity is a checklist of 600 items. Just a few years ago, only 50 of those items had to be continuously modified to earn certification under the standard. Today, 450 items, a full 75 percent of the items necessary to pass the test, must be continuously monitored in order to be considered effective.
Cybersecurity Budget Benchmarks
Over half of the IT professionals surveyed stated that employee security training tools are the most effective solution to prevent security incidents, followed by breach detection and anti-ransomware solutions. Each employee needs to understand how vulnerable your business is to an accidental click in a phishing e-mail, and each of your IT people needs to understand his or her role in constantly maintaining and updating whatever security solutions you choose.
Figure 1: From Spiceworks "2019 Annual Report on IT Budgets and Tech Trends: Future Workplace Tech"
Employee awareness and training is usually at the top of our list when looking at cybersecurity budgets. The easiest way for a hacker to penetrate your business is though employees being duped into giving cyber thieves access to company files.
It’s also interesting to note where companies will be increasing their overall IT budgets in 2019.
The Spiceworks study reveals that relative to overall IT spending, about two-thirds a plan to increase their IT spending to upgrade outdated IT infrastructure. It’s interesting to note, however, that 56% intend to increase the IT budget for “increased security concerns”.
Figure 2: From Spiceworks “2019 Annual Report on IT Budgets and Tech Trends: Budgets"
These two factors are far from mutually exclusive—in fact, they’re almost symbiotic. If your business is among those considering hardware upgrades, it’s important to remember that the new infrastructure will have to integrate effectively with your overall information security strategy and framework .
Contact the Cybersecurity Experts at Datasure24
- Include an assessment of your needs,
- Understand the interaction between software, hardware and the people who use them, and
- Fund the monitoring and maintenance of whatever solution you choose.
Keep these three items in mind and you’re more likely to get the full benefit of the money you spend on cybersecurity.
We can help you assess your cybersecurity program’s current strengths and weaknesses, and provide budgeting guidance that will enable you to spend smarter and create a better security program.
For more information about budgeting and planning for cybersecurity upgrades, please contact DataSure24 at 716.600.3724 or connect with us here.View full article
Preventive measures, monitoring and remediation capabilities are at the heart of a Dark Web defense
The dark web is a term for the places on the internet where mostly illegal activities occur like botnets, black markets, fraud services, phishing, child porn, terrorism, etc. Although the Dark Web sits on the internet, it is a segregated, anonymous and protected part, and typically, you need to use special software and access methods to enter.
I often think of it as the dark alley of the Internet.
Trading and Selling Compromised Information and Methods
The one Dark Web activity that most directly affects most normal people and companies is the trade and sale of compromised information and methods. In layman’s terms, the Dark Web is the place where stolen passwords, credit card numbers, and personal information is traded. Additionally, it is a communication channel that allows bad guys to coordinate attacks into individual systems while also giving training on how to exploit new vulnerabilities. The Dark Web is where stolen information is captured and made ready for nefarious uses, and if your credit card information has been stolen, it’s the pace where crooks can find it.
These are the monsters under the bed.
How Can Your Company Protect Itself from the Dark Web?
Daily, tens of millions of dollars of Illegal transactions occur on the Dark Web, and it’s often a result of companies who are ill equipped and ill prepared to protect their digital assets. Once those assets are left unprotected, unguarded, or made vulnerable for lack of a few simple protective measures, you’ve exposed your customer and prospect information for exploitation. Further, you’ve damaged your reputation and can even face severe financial consequences.
While putting a protective shield and remediation system in place is warranted, you’ll want to make sure that at a minimum, your cyber-defense includes the following features and capabilities:
- Monitor all traffic and data going in and out of your network to see in real-time if there is an attack going on, so it can be stopped in its tracks
- Conduct a daily scan of the Dark Web, so you have a catalog showing data that was stolen in the past, and if any new information was compromised currently so you can act immediately and with certainty
- Conduct vulnerability scanning and overall security assessments backed by remediation capabilities to shore up your security maturity so that any future attacks or compromises are significantly reduced.
- Secure the technical capabilities for identifying if your company’s data was exfiltrated and being exploited and used by bad guys
- Deploy a Dark Web Scanning service that actively scans the dark web for your corporate domain name and personal email addresses that also provides a daily report for your entire organization
- Hire an “undercover agent” to go into the Dark Web so that you never need to step foot in that dark alley.
Get Rid of the Monsters Under Your Bed: Connect with DataSure24
At DataSure24, we can identify with 100% certainty if your company’s information was exfiltrated, used by the bad guys, or is actively available on the Dark Web. We can tell you that, yes, indeed your information was taken in the past.
We go into the Dark Web as an undercover agent so that you never need to step foot in that dark alley. We provide daily scans of the Dark Web, so that you not only know the past that shows data that was stolen many years ago, but you will also know the very next day if any new information was compromised. This gives you the ability to act on things immediately and with certainty – helping clear out the monsters under the bed.View full article