Posts

RSA Preview: The Many Challenges of IT Security and How MSSPs Can Help

This year’s RSA Conference is expected to draw close to 50,000 security professionals to the Moscone Center in San Francisco. So we’re wondering, what issues are keeping them up at night?

On the eve of RSA, we wanted to address some of the biggest challenges we see IT security teams are facing. The sessions at this years’ conference cover everything from analytics, intelligence and response, to hackers, threats and security strategy. We’ve broken down four hot topics that IT security teams are focusing on this year:

  1. Hiring and retaining qualified security staff
  2. Having enough staff to protect the company 24×7
  3. The high cost of setting up a security operations center (SOC)
  4. Managing security information and event management (SIEM) tools that are not optimized for their company

Short-Staffed and Short-Spanned

According to the Bureau of Labor Statistics, more than 200,000 cybersecurity jobs go unfilled in the United States every year; some companies struggle for more than a year trying to fill vacant cybersecurity positions.

A recent study highlighted the challenge that existing staff is having trouble providing 24/7 security. The survey of 437 cybersecurity pros found that close to half have a major shortage of cybersecurity staff, and their current staff is overwhelmed by protecting their firm with limited resources.

To help businesses cope with this ongoing skills gap, Proficio acts as an extension of your IT team, providing advanced threat detection, actionable alerts, customizable dashboards and reports, and much more, so your team has more time to focus on their daily responsibilities.

SIEM & SOC: The Crime-Fighting Duo

In an era of limited resources, building an SOC can be an expensive solution to your firm’s cybersecurity problem. The SANS Institute’s white paper also details the grueling process of setting up a SOC, including the amount of collaboration between people, technology, and processes. What’s the bottom line? According to some estimates, the initial set up of a SOC can cost a company more than half a million dollars and recurring operational costs could top $700,000.

A key component of a SOC is a SIEM system, which is complex to administer and when done right, requires teams of people for constant monitoring, tuning, and responding to security incidents. The latest and greatest SIEM systems use advanced correlation techniques, statistical and moving average anomalies, business process management, risk management, and global threat intelligence feeds.

Many companies, even larger enterprises, find that they just can’t afford the latest SIEM, or if they make the investment, they are lacking staff with expertise on the matter and never fully maximize their SIEM. This is problematic in an environment of increasing cyber threats and decreasing resources.

MSSPs like Proficio can take the hassle and expense out of setting up and running a SOC and administering a complex SIEM system. We offer SOC-as-a-Service and SIEM-as-a-Service, so you can get the 24×7 protection you need without a large upfront investment in hardware and software or the need to hire a full security staff or SIEM experts.

Why Consider an MSSP?

To gauge the extent of these challenges among IT security pros and whether an MSSP could offer some relief to these challenges, we polled our Twitter followers and asked:

50% of our voters said they were looking into an MSSP because they can’t protect their organization 24×7. 20% of our voters thought building an SOC was too expensive, while another 20% also agreed staffing was the major challenge. Although only 10% of our voters said they’d consider an MSSP because their SIEM isn’t optimized, there’s still a portion of organizations out there concerned about having the expertise to properly manage SIEM systems.

Each issue facing security teams today presents a unique challenge and there are many reasons why an organization may want to think twice about handling these issues alone. While 24×7 protection seems to be the largest reason companies lean on MSSPs, there are many security concerns that would benefit from some additional support.

Are you struggling for protection after hours? Stop by our Prohibition Social on the first night of RSA –  Monday, Feb. 13, from 7-10 pm at Tradition Bar – to find out more about our products and services. For an invitation to this event, please email events@proficio.com.

Cybersecurity Awareness Month: A 3-Step Plan to Being Cyber Secure

Step 1: Train your employees to be security savvy

Some of the most basic, “expected” tools in security are often those most overlooked. Your first step to defense from cyber criminals is your employees. Having a security training program in place and creating policies to assist employees is necessary for your employees to protect themselves and your company. Here are some questions to consider:

  • Are you providing security training sessions, online or in-person?
  • Are you frequently communicating your security policies and guidelines?
  • Do you require employees to use strong passwords and change them on a re-occuring schedule?
  • Do you deploy multi-factor authentication or password management tools?
  • Do mandate automatic updates, and the installation of security patches?
  • Are you training your employees on how to avoid email phishing attacks?

These are all important factors to securing your company’s assets from the front lines, your employees.

Step 2: Strengthen your network at the core and at the edge

Most companies have the right tools in place to be safe: SIEMs, Next-Generation Firewalls, Intrusion Prevention Systems, Virus Scanners, Web Application Firewalls, etc. However, many companies also face the daunting challenge of managing, monitoring, configuring, and properly turning those very capable security devices. Without the proper expertise in place, attackers may sneak through the system, pivot to high-value assets, and exfiltrate confidential information without you noticing.

There are several steps you can take to protect your network from cyber threats. Fundamentally you should build layers of defenses to make it harder for attackers to break in. Here are defense mechanisms to consider:

  • Aim to have your security devices work together. By cross-correlating events and alerts received from the different security devices, you can better distinguish the true attacks from the false positives.
  • Stay up-to-date on the latest security incidents, APTs, and low and slow attacks, and ensure your security devices are properly patched.
  • Have a dedicated team of certified security professionals continuously monitoring your networks. Human knowledge, experience and intuition is sometimes needed to detect a sophisticated attack that a machine cannot.
  • If you don’t have the resources in-house to handle all of these tasks, consider using a managed security service provider (MSSP), or switching to a hybrid Security Operations Center (SOC). An MSSP protects you on a 24×7 basis, even when you’re asleep, and is more cost effective than doing it yourself.


Step 3: Identify and protect your highest-value assets

Companies have the best of intentions to protect their highest-value assets. The challenge is that identifying those assets is not trivial. And with businesses increasingly adopting cloud-based services, locating those distributed assets becomes even harder.

It is recommended sitting down with different teams in your organizations and mapping out diligently all your sensitive assets. Third party security consultants can help you go through this exercise in a structured manner. Once you identify your assets, ensure you enforce proper access control on each of the different groups you identify. A good rule of thumb is provide access only on a need-to-know basis.

However, identifying your assets, applying access control, and placing them behind firewalls, is not sufficient against insider threats or motivated attackers. To take your defense a step further, it is crucial to monitor those assets with a closer eye. This can be achieved with customized SIEM rules and behavioral analytics that apply business context modeling specific to your environment. You can probably wait if your janitor’s PC is being targeted, but you’ll want to be alerted right away if it’s your CEO’s computer.

If you’d like a free security consultation or have any questions on how you can further secure your company from hackers, we would love to hear from you.