Not All Partnerships are Equal

As Henry Ford once said, “Coming together is the beginning. Keeping together is progress. Working together is success.” While many people have an understanding of how partnerships work in their day-to-day lives, defining a true partnership in a business relationship can be more challenging. In the field of cybersecurity, finding a “true partner” means you share the risk and both strive to improve your security posture.

A True Partner

A true partnership works best when both groups share the risk, agree on the end goals, have open lines of communication and build their relationship on mutual trust and respect. Companies that embrace such partnering behaviors believe in creating mutually beneficial relationships that bring value to both parties.

Partnerships come in many shapes and sizes. There can be partnerships between vendors, where they provide complementary products or services that are further enhanced by working together. There can also be strategic relationships developed between provider and client, where they view the relationship as more than just a business transaction.

Your partners should also be building strong relationships within the technology sector. Knowing that they not only use best-in-class technologies but that they have good working relationships with those vendors means that you can maximize your technology investments. A good partner should not only be able to help you to optimize the technologies you already have in place, but also make recommendations for policy and infrastructure to ensure you reduce your risk and meet any compliance requirements.

Finding Your Partner

When you are on a team, you have certain expectations of your teammates and hope you can rely on them in critical situations. However, a lot of organizations do not have the in-house resources to staff an effective cybersecurity operation. Understanding the economics and potential cost savings of using a managed service provider is an important part of any decision to outsource security operations.

In cybersecurity, you should look for partners who act as an extension of your team. They do not just care about selling you their latest tool or services – they sincerely care about the security and safety of your company. They should have a programmatic view on cybersecurity and take your concerns seriously. Equally important is the culture of the organization with whom you choose to partner. Do they share similar values, and can you trust that they will view your security as important as you do?

Throughout the relationship, a partner should have the skills and resources to respond to security incidents and help guide your overall cybersecurity journey. And while relationships in cybersecurity may not last forever, the need for true cybersecurity partners will never change. The current environment of COVID-19 only reminds us how businesses can be disrupted when they least expected it. And with the shortage of skilled cybersecurity professionals, choosing your partners has never been more critical.

Narrowing The Search

Once you decide what you’re looking for, how do you find someone who checks all the boxes? Many may sell you on ideals but it’s crucial they also follow through with what they sell. When looking for the right partner for your cybersecurity needs, you should ask critical questions to make sure you’re making an educated choice.

Things to look for include:

  • How do their SLAs compare to other vendors?
  • Do they provide transparency and trackable metrics?
  • Do you receive insight into your cyber risk and recommendations for improvement?
  • Will they create custom content?
  • What is their long-term focus?
  • Are they industry recognized?
  • How available is their team?
  • Do you have similar preferred methods of communication?
  • Can you visualize the value they would bring to your team?

Selecting a partner who shares the risk will give you confidence that you are building a more secure organization. As your partner helps you mature your cybersecurity program, you should see a measurable change throughout the partnership and be able to track metrics over time.

Once you’ve found the right partner, you will be enabled for success not only tomorrow but for the long-term future.

So – what do your current partnerships look like?

When is it Time to Break Up with your #CyberSecurity Services Provider?

A cybersecurity services provider should be a trusted business partner and act as true extension of an enterprise’s in-house security team. However, sometimes organizations are left feeling dissatisfied with the relationship they’ve forged with the services provider they’ve selected. There are several reasons the relationship may not be working out, and therefore it may be time to look for a new partner to better support the organization’s cybersecurity efforts.

When is it time to move on?

There are several tell-tale signs that a business relationship is not working out with a selected services provider, including: 

  • There’s a lack of communication. A direct line of communication with your cybersecurity services provider is key. Knowing that you can pick up the phone and get in touch with a security operations center (SOC) analyst or security engineer, regardless of time of day, is critical and should reassure you that the organization’s environment is being protected 24/7. Having a services provider that has world-class, around-the-clock security monitoring and alerting, incident response and remediation capabilities is crucial. Communication goes both ways, and a provider who is a true partner should be reaching out on a regular basis to make sure that their services are meeting your needs. They should be providing you with important high-level alerts in a fast and efficient manner, keeping you up-to-date with the happenings of your network, and discussing any potential areas of risk that you should be aware of.
  • They don’t see your business as unique. While some enterprises have similar needs, it does not mean the same security solutions will help them all. Your services provider needs to design custom cybersecurity solutions for your business that fall within your budget, timeline, and – most importantly – address your unique needs (not the needs of most). With tailored cybersecurity solutions, your organization will be able to keep data secure and compliance mandates met. The correct provider will understand what’s needed to maintain your cybersecurity posture and keep hackers off your networks. If you’re working with a services provider that doesn’t offer this, it may be time to part ways.
  • They can’t provide full visibility and search capabilities into your logs. Even if you’re outsourcing security operations, the IT security team should still have full visibility into logs and the company’s security information and event management (SIEM) software. This way, they will have access to all alerts and investigations in order to manage them and run detailed reporting. If your services provider doesn’t give you the ability to view and search logs, run reports, and drill down into each alert, that may be an issue. Without visibility, your team can’t properly do their job to keep the organization protected.
  • The alerts and recommendations they provide lack insight. Some services providers don’t leverage the knowledge they’ve gained from having clients in a variety of industries. A skilled services provider uses this information to build out unique use cases and correlation rules that a company’s in-house security team (with their siloed single-industry viewpoint) would not be able to do on their own. Fine-tuning the SIEM to identify threats unknown to the organization is something a qualified services provider needs bring to the table. Without use cases and correlation rules rooted in industry knowledge, IT security teams are flooded with a sea of irrelevant alerts. Organizations also need to understand that no matter how many enhancements you add onto a SIEM, the tool will always need qualified people to verify incidents and automatically respond to them while continually perform active monitoring. That said, an MSSP should verify high-level alerts (also called notables) to provide recommendations and next steps on how to remediate network threats.
  • They are focused on their needs, not yours. Many service providers view their customers as opportunities to grow their bottom lines by upselling one of their inflexible service offerings. They’re too focused on their own financial needs for cost control and ROI that they forget about the needs of their customers. A true partner should only suggest ancillary services that can improve your company’s cybersecurity posture and lessen any network risks that you may have, not just suggest services that have little to no value. By providing your organization with core monitoring functions, as well as staff to manage it, a quality services provider focuses on your needs to keep costs down and free up your own employees to work on other projects. If your MSSP’s tools can successfully discern between notables and false threats, this can reduce the amount of time spent chasing down imaginary offenses – saving your team time and lessening the lean on your budget.
  • They’re not an extension of your team. Your services provider should act as an extension of your team and should increase your security team’s effectiveness and abilities in monitoring, detecting, and responding to potential cyber threats. Security service providers should work to identify the unique needs of each organization to continually improve its cybersecurity posture. Alerts should be relevant and actionable, and recommendations and reports should provide helpful insight into where the organization needs to improve its approach. If your selected partner lacks a team player mentality, it’s time to move on.
  • They don’t share their motives with you. Without transparency, one half of the vendor/client relationship is left in the dark. A reliable MSSP will provide you with information on what they’re doing (what they see as threats and what recommendations they make to address them), as well as what they are doing with your information. By being transparent, trust can build between you and your services provider, strengthening your relationship.

If your cybersecurity services provider isn’t meeting the requirements outlined above, it’s time to consider parting ways. At the end of the day, you need a partner who maintains an open line of communication, who does everything they can to keep your organization secure, and who provides the insight and visibility your team needs to do jobs their effectively and efficiently.

SIEM for the Rest of Us

SIEM systems were first created for large enterprises and government agencies that were frequent targets of advanced cyber attacks. Back then, smaller and lower-profile organizations were able to get by with basic security tools as they were seldom the target of hackers. The world has changed and today cyber attacks have become so widespread and complex that small and medium-sized organizations need the same next-generation SIEM tools as large enterprises.

Next-generation SIEM technology uses advanced correlation techniques encompassing applications, transactions, pattern and behavior discovery, statistical and moving average anomalies, business process management, risk management, and global threat intelligence feeds.

Many organizations are caught between a rock and a hard place. They need industrial strength security, but do not have the people or the budget to run a security operations center (SOC) and administer a SIEM system. SIEM systems are typically complex to administer and require teams of people for monitoring events, experts for authoring use case content, and a lot of care and feeding.

We recommend resource-strapped organizations look at cloud-based offerings from new companies providing a SOC-as-a-Service. This new breed of Managed Security Service Providers (MSSPs) uses a cloud-based shared services model. There is no upfront investment in hardware and software and no requirement to hire a team of security and SIEM experts – instead customers pay subscription fees for a turnkey service.

Next-generation MSSPs also leverage advancements in SIEM technology to enable operational effectiveness and customize security use cases to address the requirements of each customer. Plus they have real-world end user experience and can discern which events require action and which need to be watched for further suspicious behavior, thereby avoiding flooding their customers with false positive alerts.

What should you look for in a Next-Generation MSSP?

  • Support for large diversity of log collection sources with a large variable selection of device types, vendors, applications, and users
  • Support for non-log data Intelligence and ability to actually correlate information
  • Support for user monitoring, identity and actor profiling or behavior analysis
  • Asset and business process modeling
  • Advanced methods of correlation from multiple devices and vectors
  • Advanced Use Case applicable to your business
  • Active Lists for correlation with items like former employees, contractors, trusted partners, or suspicious addresses
  • Escalation of threats to higher level alert priorities as suspicious activity persists
  • Prioritization of threats based on Asset Criticality, Model Confidence, Relevance, and Event Severity
  • Automated remediation response to specific Very High Level Alerts
  • Compliance content packages and simple reports for compliance including HIPAA, PCI, SOX, FFIEC, etc.
  • Threat Intelligence and Reputation Active List correlation with globally known abusive attackers, command and control servers, and malicious IP addresses
  • Correlation of vulnerability scan data and specific vendor IDS threat definitions to determine if an exploit is targeting an existing vulnerability, indicating a high probability of success
  • Easy-to-Use Web Portals with graphical dashboards
  • Case management and Workflow
  • 24×7 Expert support

Directory Of Managed Security Service Providers (MSSPs) To Watch In 2019

The global shortage of cybersecurity professionals is expected to reach 3.5 million unfilled positions by 2021, up from 1 million in 2014. MSSPs are responding to the labor crunch by providing organizations of all types and sizes with a growing portfolio of services to choose from…

The MSSPs we follow, and you should too…

The List