Posts

Proficio Recognized as a Leader in KuppingerCole’s Market Compass for SOC-as-a-Service

Carlsbad, CA – March 2, 2021 – Proficio, an award-winning managed security services provider (MSSP) delivering managed detection and response (MDR), has received one of the highest ratings in KuppingerCole’s Market Compass for SOC-as-a-Service (SOCaaS).

In their report, KuppingerCole highlights the growth in the SOCaaS market accelerated by the increasing complexity of cyberthreats and compliance regulations. They predict that the market will “continue to grow and develop as organizations seek to bolster their cybersecurity, keep hiring costs as low as possible, and get the most benefit from existing security investments.”

KuppingerCole highlighted Proficio as a featured vendor and gave Proficio one of the highest number of strong positive ratings.

“SOCaaS is the only way most small to medium sized organizations are able to consolidate all of their security threats, tools and systems into a single point of control, but because the security requirements and in-house security capabilities of organizations vary greatly, SOCaaS solutions need to accommodate those differences,” says Warwick Ashford, KuppingerCole’s Senior Analyst for Cybersecurity. “Proficio’s ProSOC service offerings provide a great fit for this market segment by providing flexible deployment options and multiple levels of service to choose from.”

Ashford continues, “ProSOC is also a mature, scalable SOCaaS platform that is supported by a global network of SOCs and has a wide range of capabilities to meet all the basic SOCaaS requirements across on-prem, cloud, and hybrid environments. With a focus on R&D, Proficio is continually evolving its capabilities, which since 2013, have included Security Orchestration, Automation and Response (SOAR). This capability can be used for automated incident response and supports integration with endpoint and perimeter tools, such as industry-leading next-generation firewalls.”

“We’re thrilled to be included in this report, which further establishes the value of our continued investments in our people, processes, and technology to further reduce the time to both detect threats and respond to attacks and security incidents, so our clients stay better protected,” says Brad Taylor, CEO of Proficio.

About Proficio

Founded in 2010, Proficio is an award-winning managed detection and response service provider. We help prevent cybersecurity breaches by performing and enabling response to attacks, compromises, and policy violations. Our team of experts provides 24/7 security monitoring and alerting from global security operations centers (SOCs) in San Diego, Barcelona and Singapore. Proficio’s cloud-native Threat Management Platform uses a combination of industry leading commercial software and proprietary technology to provide clients with advanced analytics, threat intelligence, Security Orchestration, Automation, and Response (SOAR), patented risk scoring, AI-based threat hunting, open XDR, and Risk-Based Vulnerability Management. www.proficio.com.

Contact:

Kim Maibaum
Director of Marketing
kmaibaum@proficio.com

Takeaways from the 2019 Data Breach Investigations Report

The 2019 Data Breach Investigations Report was released in December and highlights the many aspects of data breaches and frequency of their occurrence. In review, we find this gives us a great opportunity to reflect on what security teams should focus on in 2020.

The Attackers

According the report, about 1/3 of attacks originate from insiders and 2/3 are from outsiders. Over half of the attacks from outsiders were from groups with criminal motivations who were trying to steal intellectual property or access someone’s personal information to sell or hold for ransom. Unsurprisingly, C-Level Executives were 12 times more likely the target of an attack.

Proficio Recommendations:

  • Strong perimeter security is essential – without this, you leave your organization vulnerable to outsiders. Security defenses should include cloud, email and web filters.
  • Organizations must understand the business context of their assets. By categorizing valuable assets in your organization, you can provide them a higher level of protection and detection.
  • Don’t forget to monitor internal users, actions across the core, and internal applications; these are common areas where you can catch suspicious behavior.

The Attacks

There was a notable increase in targeting cloud-based email like Office365, which is something many organizations use. Over a fourth of attacks involved malware – 24% were ransomware – which infects endpoints that are vulnerable and accessible to the malware. Errors were the root cause of 1/5 breaches and 71% were financially motivated.

Proficio Recommendations:

  • Make sure you have a wide range of advanced use cases for detecting attacks and compromises of O365 and other mail servers.
  • More than 70% of attacks come from different attack vectors – don’t forget you need to protect more than just the endpoint.
  • The best prevention for ransomware is to not allow malware on the endpoints:
    • Perform continuous vulnerability monitoring with cloud agents and patch regularly.
    • Monitor and respond to suspicious email or web connects.
    • Deploy next-generation endpoint software with behavioral analysis.
  • Mitigate risk by using Risk-Based Vulnerability Management and monitoring and evaluating security control configurations mapped to benchmarks like CIS

The Victims

Companies of all sizes including large and small are getting breached, with over 40% of breaches involving small businesses. Some of the most popular industries to target remain the same: Public Sector, Healthcare, and Financial.

Mobile users are even more susceptible to being attacked often by email-based spear phishing or social media attacks.

Proficio Recommendations:

  • Regardless of your size or industry, you could be the target of a data breach. Make sure cybersecurity is a priority and you have protections in place.
  • Create and implement security procedures around mobile devices.

The Hacks

The most popular methods used by hackers are often Command and Control or Brute Force Attacks. However, exploiting known vulnerabilities or using stolen credentials or social attacks on senior-level executives are also frequently used to gain access.

Proficio Recommendations:

  • Have settings in place to detect suspicious behavior of users or devices.
  • Use frameworks like MITRE ATT&CK to detect and respond to tactics, techniques, and procedures.
  • Keep vigilant and maintain strong passwords to avoid credential theft; also monitor admin and system credentials.
  • Test and patch for vulnerabilities often.

The Breaches

More than half the time, breaches took months or longer to discover, reminding us that many organizations still lack visibility into actual breaches themselves. The top threat vector is web applications, but remote desktop and TeamViewer applications are seen as easy targets. Hackers are also still gaining access to through VPN.

While cybercriminals are looking for a quick victory, they often go through multiple steps before breaching data. This number is decreasing though, and the time from an attacker’s first action in an event chain to the initial compromise is typically measured in minutes.

Proficio Recommendations:

  • Put in place WAF control and monitoring of WAF and web server logs.
  • Actively monitor and investigate suspicious events 24×7 with advanced tools and SOC staff.
  • Orchestrate and automate containment response to occur within minutes of an attack.
  • Perform discovery of the techniques and tactics used.
  • Collect metrics data on your operations team including: Time to Detect, Contain, and Remediate

Manage and Understand Risk

It is often said that it is no longer a question of if an organization will experience a data breach, but when. The report underscores this theory, and reminds us that people, platforms, and applications are still vulnerable to attacks; there is no room for complacency.

Given this reality, we recommend IT leaders strive to understand the cyber risk facing their organizations. Proficio provides our clients with cyber business intelligence and comparative risk data that allows them to see trends in attack volume and type, as well as gaps in their security controls and compare this to peers in their industry. Having this information is a critical step toward funding a strategic response to cyber risk and a first step towards a comprehensive cybersecurity plan.

 

Contact us to find out how Proficio can help with your security initiatives.