SlideShare a Scribd company logo

Security Outsourcing - Couples Counseling - Atif Ghauri

Download as PPT, PDF
Atif Ghauri
Atif Ghauri

Why do many managed services relationships fail? And fail again? Both organizations need to be aligned up front and hold hands during onboarding. This presentation covers the top five focus areas. Many MSSP relationships are doomed at the onboarding stage when an organization first becomes a customer. Given how critical these early stage activities are to your partnership, it's imperative to understand the top five areas of focus: technology deployment (the easy part, getting the tech running); the call tree (who do I wake up at 3 a.m.?); process sync (the fun part: mutual synchronization on who does what and when); access, access, access (you need access to do something); and the context of technology (the need to understand your shop). What you’ll take away: Understand proven success criteria for successful outsourcing of security operations Learn how to align security technologies to security processes, and the key focus areas of security operations Access to key checklists and charts to drive onboarding of managed services An understanding of specific terms and conditions that need to be included in data-related contracts under applicable laws Discover how other organizations have succeeded and failed in MSSP relations

Technology
1 of 38
MSSP Couples Counseling “It’s Not You It’s Me” Atif Ghauri Chief Technology Officer
The Odds Are… a) You’re currently using an Managed Security Services Provider (MSSP)? b) You’re looking for an Managed Security Services Provider (MSSP)? c) And you may have even fired a Managed Security Services Provider (MSSP)?
Agenda • Why engage a Managed Security Services Provider (MSSP)? • Case Study – The Struggles of Bob and Alice • MSSP Focus Areas 1. Technical Capabilities 2. Operational Readiness & Onboarding 3. Alerts, Investigation, Response 4. SLAs and Contract Terms
Why engage an MSSP? • I don’t have the bodies – Painful to do 24x7x365 – Brains onsite, muscles offsite – Cannot scale team with business • I can’t find or retain the skills • I want the Network Effects • I need it now!
Come in and have a seat on the sofa… The Struggles of Bob and Alice
Meet Bob Snapshot – Anxious Account Manager @ Global MSSP – Personally manages dozens of customers – Incented on SLA adherence and customer sat – Competent but over-stretched Bob’s Complaints – “I’m still waiting for XYZ requirements” – “You don’t show up to meetings” – “You only talk to me when it’s an emergency” – “I need your attention”
Meet Alice • Snapshot – Crafty CISO of Major Retailer – Small team of engineers – Budget increasing but no headcount – Multiple “strategic partners” – Has little influence over business units • Alice’s Complaints – “You use to ask me how I’m doing” – “You don’t show me things anymore” – “Why do I have to ask for everything? You should know!” – “You use to give me more attention”
Bob and Alice’s Story (in 90 seconds) http://www.jasonheadley.com/INATN.html
What’s the nail? (Blind Spots) Bob the MSSP •Incented to ‘set and forget’ •Wants to get paid quickly – rush onboarding •Demands requirements but isn’t proactive •Missing Alice’s business context •Meets SLA and that’s it Alice the Client •Minimal organization influence •Outdated technology with default configs •Doesn’t have access to stuff herself •Doesn’t know what do to with an escalation
Let’s Talk Managed Services
Focus Area #1 Technical Capabilities
What logs to collect (Initially)? Low Hanging Fruit – Firewall – Active Directory – IPS – Critical Servers – Anti-Virus Possible Added Value – Application Logs – DB Logs – Security Devices (URL, DLP, WAF, Endpoint)
What logs to collect (Eventually)? Core Security •Access Control / Auth Server •Analysis •Anti Virus •Application Firewall •DLP •Firewall •IDS / IPS / Other Intrusion •Physical Security •VPN •Vulnerability / Asset Scanner Host • Application Servers • Load Balancing • Mail • Mainframe • Midrange • Unix /Linux • Virtualization • Web Servers/Proxies • Windows / Apple Network and Storage • Application Delivery • Configuration Management • Messaging • Routers • Switches • Wireless Devices/Access Points • Database • Document • Storage/File Server
Big Data Analytics Improving Context Traditional SIEM •Rules based environment •Linear detection of logs for incident reporting Big Data Analytics •Seeks anomalies to correlate •Examines entire environment for log relationships •Tracks unusual activity working backwards to context Actively investigate anomalies and provide context around incident detection.
Anomaly Detection Proactively identify the unknown through machine based learning to identify data pattern changes. Alert Trending creates a visual context for the behavioural anomalies.
Threat Analytics
Dashboards vs Reports
Focus Area #2 Operational Readiness & Onboarding
Do you have your house in order? CSIRT Ready – Is Incident Response defined, documented, practiced? Asset Classification and Owners – Defined and updated? Ticket Pile-Up – How reactive are IT and Product teams to findings? War Games – When was the last table-top IR exercise? Response Procedures – What will we actually do when attacked?
What happens during onboarding? Onboarding is conducted using systematic processes with detailed operational readiness checklists Operational Item Description Develop detailed project plan Define a comprehensive project plan including stakeholders, timelines, and key assumptions/risks Asset list Document the asset list of record including serial and version numbers Architecture documentation Define reference implementation architecture including security zones, network information, and management interfaces Account creation for the operational team Catalog the authorized users and account permission levels including the approved process to provision and manage system accounts Run and Build Books Establish operational run books for managed technologies OS and application are up-to-date Validate the operating systems are updated and have the appropriate licensing defined Endpoint Catalog Documentation of valid end-points and procedures for adding and removing endpoints into protection scheme Establish Health Monitoring Assure visibility into the system health of the managed devices to provide up/down reporting Provide appropriate ticket system access Assure access to the system and appropriate permissions exist to manage tickets as defined in SLAs Complete Escalation Process Document Document the end-to-end escalation tree for primary, secondary, and backup contacts for all levels of agreed upon service descriptions Production Readiness Plan the cutover deployment timing and relevant stakeholders to approve transition rollback criteria
Six Onboarding Best Practices 1. Define “notable event" vs "incident" based: Disruption, Degradation, Nuisance 2. Build work products such as asset lists, critical applications, SEV priority 3. Vulnerability scoring definition 4. Defined ownership of process and escalation 5. Poor man’s owner lists: use top users, emp directory, last logon 6. Agreed upon operational readiness checklist
Sample Operational Readiness Checklist • How many users on the network? • What is the make model of each appliance and the management server? • Are any of the appliances near eol? • Any unresolved support issues with the manufacturer? • What policies are in place today? Fim? Ips? Firewall? • What new policies are required? • Are the devices strictly firewall only, or multi-purpose/next-gen? • Are there other features enabled? AV, IPS, email GW, web proxy/GW? • How many physical appliances are in-scope for managed services? • What is the location of each appliance? Head office? Main data center? • Any new physical or virtual interfaces on existing platforms to be operationalized?
Focus Area #3 Alerts, Investigation, Response
Fundamentals of SecOps • Detection • Evidence Collection • Containment • Forensic Analysis • Remediation • Communication Mr. Fundamental
It’s all about the use cases 1. Identify and Analyze MVAs (Most Valuable Assets) and HBIs devices (High Business Impact) 2. Model use-cases around your MVA and HBI devices 3. Use cases will tell you what logs you need (not the opposite) 4. Then pick the tech to implement use cases
Six Best Practices for Use Case Dev 1. First Things First - Ensure critical conditions produce notification 2. Environment Centric - Build alert rules specific to environment and requirements 3. Fluid Thresholds - Ensure appropriate thresholds are applied to reduce false alarms 4. What and Why - Know what event sources are logging to the SIEM and why 5. What’s most important - Categorize alerts according to severity levels 6. Track Them All - Ensure non-critical events are excluded from notification but reviewed
Sample Use Case References • What situations keep you up at night? • What alerts and reports do you expect to get from the SIEM? • Will the platform be managed internally or outsourced? • Is there a list of all devices/assets to be monitored by the SIEM? Which are most critical? • Which devices are natively supported by the SIEM and which ones require a custom parser? • Is the SIEM required to meet some form of compliance (e.g. HIPAA, PCI, SOX)? • How are the monitored devices geographically dispersed? • How do asset owners (of the monitored devices) feel about an agent versus agentless solution? • What devices need to send logs to the SIEM in order to get those alerts and reports? • Is there a requirement to incorporate network data elements into the SIEM? • If managed internally, what training options does the vendor provide and who exactly will be managing/monitoring/maintaining the solution?
Sample Use Case References Popular SIEM Starter Use Cases AlienVault SIEM Use-Cases SANS Critical Security Controls *** NIST 800-53 *** ***Not purely use cases, but great source to help brainstorm
Focus Area #4 SLAs and Contracts
Do’s and Don’ts • Don’t do a POC of MSSP • Do unannounced VA scans and pen tests • Don’t have 5 minute SLAs • Do provision enforceable SLA penalties • Don’t just default on a one-year contract • Do define success with simple KPIs
In Closing, a bit about Herjavec Group
Information Security Is What We Do We provide Information Security Solutions for Enterprises globally. Our expertise includes: •Consulting & Compliance •Product and Service Delivery •Security Management •Incident Response Recognized for our Flexible & Agile Managed Services practice which includes On Prem, Cloud and Hybrid models. One of North America’s fastest growing technology companies. Successfully scaled to service enterprises globally with customers across NA, EMEA & APAC. RANKED # 2 ON CYBERSECURITY 500 Global ranking of information technology providers, integrators and managed services companies.
We Manage 24.7.365. Herjavec Group can administer, maintain, support, and monitor your security technology 24.7.365. • Designed for large, complex, multi technology • enterprise environments • Relevant alerts & Regular reports • Big Data Analytics • 24/7/365 hot-hot, geo redundant site to site VPN access • Threat Intelligence & smart filters • Flexible ticketing systems • Minimize risk of false positives • SOC 2 Type 2 certified
Thank You
How did things go? (we really want to know!) Did you enjoy this session? Is there anyway we could make it better? Let us know by filling out a speaker evaluation. •Start by opening the IAPP Events App. •Select this session and tap “Click the following link for speaker evaluations.” •Once you’ve answered all three questions, tap “Done” and you’re all set. •Thank you!

Recommended

Its Not You Its Me MSSP Couples Counseling
Its Not You Its Me MSSP Couples CounselingIts Not You Its Me MSSP Couples Counseling
Its Not You Its Me MSSP Couples CounselingAtif Ghauri
 
NextGen Endpoint Security for Dummies
NextGen Endpoint Security for DummiesNextGen Endpoint Security for Dummies
NextGen Endpoint Security for DummiesAtif Ghauri
 
To MSSP or not to MSSP IISF 2015
To MSSP or not to MSSP IISF 2015To MSSP or not to MSSP IISF 2015
To MSSP or not to MSSP IISF 2015Paul Hogan
 
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...Digital Bond
 
Infosec 2014 - Considerations when choosing an MSSP
Infosec 2014 - Considerations when choosing an MSSPInfosec 2014 - Considerations when choosing an MSSP
Infosec 2014 - Considerations when choosing an MSSPHuntsman Security
 
Jason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional ToolsJason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional Toolscentralohioissa
 
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...centralohioissa
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metricscentralohioissa
 

Recommended

Its Not You Its Me MSSP Couples Counseling
Its Not You Its Me MSSP Couples CounselingIts Not You Its Me MSSP Couples Counseling
Its Not You Its Me MSSP Couples CounselingAtif Ghauri
 
NextGen Endpoint Security for Dummies
NextGen Endpoint Security for DummiesNextGen Endpoint Security for Dummies
NextGen Endpoint Security for DummiesAtif Ghauri
 
To MSSP or not to MSSP IISF 2015
To MSSP or not to MSSP IISF 2015To MSSP or not to MSSP IISF 2015
To MSSP or not to MSSP IISF 2015Paul Hogan
 
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...Digital Bond
 
Infosec 2014 - Considerations when choosing an MSSP
Infosec 2014 - Considerations when choosing an MSSPInfosec 2014 - Considerations when choosing an MSSP
Infosec 2014 - Considerations when choosing an MSSPHuntsman Security
 
Jason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional ToolsJason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional Toolscentralohioissa
 
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...centralohioissa
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metricscentralohioissa
 
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...North Texas Chapter of the ISSA
 
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...Digital Bond
 
Vulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyVulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyNandita Nityanandam
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended CutMike Spaulding
 
ISS CAPSTONE TEAM
ISS CAPSTONE TEAMISS CAPSTONE TEAM
ISS CAPSTONE TEAMJonathan Fuller
 
Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!centralohioissa
 
Data Consult - Managed Security Services
Data Consult - Managed Security ServicesData Consult - Managed Security Services
Data Consult - Managed Security ServicesJad Bejjani
 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Securitycentralohioissa
 
The RIPE Experience
The RIPE ExperienceThe RIPE Experience
The RIPE ExperienceDigital Bond
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World CasesOfer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Casescentralohioissa
 
Cloud Security Zen: Principles to Meditate On
Cloud Security Zen: Principles to Meditate OnCloud Security Zen: Principles to Meditate On
Cloud Security Zen: Principles to Meditate OnSamuel Reed
 
Is SIEM really Dead ? OR Can it evolve into a Platform ?
Is SIEM really Dead ? OR Can it evolve into a Platform ?Is SIEM really Dead ? OR Can it evolve into a Platform ?
Is SIEM really Dead ? OR Can it evolve into a Platform ?Aujas
 
EDR vs SIEM - The fight is on
EDR vs SIEM - The fight is onEDR vs SIEM - The fight is on
EDR vs SIEM - The fight is onJustin Henderson
 
Optimize & Secure Your Hybrid Cloud with Runecast (September 2021)
Optimize & Secure Your Hybrid Cloud with Runecast (September 2021)Optimize & Secure Your Hybrid Cloud with Runecast (September 2021)
Optimize & Secure Your Hybrid Cloud with Runecast (September 2021)Jason Mashak
 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloudcentralohioissa
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Building a World-Class Proactive Integrated Security and Network Ops Center
Building a World-Class Proactive Integrated Security and Network Ops CenterBuilding a World-Class Proactive Integrated Security and Network Ops Center
Building a World-Class Proactive Integrated Security and Network Ops CenterPriyanka Aash
 
Security Essentials
Security EssentialsSecurity Essentials
Security EssentialsAshley Deuble
 
CIS Security Benchmark
CIS Security BenchmarkCIS Security Benchmark
CIS Security BenchmarkRahul Khengare
 
What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?Priyanka Aash
 
Whitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcingWhitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcingRaghuraman Ramamurthy
 
Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Digital Outsourcing: Risks, Pitfalls, and Security Considerations Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Digital Outsourcing: Risks, Pitfalls, and Security Considerations Peter1020
 

More Related Content

What's hot

NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...North Texas Chapter of the ISSA
 
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...Digital Bond
 
Vulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyVulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyNandita Nityanandam
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended CutMike Spaulding
 
Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!centralohioissa
 
Data Consult - Managed Security Services
Data Consult - Managed Security ServicesData Consult - Managed Security Services
Data Consult - Managed Security ServicesJad Bejjani
 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Securitycentralohioissa
 
The RIPE Experience
The RIPE ExperienceThe RIPE Experience
The RIPE ExperienceDigital Bond
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World CasesOfer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Casescentralohioissa
 
Cloud Security Zen: Principles to Meditate On
Cloud Security Zen: Principles to Meditate OnCloud Security Zen: Principles to Meditate On
Cloud Security Zen: Principles to Meditate OnSamuel Reed
 
Is SIEM really Dead ? OR Can it evolve into a Platform ?
Is SIEM really Dead ? OR Can it evolve into a Platform ?Is SIEM really Dead ? OR Can it evolve into a Platform ?
Is SIEM really Dead ? OR Can it evolve into a Platform ?Aujas
 
EDR vs SIEM - The fight is on
EDR vs SIEM - The fight is onEDR vs SIEM - The fight is on
EDR vs SIEM - The fight is onJustin Henderson
 
Optimize & Secure Your Hybrid Cloud with Runecast (September 2021)
Optimize & Secure Your Hybrid Cloud with Runecast (September 2021)Optimize & Secure Your Hybrid Cloud with Runecast (September 2021)
Optimize & Secure Your Hybrid Cloud with Runecast (September 2021)Jason Mashak
 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloudcentralohioissa
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Building a World-Class Proactive Integrated Security and Network Ops Center
Building a World-Class Proactive Integrated Security and Network Ops CenterBuilding a World-Class Proactive Integrated Security and Network Ops Center
Building a World-Class Proactive Integrated Security and Network Ops CenterPriyanka Aash
 
CIS Security Benchmark
CIS Security BenchmarkCIS Security Benchmark
CIS Security BenchmarkRahul Khengare
 
What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?Priyanka Aash
 

What's hot (20)

NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
 
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
 
Vulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyVulnerability Testing Services Case Study
Vulnerability Testing Services Case Study
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended Cut
 
ISS CAPSTONE TEAM
ISS CAPSTONE TEAMISS CAPSTONE TEAM
ISS CAPSTONE TEAM
 
Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!
 
Data Consult - Managed Security Services
Data Consult - Managed Security ServicesData Consult - Managed Security Services
Data Consult - Managed Security Services
 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Security
 
The RIPE Experience
The RIPE ExperienceThe RIPE Experience
The RIPE Experience
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World CasesOfer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Cases
 
Cloud Security Zen: Principles to Meditate On
Cloud Security Zen: Principles to Meditate OnCloud Security Zen: Principles to Meditate On
Cloud Security Zen: Principles to Meditate On
 
Is SIEM really Dead ? OR Can it evolve into a Platform ?
Is SIEM really Dead ? OR Can it evolve into a Platform ?Is SIEM really Dead ? OR Can it evolve into a Platform ?
Is SIEM really Dead ? OR Can it evolve into a Platform ?
 
EDR vs SIEM - The fight is on
EDR vs SIEM - The fight is onEDR vs SIEM - The fight is on
EDR vs SIEM - The fight is on
 
Optimize & Secure Your Hybrid Cloud with Runecast (September 2021)
Optimize & Secure Your Hybrid Cloud with Runecast (September 2021)Optimize & Secure Your Hybrid Cloud with Runecast (September 2021)
Optimize & Secure Your Hybrid Cloud with Runecast (September 2021)
 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloud
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
Building a World-Class Proactive Integrated Security and Network Ops Center
Building a World-Class Proactive Integrated Security and Network Ops CenterBuilding a World-Class Proactive Integrated Security and Network Ops Center
Building a World-Class Proactive Integrated Security and Network Ops Center
 
Security Essentials
Security EssentialsSecurity Essentials
Security Essentials
 
CIS Security Benchmark
CIS Security BenchmarkCIS Security Benchmark
CIS Security Benchmark
 
What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?
 

Viewers also liked

Whitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcingWhitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcingRaghuraman Ramamurthy
 
Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Digital Outsourcing: Risks, Pitfalls, and Security Considerations Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Digital Outsourcing: Risks, Pitfalls, and Security Considerations Peter1020
 
CyberThreat Defense Report
CyberThreat Defense ReportCyberThreat Defense Report
CyberThreat Defense ReportLogRhythm
 
8 Reasons to Choose Logrhythm
8 Reasons to Choose Logrhythm8 Reasons to Choose Logrhythm
8 Reasons to Choose LogrhythmLogRhythm
 
Detecting and Blocking Suspicious Internal Network Traffic
Detecting and Blocking Suspicious Internal Network Traffic Detecting and Blocking Suspicious Internal Network Traffic
Detecting and Blocking Suspicious Internal Network Traffic LogRhythm
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution hashnees
 
Why You Should Be Selling Business Continuity Services (5 MSP Tips to Get Sta...
Why You Should Be Selling Business Continuity Services (5 MSP Tips to Get Sta...Why You Should Be Selling Business Continuity Services (5 MSP Tips to Get Sta...
Why You Should Be Selling Business Continuity Services (5 MSP Tips to Get Sta...David Castro
 
Outsourcing Security Management
Outsourcing Security ManagementOutsourcing Security Management
Outsourcing Security ManagementNick Krym
 
Dizzion Channel Partner Training blow sales objections out of the water
Dizzion Channel Partner Training blow sales objections out of the waterDizzion Channel Partner Training blow sales objections out of the water
Dizzion Channel Partner Training blow sales objections out of the waterDizzion, Inc.
 
MSP Sales Best Practice | How to Close Sales Leads
MSP Sales Best Practice | How to Close Sales LeadsMSP Sales Best Practice | How to Close Sales Leads
MSP Sales Best Practice | How to Close Sales LeadsDavid Castro
 
MSP Sales Tactic | Using Kaseya to Perform an IT Network Assessment to Win Ne...
MSP Sales Tactic | Using Kaseya to Perform an IT Network Assessment to Win Ne...MSP Sales Tactic | Using Kaseya to Perform an IT Network Assessment to Win Ne...
MSP Sales Tactic | Using Kaseya to Perform an IT Network Assessment to Win Ne...David Castro
 
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault MSSP Overview - A Different Approach to Security for MSSP'sAlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault MSSP Overview - A Different Approach to Security for MSSP'sAlienVault
 
MT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response PlanningMT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response PlanningDell EMC World
 
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached Dell EMC World
 
Extend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPsExtend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPsIBM Security
 
Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Chema Alonso
 

Viewers also liked (17)

Whitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcingWhitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcing
 
Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Digital Outsourcing: Risks, Pitfalls, and Security Considerations Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Digital Outsourcing: Risks, Pitfalls, and Security Considerations
 
CyberThreat Defense Report
CyberThreat Defense ReportCyberThreat Defense Report
CyberThreat Defense Report
 
Webinar: Data warehouse na nuvem da AWS
Webinar: Data warehouse na nuvem da AWSWebinar: Data warehouse na nuvem da AWS
Webinar: Data warehouse na nuvem da AWS
 
8 Reasons to Choose Logrhythm
8 Reasons to Choose Logrhythm8 Reasons to Choose Logrhythm
8 Reasons to Choose Logrhythm
 
Detecting and Blocking Suspicious Internal Network Traffic
Detecting and Blocking Suspicious Internal Network Traffic Detecting and Blocking Suspicious Internal Network Traffic
Detecting and Blocking Suspicious Internal Network Traffic
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution
 
Why You Should Be Selling Business Continuity Services (5 MSP Tips to Get Sta...
Why You Should Be Selling Business Continuity Services (5 MSP Tips to Get Sta...Why You Should Be Selling Business Continuity Services (5 MSP Tips to Get Sta...
Why You Should Be Selling Business Continuity Services (5 MSP Tips to Get Sta...
 
Outsourcing Security Management
Outsourcing Security ManagementOutsourcing Security Management
Outsourcing Security Management
 
Dizzion Channel Partner Training blow sales objections out of the water
Dizzion Channel Partner Training blow sales objections out of the waterDizzion Channel Partner Training blow sales objections out of the water
Dizzion Channel Partner Training blow sales objections out of the water
 
MSP Sales Best Practice | How to Close Sales Leads
MSP Sales Best Practice | How to Close Sales LeadsMSP Sales Best Practice | How to Close Sales Leads
MSP Sales Best Practice | How to Close Sales Leads
 
MSP Sales Tactic | Using Kaseya to Perform an IT Network Assessment to Win Ne...
MSP Sales Tactic | Using Kaseya to Perform an IT Network Assessment to Win Ne...MSP Sales Tactic | Using Kaseya to Perform an IT Network Assessment to Win Ne...
MSP Sales Tactic | Using Kaseya to Perform an IT Network Assessment to Win Ne...
 
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault MSSP Overview - A Different Approach to Security for MSSP'sAlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
 
MT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response PlanningMT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response Planning
 
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
 
Extend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPsExtend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPs
 
Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64
 

Similar to Security Outsourcing - Couples Counseling - Atif Ghauri

Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Scott Carlson
 
SLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA Information Security
 
DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015Shannon Lietz
 
Career In Information security
Career In Information securityCareer In Information security
Career In Information securityAnant Shrivastava
 
ISACA Ireland Keynote 2015
ISACA Ireland Keynote 2015ISACA Ireland Keynote 2015
ISACA Ireland Keynote 2015Shannon Lietz
 
My Keynote from BSidesTampa 2015 (video in description)
My Keynote from BSidesTampa 2015 (video in description)My Keynote from BSidesTampa 2015 (video in description)
My Keynote from BSidesTampa 2015 (video in description)Andrew Case
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The CloudPECB
 
Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalrkadayam
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
Annual OktCyberfest 2019
Annual OktCyberfest 2019Annual OktCyberfest 2019
Annual OktCyberfest 2019Fahad Al-Hasan
 
Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case StudyDigital Bond
 
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Tripwire
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber EssentialsJisc
 
Cyber essentials-overview-sep-2021-211019100139
Cyber essentials-overview-sep-2021-211019100139Cyber essentials-overview-sep-2021-211019100139
Cyber essentials-overview-sep-2021-211019100139evaleng2
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber EssentialsJisc
 

Similar to Security Outsourcing - Couples Counseling - Atif Ghauri (20)

Tips on SIEM Ops 2015
Tips on SIEM Ops 2015Tips on SIEM Ops 2015
Tips on SIEM Ops 2015
 
Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?
 
SLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshop
 
DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015
 
DevSecCon Keynote
DevSecCon KeynoteDevSecCon Keynote
DevSecCon Keynote
 
Career In Information security
Career In Information securityCareer In Information security
Career In Information security
 
Many products-no-security (1)
Many products-no-security (1)Many products-no-security (1)
Many products-no-security (1)
 
ISACA Ireland Keynote 2015
ISACA Ireland Keynote 2015ISACA Ireland Keynote 2015
ISACA Ireland Keynote 2015
 
My Keynote from BSidesTampa 2015 (video in description)
My Keynote from BSidesTampa 2015 (video in description)My Keynote from BSidesTampa 2015 (video in description)
My Keynote from BSidesTampa 2015 (video in description)
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The Cloud
 
Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps final
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
 
Annual OktCyberfest 2019
Annual OktCyberfest 2019Annual OktCyberfest 2019
Annual OktCyberfest 2019
 
Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case Study
 
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVault
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber Essentials
 
Cyber essentials-overview-sep-2021-211019100139
Cyber essentials-overview-sep-2021-211019100139Cyber essentials-overview-sep-2021-211019100139
Cyber essentials-overview-sep-2021-211019100139
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber Essentials
 

Recently uploaded

React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 

Recently uploaded (20)

React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 

Security Outsourcing - Couples Counseling - Atif Ghauri

  • 1.
  • 2. MSSP Couples Counseling “It’s Not You It’s Me” Atif Ghauri Chief Technology Officer
  • 3. The Odds Are… a) You’re currently using an Managed Security Services Provider (MSSP)? b) You’re looking for an Managed Security Services Provider (MSSP)? c) And you may have even fired a Managed Security Services Provider (MSSP)?
  • 4. Agenda • Why engage a Managed Security Services Provider (MSSP)? • Case Study – The Struggles of Bob and Alice • MSSP Focus Areas 1. Technical Capabilities 2. Operational Readiness & Onboarding 3. Alerts, Investigation, Response 4. SLAs and Contract Terms
  • 5. Why engage an MSSP? • I don’t have the bodies – Painful to do 24x7x365 – Brains onsite, muscles offsite – Cannot scale team with business • I can’t find or retain the skills • I want the Network Effects • I need it now!
  • 6. Come in and have a seat on the sofa… The Struggles of Bob and Alice
  • 7. Meet Bob Snapshot – Anxious Account Manager @ Global MSSP – Personally manages dozens of customers – Incented on SLA adherence and customer sat – Competent but over-stretched Bob’s Complaints – “I’m still waiting for XYZ requirements” – “You don’t show up to meetings” – “You only talk to me when it’s an emergency” – “I need your attention”
  • 8. Meet Alice • Snapshot – Crafty CISO of Major Retailer – Small team of engineers – Budget increasing but no headcount – Multiple “strategic partners” – Has little influence over business units • Alice’s Complaints – “You use to ask me how I’m doing” – “You don’t show me things anymore” – “Why do I have to ask for everything? You should know!” – “You use to give me more attention”
  • 9. Bob and Alice’s Story (in 90 seconds) http://www.jasonheadley.com/INATN.html
  • 10. What’s the nail? (Blind Spots) Bob the MSSP •Incented to ‘set and forget’ •Wants to get paid quickly – rush onboarding •Demands requirements but isn’t proactive •Missing Alice’s business context •Meets SLA and that’s it Alice the Client •Minimal organization influence •Outdated technology with default configs •Doesn’t have access to stuff herself •Doesn’t know what do to with an escalation
  • 12. Focus Area #1 Technical Capabilities
  • 13. What logs to collect (Initially)? Low Hanging Fruit – Firewall – Active Directory – IPS – Critical Servers – Anti-Virus Possible Added Value – Application Logs – DB Logs – Security Devices (URL, DLP, WAF, Endpoint)
  • 14. What logs to collect (Eventually)? Core Security •Access Control / Auth Server •Analysis •Anti Virus •Application Firewall •DLP •Firewall •IDS / IPS / Other Intrusion •Physical Security •VPN •Vulnerability / Asset Scanner Host • Application Servers • Load Balancing • Mail • Mainframe • Midrange • Unix /Linux • Virtualization • Web Servers/Proxies • Windows / Apple Network and Storage • Application Delivery • Configuration Management • Messaging • Routers • Switches • Wireless Devices/Access Points • Database • Document • Storage/File Server
  • 15. Big Data Analytics Improving Context Traditional SIEM •Rules based environment •Linear detection of logs for incident reporting Big Data Analytics •Seeks anomalies to correlate •Examines entire environment for log relationships •Tracks unusual activity working backwards to context Actively investigate anomalies and provide context around incident detection.
  • 16. Anomaly Detection Proactively identify the unknown through machine based learning to identify data pattern changes. Alert Trending creates a visual context for the behavioural anomalies.
  • 19. Focus Area #2 Operational Readiness & Onboarding
  • 20. Do you have your house in order? CSIRT Ready – Is Incident Response defined, documented, practiced? Asset Classification and Owners – Defined and updated? Ticket Pile-Up – How reactive are IT and Product teams to findings? War Games – When was the last table-top IR exercise? Response Procedures – What will we actually do when attacked?
  • 21. What happens during onboarding? Onboarding is conducted using systematic processes with detailed operational readiness checklists Operational Item Description Develop detailed project plan Define a comprehensive project plan including stakeholders, timelines, and key assumptions/risks Asset list Document the asset list of record including serial and version numbers Architecture documentation Define reference implementation architecture including security zones, network information, and management interfaces Account creation for the operational team Catalog the authorized users and account permission levels including the approved process to provision and manage system accounts Run and Build Books Establish operational run books for managed technologies OS and application are up-to-date Validate the operating systems are updated and have the appropriate licensing defined Endpoint Catalog Documentation of valid end-points and procedures for adding and removing endpoints into protection scheme Establish Health Monitoring Assure visibility into the system health of the managed devices to provide up/down reporting Provide appropriate ticket system access Assure access to the system and appropriate permissions exist to manage tickets as defined in SLAs Complete Escalation Process Document Document the end-to-end escalation tree for primary, secondary, and backup contacts for all levels of agreed upon service descriptions Production Readiness Plan the cutover deployment timing and relevant stakeholders to approve transition rollback criteria
  • 22.
  • 23.
  • 24. Six Onboarding Best Practices 1. Define “notable event" vs "incident" based: Disruption, Degradation, Nuisance 2. Build work products such as asset lists, critical applications, SEV priority 3. Vulnerability scoring definition 4. Defined ownership of process and escalation 5. Poor man’s owner lists: use top users, emp directory, last logon 6. Agreed upon operational readiness checklist
  • 25. Sample Operational Readiness Checklist • How many users on the network? • What is the make model of each appliance and the management server? • Are any of the appliances near eol? • Any unresolved support issues with the manufacturer? • What policies are in place today? Fim? Ips? Firewall? • What new policies are required? • Are the devices strictly firewall only, or multi-purpose/next-gen? • Are there other features enabled? AV, IPS, email GW, web proxy/GW? • How many physical appliances are in-scope for managed services? • What is the location of each appliance? Head office? Main data center? • Any new physical or virtual interfaces on existing platforms to be operationalized?
  • 26. Focus Area #3 Alerts, Investigation, Response
  • 27. Fundamentals of SecOps • Detection • Evidence Collection • Containment • Forensic Analysis • Remediation • Communication Mr. Fundamental
  • 28. It’s all about the use cases 1. Identify and Analyze MVAs (Most Valuable Assets) and HBIs devices (High Business Impact) 2. Model use-cases around your MVA and HBI devices 3. Use cases will tell you what logs you need (not the opposite) 4. Then pick the tech to implement use cases
  • 29. Six Best Practices for Use Case Dev 1. First Things First - Ensure critical conditions produce notification 2. Environment Centric - Build alert rules specific to environment and requirements 3. Fluid Thresholds - Ensure appropriate thresholds are applied to reduce false alarms 4. What and Why - Know what event sources are logging to the SIEM and why 5. What’s most important - Categorize alerts according to severity levels 6. Track Them All - Ensure non-critical events are excluded from notification but reviewed
  • 30. Sample Use Case References • What situations keep you up at night? • What alerts and reports do you expect to get from the SIEM? • Will the platform be managed internally or outsourced? • Is there a list of all devices/assets to be monitored by the SIEM? Which are most critical? • Which devices are natively supported by the SIEM and which ones require a custom parser? • Is the SIEM required to meet some form of compliance (e.g. HIPAA, PCI, SOX)? • How are the monitored devices geographically dispersed? • How do asset owners (of the monitored devices) feel about an agent versus agentless solution? • What devices need to send logs to the SIEM in order to get those alerts and reports? • Is there a requirement to incorporate network data elements into the SIEM? • If managed internally, what training options does the vendor provide and who exactly will be managing/monitoring/maintaining the solution?
  • 31. Sample Use Case References Popular SIEM Starter Use Cases AlienVault SIEM Use-Cases SANS Critical Security Controls *** NIST 800-53 *** ***Not purely use cases, but great source to help brainstorm
  • 32. Focus Area #4 SLAs and Contracts
  • 33. Do’s and Don’ts • Don’t do a POC of MSSP • Do unannounced VA scans and pen tests • Don’t have 5 minute SLAs • Do provision enforceable SLA penalties • Don’t just default on a one-year contract • Do define success with simple KPIs
  • 34. In Closing, a bit about Herjavec Group
  • 35. Information Security Is What We Do We provide Information Security Solutions for Enterprises globally. Our expertise includes: •Consulting & Compliance •Product and Service Delivery •Security Management •Incident Response Recognized for our Flexible & Agile Managed Services practice which includes On Prem, Cloud and Hybrid models. One of North America’s fastest growing technology companies. Successfully scaled to service enterprises globally with customers across NA, EMEA & APAC. RANKED # 2 ON CYBERSECURITY 500 Global ranking of information technology providers, integrators and managed services companies.
  • 36. We Manage 24.7.365. Herjavec Group can administer, maintain, support, and monitor your security technology 24.7.365. • Designed for large, complex, multi technology • enterprise environments • Relevant alerts & Regular reports • Big Data Analytics • 24/7/365 hot-hot, geo redundant site to site VPN access • Threat Intelligence & smart filters • Flexible ticketing systems • Minimize risk of false positives • SOC 2 Type 2 certified
  • 38. How did things go? (we really want to know!) Did you enjoy this session? Is there anyway we could make it better? Let us know by filling out a speaker evaluation. •Start by opening the IAPP Events App. •Select this session and tap “Click the following link for speaker evaluations.” •Once you’ve answered all three questions, tap “Done” and you’re all set. •Thank you!