[BreachExchange] Cyber Security-as-a-Service: A Solution for Defending Against Network Attacks

[Audrey McNeil]

http://resources.infosecinstitute.com/cyber-security-service-solution-
defending-network-attacks/

As on-line crime continues to surge in 2017, companies are increasing their
cyber-security investments to protect their data and assets. In addition to
technical countermeasures, employees’ awareness and the implementation of
stricter security policies, a new solution is being considered for
defending against Internet crime threats: cyber security-as-a-service. This
outsourced solution can be the best way to create a more proactive,
resilient defense to protect digital assets and achieve real-time threat
intelligence and breach response for businesses of any size.

According to the Computer Economics IT Outsourcing Statistics 2016/2017
study, the trend is up for the outsourcing market leading to more flexible
agreements between vendors and clients seeking quality network management
services. All numbers show that cybersecurity is quickly becoming a #1
outsourcing priority for organizations. In fact, as the 2016 report from
Gartner, Inc. also confirms, InfoSec spending will continue to grow in the
next few years, until the end of 2020. The highest growth is expected in
the funding allocated to IT outsourcing in addition to security testing and
data loss prevention. “IT security leads the way with a net of 59% of
organizations planning to increase outsourcing of this function,” reveals
Computer Economics, Inc. Organizations are becoming more service driven,
and software as a service and cloud options are now fueling the need for
managed detection and response (MDR).

When Outsourcing Managed Cybersecurity Services is Most Fitting

When is outsourcing cybersecurity services a good idea? There are many
reasons why a company might decide to entrust such a delicate function to
an external contractor. The first one is, as always, money. Outsourcing
means paying a periodic fee but forgetting all the overheads necessary to
set up an internal team, from personnel expenses to software and hardware
necessary to get the job done. It means a lower burden on the company’s HR
department that will not have to worry about the support for the team as
well as recruiting the highly-skilled professionals that are necessary for
the task in an era in which there is still a shortage of such resources.

Another consideration is availability. Cybersecurity as a service
outsourced from a reputable company with a proven track record can ensure
the constant availability of experienced security professionals around the
clock; in an internal team, especially when a small or medium company is
concerned, there might not be enough personnel to cover a 24/7 shift and
management would need to account for lower coverage in periods of training,
sick and annual leave or other requirements.

Experience is another issue. Outsourcing means also accessing the expertise
of a pool of professionals that haven’t just worked with one infrastructure
but that, most likely, are providing monitoring and defense services for
many companies of various sizes in different industries. Being exposed to a
variety of issues, they can better keep abreast with current threat
scenarios and might be able to recognize trends and issues as soon as they
arise and faster than professionals, even if an expert, that are working in
a single environment.

So, cybersecurity-as-a-service is a practical option for companies that
cannot afford their own in-house experts or whose staff is struggling to
deploy, manage and use technological tools to detect new attack vectors or
threats on their own.

Why Choose SOC Over MSSP or MDR, SIEM?

Let’s look in details what are the options for a company regarding
security. An in-house Security Operation Center (SOC) is usually the
go-to-options for the majority of companies; in fact, a SOC is a vital
component of a good cybersecurity solution designed to protect the system
infrastructure for organizations that already have onboard a skilled team
of experts with the know-how to detect and prevent network intrusions. A
security center staffed by internal employees makes companies more
comfortable as data and services are entrusted to people who are supposed
to be already loyal and committed to the organization. Access to the
network and data is not shared with external companies, and full control is
retained on customizing software products used, including Security
Information and Event Management (SIEM) solutions.

Also, an internal team is fully aware of management requirements and of any
changes that are implemented in the system and the reasons behind them;
they are also devoting their attention only to one company and might spot
unusual patterns and behaviors quicker. There are however some drawbacks.
Not all companies, in fact, can afford a large enough team to ensure
continuous monitoring and therefore, response times to incidents might be
slower than desired. Furthermore, it might not be possible to find and
employ several fully experienced professionals so gaps might occur, and a
learning curve might be expected for newer personnel. The upfront cost is
also a concern as it could be steep.

Many organizations have, in these days, elected to outsource part or all
their InfoSec operations to a third-party for on-demand computing services.
The most logical security areas to outsource include monitoring and
alerting services, security testing, incident response, third-party
assessments to identify real risks, followed by targeted training for
employees. Each daunting task is a prime opportunity to leverage external
expertise, says Christie Terrill, Forbes Contributor. This has the client
employ and “lean on a knowledgeable outside expert in an interim or
long-term capacity.” Instead, to operate a security operations center (SOC)
in-house, an organization may decide on a Cloud Security Operations Center
to provide visibility and control through a virtualized infrastructure that
can address any areas of concern and ensure the client’s cyber assets will
be adequately protected around the clock. An organization outsources key
functions and selects a cloud Managed Security Service Provider (MSSP) to
keep up with the constant threats in cyberspace; outsourced tasks often
include:

- Monitoring cybersecurity risks before they become real issues. Performing
vulnerability assessments and IT audits, where risks are identified,
measured, and managed over time.
- Scanning to help detect areas vulnerable to computer threats (e.g., a
virus, malware, spyware) and providing a realistic threat assessment.
- Testing security measures and existing security controls and processes to
ensure the organization is protected against any type of vulnerability.
This might entail conducting and/or reviewing penetration test results with
the aim to identify corrective actions.

>From the list, the MSSP solution seems it has several advantages especially
for clients in the SME area.

An MDR service instead allows for continuous monitoring of cyber assets for
ever-evolving advanced threats and exploits and ensures quick response to
confirmed incidents. As Elad Ben-Meir, mentions in The Rise of Digital
MDRs, the increased use of digital Managed Detection and Response (MDR)
services is an excellent supplement to existing security tools in
predicting and defending against network attacks; continuously scanning
digital environment for threats, “MDRs look beyond the perimeter to provide
constant vigilance of cyber activities to eliminate potential threats
before they become crises.” Also, “MDRs relieve clients of the burden of
having to determine which method or device they should use for security
monitoring and response capability” beyond what is typically monitored
through standard security controls.

Managed services ensure, in fact, access for a fee to a pool of experienced
professionals and specialized software that might not be possible to
acquire when building an in-house structure. Response to incidents is also
potentially much faster as 24x7x365 coverage is normally guaranteed. From a
financial point of view, companies might be happier to budget for a
monthly/annual fee rather than facing a significant upfront expense and
several, subsequent “maintenance/training” charges.

The drawbacks are obvious: the monthly cost could be stable or increase
overtime, while an in-house SOC might potentially become less expensive as
time passes. Security and privacy are also a concern as trusting
subcontractors with company data is a necessity. Some organizations are
reluctant to give up complete control over the security of their systems.
The risk can be mitigated by devising robust service level agreements
(SLAs) that shall clearly state, in details, legal liability
responsibilities and consequences. Companies can also decide to outsource
only some specific functions to keep an internal SOC while having
contractors provide only specific tasks: continuous monitoring, for
example, or managing some technical tools, or else vulnerability scanning.

Plenty of outsourced options exist; as a result, it is quickly becoming a
favorite choice for many firms, as proved by current researchers. Gartner’s
Market Guide for Managed Detection and Response Services predicts that by
2020, 15% of midsize and enterprise organizations will be using services
like MDR, up from less than 1% today.

The alternative is a SIEM service. Many organizations today are especially
leveraging SIEM-as-a-service (Security Information and Event Management –
SIEM) to enhance their existing cyber defenses as the most effective
mitigation strategy for integrated threat intelligence so they can
accelerate threat detection in the cloud and/or on-premises environments.
As SIEMs tend to generate a considerable amount of data and events, it can
overwhelm the security team; organizations might employ managed security
services for this function for complete or blended support of their
environment.

Fittingly, choosing the right vendor is crucial, and it involves a thorough
analysis of the business requirements, managing risks in asset transfer,
the gamble the company is willing to take with outsourcing and the
potential cost of an InfoSec breach. It also means a complete market review
with the identification of reliable partners and, in most cases, the best
company that operates in cybersecurity as related to the market in which it
operates. Therefore, it is best to begin by researching the vendor’s
background, qualifications, credentials, and reputation before a
contractual agreement. The service agreements ought to include details
about their services, access rights granted and security provisions, as to
who has admittance to the network; all this to build a trust relationship
before relinquishing control to an outside third party. It is also
essential for clients to consider the level of control they still have in
the configuration of any software/hardware deployed by the contractor and
in the decision-making as related to what to do and when during an
incident. So, in the outsourcing agreement, a third-party vendor that is
bound to certain levels of service and quality may not be held complete
accountable if it fails to deliver the best security for its client that
has ultimate responsibility for the results.

Conclusion

In today’s cyber landscape, managing internet security is paramount which
is why so many companies opt to set up and run a SOC in-house or choose the
services of consulting firms that will ensure that adequate steps are taken
to preserve and protect the company’s digital assets.

It is vital for businesses of all sizes and not just large companies to
make decisions and provide for the security of their assets. As former US
Cyber Command and National Security Agency (NSA) head Gen. Keith Alexander
mentioned in a 2004 conference, it is actually imperative for all
businesses to pull together to defend their cyberspace better.

“If the small and midsized companies are grouped together, and they have
this great cyber-security as a service capability, they are not the
downstream problem for the large companies. In fact, they become part of
the sensing fabric that helps protect the big industries — which they
cannot do today. This capability would greatly improve our cyber hygiene.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171107/d67a7d43/attachment.html>