How CyOps Outsourcing Works in Enterprises
By: DAX Paulino, Cybersecurity Practice Lead
The horrors of securing an enterprise
The task of securing an enterprise network is definitely not for the faint of heart. With everything moving towards mobile technology and the cloud, it’s inevitable for network perimeters to deplete and for different attack points on corporate networks to grow rapidly. This means that it’s imperative for each attack point to have its own security measures in place.
It’s been known in the cybersecurity industry that the best approach is “defense-in-depth”. This means that several back-up security mechanisms have to be in place in case one fails. In an enterprise environment, considering the growing attack points as previously mentioned, this is a nightmare.
The DIY Approach
Let’s imagine that you have a lot of resources (AKA money). To secure your assets, you can utilize the “defense-in-depth” strategy and narrow it down to three categories to help you focus your security on 1. Network, 2. Endpoint, and 3. Data. Now, you come across other problems: visibility, correlation, incident response.
This is where the Security Information and Event Management (SIEM) comes in. With SIEM, you can have heightened visibility on your security logs, detect threats and perform comprehensive analysis, and provide reports. You finally have an understanding of what is going on in your environment. You then think to yourself, “Let’s just hire the best people and provide the right processes”.
Sounds easy enough, right?!
Until you wake up.
Point solutions have their own strengths but they are also limited to what they are focused on. SIEMs would be able to make them all work together but it comes with a price. A very big one. There is nothing simple about an SIEM. Aside from its cost, consider several other factors like administration, infrastructure, and resources, performance, operations, data gathering, etc. And, take note, an SIEM is just one piece of the solution. Being in an enterprise, people and processes are also vital in enhancing the SIEM and other tools. This is where the Security Operations System (SOC) comes in. Yet again, remember that if you DIY, prices can go up way too fast.
A little help goes a long way
The good thing is that there are several ways for you to lift some weight off your shoulders. Outsourcing can be a very viable option because it offloads several administrative or management tasks. With outsourcing, you no longer have to train personnel, you get to have a more constant monitoring of incidents, and you can very much estimate the price to pay. With all these benefits, you are left with the responsibility of providing the proper remediation steps. In some situations, depending on the severity, these may even be automated.
What’s in the menu?
Depending on the size of your organization and what you have technically, you have several options on what type of outsourcing you can get. Here’s a list of Cybersecurity-related services and their different offerings:
1. Managed Service Provider (MSP)
MSP’s usually provide the basic network infrastructure services like systems management, software installation and support, and network and security monitoring. This type of service is also limited to that, hence, the offering is very basic and limited. It lacks advanced threat detection and remediation skills and sometimes even 24x7 support. Yet, the usual mundane tasks are lifted off your shoulders.
2. Managed Security Service Providers (MSSP)
MSSP’s specialty is a networks’ basic cybersecurity management. This includes point products like patch management, firewalls, endpoint security, etc. Also included is continuous monitoring of your network security with a SIEM. It does not, however, monitor your entire network and provide incident response. This is because monitoring is limited to specific devices only, thus it does not have a full understanding of the network and how to respond to threats.
3. Managed Detection and Response (MDR)
This is the newest service offering. What MSSP lacks is filled up by MDR. This service includes continuous monitoring of your network, focused threat detection, analysis and response, incident investigation, and provides remediation recommendations. The downside of this is you are still involved in the incident response and remediation process and have no control over your point products like firewalls since this is done as a “remote” service.
4. SOC-as-a-Service (SOCaaS)
In a nutshell, SOCaaS is THE cybersecurity service. You get 24x7 monitoring (network and security), fewer alerts and false positives, Incident Response expertise, full utilization of point solutions, forensic analysis, remediation advice, and of course predictable expenses. It does have a minor shortcoming with network-related issues (i.e. no connectivity or slow network speed), which can be addressed by MSP.