"Navigate the MDR Marketplace Like a Pro!"
•
0 likes•21 views
ATC Tech Summit 2022 - Cybersecurity Session presented by Mike Sci, Cybersecurity Evangelist, eSentire.
Recommended
Recommended
More Related Content
Similar to "Navigate the MDR Marketplace Like a Pro!"
Similar to "Navigate the MDR Marketplace Like a Pro!" (20)
More from Advanced Technology Consulting (ATC)
More from Advanced Technology Consulting (ATC) (20)
Recently uploaded
Recently uploaded (20)
"Navigate the MDR Marketplace Like a Pro!"
- 1. Navigate the MDR Marketplace like a pro! Mike Sci, Senior Solutions Architect
- 2. eSentire CONFIDENTIAL 2 Today 1 Cyber Security -The big data problem 2 Defining the MDR marketplace Our approach 3
- 3. Managed Detection And Response eSentire CONFIDENTIAL 3 Mission is to hunt, investigate and stop cyber threats before they disrupt your business. Seattle Waterloo Cork London New York Security at Scale across industries: Founded in 2001 Customers: 1000+ Countries: 70+ Net promoter score: 73 Assets under management: $6.5T …and more Healthcare Legal Manufacturing Finance 2 Security Operations Centers 24/7 Threat Hunting and Support 5 Patents in Machine Learning Daily Signal Ingest 20.5M Daily Atlas XDR Automated Disruptions 3M Daily Human-led Investigations 6000 Daily Escalations 700 Daily Threat Containments 400 SOC Mean Time to Contain 15 mins SOC
- 4. eSentire CONFIDENTIAL 4 Digital transformation is extensive and all encompassing • Digital transformation is forcing the evolution of your business. • Everything is digitized, accessible, connected and vulnerable. • Traditional security methods lag behind digital transformation velocity. of companies digital transformation drives growth and competitive pressures1 92% of US currency exists only in digital form2 89% Internet users by 2022 6 BILLION 75% of the projected world population4 Connected devices worldwide by 2030 50 BILLION Wireless smart devices3 1Source: Altimeter: The State of Digital Transformation 2018-2019 2Source: Visual Capitalist: How many US Dollar Bills Are There in Circulation? 3Source: HelpNetSecurity: Number of connected devices reached 22 billion, where is the revenue? 4Source: Cybersecurity Ventures 2019 Official Annual Cybercrime Report
- 5. eSentire CONFIDENTIAL 5 Speed of business and appetite for new tech creates tension Faster tech adoption 2½ times faster adoption of emerging tech driven by need for new business models. • Traditional security solutions can’t keep pace with customer business models and technology. • Artificial Intelligence is being adopted 2.5x faster than cloud since the introduction of AWS in 2006. Tension between DevOps and ITSec Cultural and operational tension between DevOps and ITSec creates challenges and risks. • DevOps has majority of security and IT Ops teams in dysfunction. • Proliferation of DevOps-driven application deployments has contributed to security issues, not reduced them. Ecosystem evolution The Red Queen effect states that complex ecosystems must evolve, or they will die. • Emerging tech and platform ecosystems constantly evolve and are used in ways not originally contemplated. • The threat surface also evolves with more risk and breaches.
- 6. eSentire CONFIDENTIAL 6 Cybersecurity is a massive data analysis problem • You need a robust solution that can analyze massive amounts of data for hidden threats. • Our cloud-native MDR platform ingests data, turns it into insights and accelerates indicators of concern to our elite threat hunters who identify attacks in seconds and contain them in minutes before they disrupt your business.
- 7. How to manage the Tsunami of data eSentire CONFIDENTIAL 7 Multi-signal ingestion. Cloud-delivered architecture. Serverless Compute Network Isolation Ingestion gateway Signal normalization Secure, reliable, and scalable API for data capture Translate raw signals to common event model Investigation, response, and customer notification Investigation platform Single pane of glass Enrichments and recommendations Orchestration Normalized signals are enriched and exit with automated response or recommendations Virtual Private Cloud Threat Intel Service Asset Context Service Global Learnings Service ML Model Service Virtual Private Cloud DNS Routing Secure API Gateway Data Streaming Data Streaming Network Isolation Investigation Store Servicenow Open Source SOAR SOC Dashboard Virtual Desktop M A C H I N E H U M A N LOG NETWORK CLOUD ENDPOINT Signal Sources
- 8. eSentire CONFIDENTIAL 8 Data from a typical small/mid-sized business • Our cloud-native platform accelerates delivery of rapidly evolving detection and response capabilities to our Security Operations Center (SOC) cyber investigators. • Our SOC elite threat hunters will contain any threat on your behalf. They monitor, detect, and respond swiftly and strategically. • Our team of cybersecurity professionals is the most skilled and dedicated in the industry. 271,812 Raw signals or indicators of concern 2,190 investigations 65 security incidents 2 escalations 1 month of data for one customer
- 9. eSentire CONFIDENTIAL 9 Full-spectrum visibility and immediate response Our powerful combination of cloud- delivered MDR platform used by our elite threat hunters allows us to: • Accelerate response times • Reduce threat actor dwell time • Minimize risk of business disruption • Relentlessly research and pursue threat actors 20 minutes to isolation and containment 35 seconds to begin triage 6 Investigations every minute 646 Confirmed security incidents per day E X P E R T P E O P L E M A C H I N E L E A R N I N G
- 10. eSentire CONFIDENTIAL 10 Defining the MDR marketplace 1
- 11. MDR emerges. Clever marketing follows. eSentire CONFIDENTIAL 11 Reality: Retainer for incident response Reality: Client-side response team required Reality: Little or no tactical containment Managed Detection and RESPONSE Marketing verbiage distorts what really means to the customer Reality: Requires add-ons for full functionality Reality: High analyst to customer ratio Reality: Unproven marketplace solutions F U L L V I S I B I L I T Y M D R
- 12. Spotting red flags eSentire CONFIDENTIAL 12 F I N A N C I A L S T R E N G T H • Is the company public or private? • Who are the company’s backers/investors, and what are their track records? • Is the company profitable? • What is the company’s commitment to – and investment in – research and development? • How much of the company’s revenue is attributable to MDR? • For how long will the company remain financially viable without additional investment? C O M PA N Y P R O F I L E • What was the company’s original mission? • How has the company evolved over time? • What is the company’s core competency? • Is the company a marker leader or a follower? • What is the leaderships team’s background? • What markets does the company serve? P E O P L E & S E R V I C E D E L I V E R Y • From where does the company provide the service? • Does the company have different levels of analysis? • Does the company have specific response personnel? • Does the company have dedicated threat intelligence analysts and researchers? • For what positions has the company hired in the past? • For what positions is the company currently hiring? • Where are the new positions based? I N N O VAT I O N • Does the company hold granted patents and intellectual property? • What is the company’s history of service and product releases? • Does the service and product release history indicate reactive response to cyberlandscape developments or proactive anticipation of emerging shifts? • What are the background, specializations and skillsets of the company’s development and engineering team? (LinkedIn is a useful resource in this regard). • For what percentage of the total employee base do development and engineering account? D E M O N S T R AT I O N O F D E L I V E R Y & R E V I E W S • What do employees say about the company? (Glassdoor is a useful resources in this regard.) • What do peer review sites such as Gartner Peer Insights, SpiceWorks, G2Crowd, etc. reveal about the company? • What do seaches on subreddits receal for experiences working with or at the company? • Does the company have case studies? • Is the company clear about what they do and how they will deliver? • Does the company have customer references and statements attesting to delivery? • What are the company’s client satisfaction scores, NPS and retention rates?
- 13. Leveling the playing field eSentire CONFIDENTIAL 13 VISIBILITY SIGNAL FIDELITY RESPONSE DETECTION • Visibility • Fidelity • Detection Capability • Response
- 14. Visibility | Fidelity | Detection eSentire CONFIDENTIAL 14 Full Visibility Regardless of Deployment Model VISIBILITY SIGNAL FIDELITY RESPONSE DETECTION Single Telemetry Source Multiple Telemetry Sources (Endpoint + Network) Medium Level (e.g., Full telemetry in some, limited in others) High Level (e.g., Full endpoint, PCAP, Log, Vulnerability, etc.) Low Level (e.g., Log, NetFlow) • Known • Customized TI • Active + Proactive Threat Hunting • Advanced Behavioral • Advanced Machine Learning • Known • Customized Threat Intelligence • Active Threat Hunting • Limited ML • Limited Behavioral • Known • Commodity Threat Intelligence
- 15. Response eSentire CONFIDENTIAL 15 Full Visibility Regardless of Deployment Model VISIBILITY SIGNAL FIDELITY RESPONSE DETECTION Single Telemetry Source Multiple Telemetry Sources (Endpoint + Network) Medium Level (e.g., Full telemetry in some, limited in others) High Level (e.g., Full endpoint, PCAP, Log, Vulnerability, etc.) Low Level (e.g., Log, NetFlow) • Known • Customized TI • Active + Proactive Threat Hunting • Advanced Behavioral • Advanced Machine Learning • Known • Customized Threat Intelligence • Active Threat Hunting • Limited ML • Limited Behavioral • Known • Commodity Threat Intelligence • Full IR Lifecycle Support • Managed Remote Threat Containment • Validation • Full Forensics • Know Threat Automation • Limited IR Lifecyle Support • Validation • Limited Forensics • Know Threat Automation • Non-vetted Alert Forwarding • Limited Forensics
- 16. Other criteria eSentire CONFIDENTIAL 16 TIME OF COVERAGE SERVICE TIERING RETAINERS PORTAL PREVENTION MANAGEMENT COMPLIANCE REPORTING SERVICE REVIEWS CONTRACTUAL OBLIGATIONS/ INSURANCE SLAs
- 17. eSentire MDR vs. Other Industry Models eSentire CONFIDENTIAL 17 EDr Single Telemetry • Singular telemetry • Investigation/threat vetting • Client-side containment • Endpoint forensics • Lack of correlation with other signals MDr Multi-Telemetry • Higher telemetry • Investigation/threat confirmation • Client-side containment • Advanced detection capabilities • Forensics • Limited correlation with other signals SIEM Managed • Limited visibility beyond logs • Limited signal fidelity • Limited forensic and correlation capabilities • Higher incidence of false positives • Limited IR Lifecycle coverage Visibility Signal Fidelity Detection Capabilities Response • Complete visibility across attack surface • Ability to correlate multiple signals • Limited false positives • Full IR Lifecycle support MDR Full Telemetry
- 18. eSentire CONFIDENTIAL 18 The eSentire Approach 1
- 19. Start date: mm.dd.yyyy End date: mm.dd.yyyy The eSentire Ecosystem eSentire CONFIDENTIAL 19 Cloud-native architecture. Proprietary machine learning. Extensive response capabilities. S E C O N D S T O R E S P O N D | M I N U T E S T O C O N T A I N e S E N T I R E T H R E A T R E S P O N S E U N I T ( T R U ) Proactive hunting and research Develops detection models Intelligence and analytics e S E N T I R E S E C U R I T Y N E T W O R K E F F E C T S Security that scales Amplifying detections across base 400+ indicators added daily Cloud-Native Platform Machine Learning Models Automated Disruptions AT L A S X D R C L O U D P L AT F O R M Secure, reliable, and scalable API for data capture Translate raw signals to common event model Investigation, response, and customer notification Normalized signals are enriched and exit with automated response or recommendations INGESTION GATEWAY SIGNAL NORMALIZATION INVESTIGATION PLATFORM Single pane of glass ENRICHMENTS & RECOMMENDATIONS Orchestration M A C H I N E H U M A N E C O S Y S T E M Access investigation analysis and risk reporting I N S I G H T P O R T A L eSentire experts hunt, contain and respond to attackers. 2 4 / 7 S O C Daily Escalations 700 Daily Threat Containments 400 Mean Time to Contain 15min R E S P O N S E S I G N A L S Network Endpoint Log Cloud Vulnerability Multi-Signal Ingest
- 20. Start date: mm.dd.yyyy End date: mm.dd.yyyy O N - P R E M I S E | C L O U D | H Y B R I D CLOUD ENDPOINT LOG NETWORK Security Log Sources Contextual Awareness IaaS / SaaS Platform Protection East / West Activity Endpoint Telemetry North / South Traffic Full Packet Capture Proprietary Technology
- 21. Start date: mm.dd.yyyy End date: mm.dd.yyyy O N - P R E M I S E | C L O U D | H Y B R I D Managed Vulnerability Service Reduce Risk Vulnerability Management Phishing and Security Awareness Incident Response Service Proprietary Technology Proprietary Technology Reduce Risk User Education Security Posture Contain Eradicate Recover
- 22. eSentire CONFIDENTIAL 22 Managed Risk Programs Core Essentials Measure and Engage Mature and Direct Harden and Secure Harden and Wargame Managed Vulnerability Service Managed Vulnerability Service Managed Vulnerability Service Managed Vulnerability Service Managed Vulnerability Service Virtual CISO - Base • Security Program Maturity Assessment Virtual CISO - Base • Security Program Maturity Assessment Virtual CISO - Essential • Security Program Maturity Assessment • Choose one additional vCISO module: SPRG, SIRP, SAR, VRMP, VMP Virtual CISO - Good • Security Program Maturity Assessment • Choose three additional vCISO modules: SPRG, SIRP, SAR, VRMP, VMP Virtual CISO - Best • Security Program Maturity Assessment • All five additional vCISO modules: SPRG, SIRP, SAR, VRMP, VMP Executive Briefing Phishing and Security Awareness Training Phishing and Security Awareness Training Phishing and Security Awareness Training Phishing and Security Awareness Training External Penetration Test - Annual External Penetration Test – Semi- annual External Penetration Test – Semi- annual External Penetration Test – Quarterly Threat Advisories and Executive Briefing Threat Advisories and Executive Briefing Internal Penetration Test – Annual Internal Penetration Test – Semi- annual Threat Advisories and Executive Briefing Red Team Engagement – Annual Wargame Threat Advisories and Executive Briefing
- 23. “Everybody has a plan, until they get punched in the face” - “Iron” Mike Tyson
- 24. ©2014 AKAMAI | FASTER FORWARDTM Thank you Mike Sci Senior Solutions Architect Michael.Sci@esentire.com https://www.linkedin.com/in/mikesci/ Questions?
Editor's Notes
- My name is Mike, Sci and I’m a SR. Channel Solutions engineer, based in Atlanta GA My first exposure to cybersecurity was back in 2010 working for a major CDN company where we offered WAF in the cloud. I then started working in the managed security space, selling platform management, SIEM and other security services. While working in this space I found customers did not have the staff or expertise needed to understand and respond to the flood alerts coming in from their MSP. This was back in 2016 when I read "Gartner's guide to managed detection and response” Reading this guide I realized that MDR was solving for a need that was not being addressed by traditional MSSPs. The need was for embedded, Realtime incident response, not just alerting and guidance, which left the burden on the customer to do the forensic analysis, determine the severity of the incident and ultimately respond to the threat themselves, in a timely manor. This brought me to working for the the originator of MDR, eSentire, where I could confidently sell a solution that would ensure they would not have a business impacting event. I started working as an SE supporting direct sales then Moved into a channel SE role.
- Today I’m going to cover three key areas to show you how cyber security is really a big data problem. Give you some insight on the MDR marketplace and give you the highlight real on our approach here at eSentire. I’m going to pack a lot in over the next 30 minutes, so fasten your seat belt. Will save some time at the end for questions and I’m always available anytime after this webinar.
- What is MDR? Evolution of MSSP
- We here a lot of talk about digital transformation I look at digital transformation as converting everything to zero's and ones delivered over the "lowest cost channel" The Pandemic has accelerated Digital Transformation, putting great pressure on all industries to transform how they do business the global workforce moving to remote work has made business more vulnerability by increasing the attack surface and leaving holes in their security posture. This increased the likelihood of a cybersecurity breachs ---
- Faster Tech adoptions creates creates more demand on IT resources. Who has the skills to operate this ever-changing list of the latest point solution? Red Queen effect: complex ecosystems must evolve, or they will die. (that's kind of sobering) So with Digital transformation, combined with faster tech adoption, inability to get talent and the pressure to evolve or die, What else could go wrong? How about a tsunami of data?
- Now were confronting and trying to manage a massive data analysis problem (What do we do with all the data?) Having cloud, on-premise and hybrid environments has increased the noise that customers needs to sort through. It has also increased the attack surface the the burden on all organizations, especially S&B companies who don’t have funding or resources required to protect them. You not only need full spectrum visibility, but you need to be able to make sense of the data You may ask, How do we do that?
- At esentire we leveraging a our Atlas cloud native platform To solve this massive data analysis problem You need to start with pulling in the relevant security data sources or signals from network, endpoint, log, cloud. these signals are ingested into a common gateway. Next, they are sent to a data stream where they are normalized into standardized data via defined schemas. This data is enriched with geo data, WHOIS data, and other enrichment data such as our Threat Intelligence, Machine Learning, Global Learning Service and Asset Context Service. Rules are applied to enriched events and they exit with automated response or recommendations. meaningful events are made available to our Security Operations Centers via the SOC dashboard. The SOC Dashboard includes event details, investigation tools and response capabilities that our threat hunters can use to disrupt and contain a threats. Lets take a look at a typical customer
- Here is a big data example: This is an example of data coming from a Small / Midsized business. - 1 sensor 200 endpoints ~200 employees 271K Raw signals or indicators of concern – from network and endpoint telemetry Through filtering, threat intelligence, Machine learning, 2,200 threat hunter lead investigations After false positives, there are 65 security incidents that we took action eliminate the threat..............then notified the customer 2 escalations where the customer needed do take action such as re-imaging an endpoint, running next gen. AV solution Example pulling in massive data and making it actionable by our threat hunters
- Visibility is important, but Speed counts! this illustrates the Power of our SOC and the threat hunters that work in the SOC- We have data coming in from over 700 customers and we conduct six, threat hunter lead investigations every minute. You need a cybersecurity service that can keep up with digital transformation, the tsunami of data and adapt to avoid the red queen effect, providing a cyber threat hunting service at a value driven price point.
- So let’s dig into, Defining the MDR marketplace
- As MDR has become the latest cyber security buzz word, it has created confusion in the marketplace. There have been a lot of so called MDR competitors join the race in the past 3 to 4 years In 2016, Gartner released the first official market guide for managed, detection and response services (just before I joined esentire) They cited 14 organizations as MDR vendors. Just three years later, Gartner’s 2019 edition list over 200 providers in the MDR market space. While many analyst firms have released reports or guides that include broad category definitions of MDR, there is still a lack of clear attributes for measurement. Since there is no singular definition established for MDR, I'm going to provide you a methodology for evaluating not only MDR providers, but can also be used in evaluating capabilities of MSSP’s and other security solutions
- With over 200 “MDR” providers now being tracked in the marketplace, background differ vastly from one provider to another. MSSP’s have evolved their offerings, by adding an Italian menu of add on’s to try to compete in the MDR space (Do you want Canoli’s and expresso with the chick parm?) And Software providers have added a managed component, while consultants have added technology stacks to compete with pure play MDR providers, such as eSentire this slide represents potential red flags for organizations looking for an MDR provider. ====== Things you should consider are: company profile, financial strength, history or track record of innovation, service delivery, innovation and demonstration of delivery I suggest reading Gartner guide to managed detection and response or eSentire managed detection and response definitive guide. We can provide these to you.
- On The previous slide I presented some subjective considerations, now as promised, I’m going provide you that methodology for evaluating MDR providers. This radar chart combines the four technical criteria for evaluating providers. Visibility, Detection, Signal Fidelity and Response. These criteria correspond to the primary purpose of MDR: minimizing threat actor dwell time. these criteria captures the capabilities of the MDR segment.
- Starting with Visibility, from applications to infrastructure, on–premises, in the cloud or in both. What was once a clearly defined defensive perimeter is now a shifting blend of mobile users and cloud workloads. As a result, you need visibility into multiple telemetry sources. MDR Providers typically rely on telemetry from multiple sources: endpoints, network, log data, cloud or vulnerabilities. Base level MDR starts with Single telemetry, moves to Multiple telemetry and finally Full telemetry or as we call it full spectrum visibility Next, we have Signal Fidelity. Log data provides broad level visibility, but is limited in depth, whereas full packet capture from the network provides deep fidelity but is limited in breadth of scope. Importantly, each has strengths and weaknesses when applied to the investigative process. Looking at the third axis, we consider Detection capabilities. This may include threat hunting techniques, machine learning, automation, customized threat intelligence, behavioral, and perhaps known and unknowns. But it's the capability to find signals in the noise that separates advanced technologies.
- Back to the fourth axis, Response, Time to detect, respond and contain is critical……….. Looking at the three categories of response: Tier one, non vetted alert forwarding with limited forensics. Tier two, threat validation, limited forensics, known threat automation and limited IR lifecycle support. Tier three, threat validation, full forensics, known threat automation, managed remote tactical containment and full IR lifecycle support. At eSentire we are considered tier 3 and are with you until the threat is eliminated! ---- Keep in mind......You have seconds and minutes to detect and respond, not hours and days we call this Micro Incident response or embedded real time response I'm sure most people on this call are familiar with incident response retainers? Ask yourself........How long does it take to initiate an IR retainer and then respond to a potentially business impacting event ? What would be the benefit to embedded real time incident response?
- The four-axis radar chart we reviewed provides you framework comparing MDR providers. (visibility, detection, signal fidelity and response) but there are additional criteria for consideration that correlate to: time to detect and time to respond. Consider these other criteria when evaluating MDR providers. -----Talk to the slide
- This radar chart combines the four technical criteria (Visibility, Detection, Signal Fidelity and Response) for evaluating MDR and MSP providers. These criteria correspond to the primary purpose of MDR: minimizing threat actor dwell time. You can use this chart to see how the competitors stack up against these criteria. Talk to slide: MD r R..... Some questions you can ask yourself, What is a good enough solution? Are you a first- or second-generation buyers? Meaning have you learned what your true needs are from your first or even second experience with a security provider? ====== SOC-as-a-Service or Managed SIEM is a category of MDR Provider commonly characterized by MSSPs that are evolving services from alert-driven to more comprehensive coverage across the IR lifecycle. Capitalizing on the breadth of log visibility, SOC-as-a-service or Managed SIEM providers offer a cost-effective option to organizations that are looking to outsource expertise but have limited budgets. Endpoint Detection and Response and MDR are used interchangeably by many managed endpoint detection and response providers. Edr, or in this case, ED, little ‘r’ is a subset of the MDR market, providing expertise focused solely on endpoint. As a category, ED little ’r’ providers offer advanced detection capabilities for endpoint threats. However, the majority of the IR lifecycle, including containment is the client's responsibility. ED little ’r’ vendors are a viable option for organizations looking for endpoint monitoring and detection and that have in-house resources to correlate data from other single sources to confirm, triage and contain threats in a timely manner. MD little ’r’ multiple telemetry, represents the majority of the MDR market today. Vendors in this space leverage multiple telemetry sources but fall short of full stack visibility across on-premises and cloud environments. Typical combinations seen in this category, are endpoint and log together, most commonly. Or endpoint and network, or network and log. Vendors in this space typically utilize machine learning and behavioral analysis software to process large amounts of data to look for unknown threats. Coverage of the IR lifecycle is limited, and incident response retainers are typically available for clients in the event of an incident that cannot be handled in house. MD big ‘R’ full telemetry represents the MDR industry's most complete offerings. Full visibility across on premises and cloud environments, coupled with integrated machine learning and behavioral analysis, feeds threat hunters with vital information that facilitates near real time threat detection and containment. Additionally, SLA’s strictly outline potential threat actor dwell time, limiting client-side requirements for IR lifecycle coverage. Importantly, organizations looking to outsource to MD big ‘R’’ full telemetry providers must have complete trust in the providers capabilities to deliver on SLA’s.
- To solve this security data analysis problem You need to start with pulling in the relevant security data sources from network, endpoint, log, cloud then leverage a service that provides a technology platform and security experts That Filter through the data and NOISE. Leveraging automated analysis, machine learning, aggregation, correlation to drive rapid response to security threats. Of course we hear a lot of talk about AI,ML but the biggest advantage in the security market are the people who are trained in cyber threat hunting! Threat hunters also apply AI: Abstract thinking and intuition That a key differentiator of our MDR service. We call this: human expertise at machine scale! I mentioned Full spectrum visibility, What does that look like???
- The five bundles are: First - Core Essentials, Second - Measure and Engage, Third - Mature and Direct, Fourth – Harden and Secure, and Fifth - Harden and Wargame. Some of the services provided include: Vulnerability Assessments, Penetration Testing, Phishing Campaigns and Red Team exercises, which are a combination of various techniques to evade detection and prevention capabilities within the environment. This exercise results in assessment of prevention, detection and response capabilities against real world scenarios. As our bundles build upon one another, Mature and Direct, and Harden and Wargame, include an increased scope of services. The first being a Security Program Maturity Assessment or (SPMA). This provides an in-depth assessment of the client’s security program efficacy. Next, Security Incident Response Planning or (SIRP), this develops a focused and pragmatic plan that identifies the key steps to take when a security event occurs. Third, Security Policy Review and Guidance or (SPRG). This is a fully realized information security program that provides specific best practices for policies and procedures based on the eSentire security framework and NIST cybersecurity framework. Lastly, the Security Architecture Review or (SAR). This reviews technologies currently in use by your organization and provides detailed security controls and audit assessment criteria to secure the system.
- and I’ll leave you today with a quote from iron Mike Tyson………. Everybody has a plan until they get punched in the face. Most companies think they have a plan and a security service they can rely on, until they have that business impacting event. Boxers surround themselves by experts to train and protect them from their opponents. The same is true for cyber security, you need to have an expert team with a true MDR service behind you, to make sure you are prepared for the next fight to dodge, block and respond to your adversaries in real time. Thank you!