The February 11th Telarus Tuesday call welcomed CPO & co-founder, Patrick Oborn and VP of biz dev – Cybersecurity, Dominique Singer to discuss how to develop a sound security practice. The entire recording is available here.
When we talk about Cybersecurity, what we’re really talking about is risk. Any good cybersecurity program must start with risk management, and it is something that needs to happen continuously because threats change over time, as do the risks. When it comes to risk, there are five fundamental steps to managing it.
- Identify Critical Assets
- Identify the value of Critical Assets
- Identify the impact of loss/harm to Assets
- Identify the likelihood of loss or harm to Assets
- Prioritize mitigation activities to be implemented
NIST is the National Institute of Science and Technology and has been around for over fifty years. NIST came up with an actual cybersecurity framework; this framework goes into putting a sound cybersecurity strategy in place.
- Identify: This is where it all begins: a Cybersecurity gameplan and strategy are defined, and budget is allocated based on Risk appetite.
- Protect: People, Processes, and Technology, as defined by the Identify process, are put in place to Protect the Critical Assets.
- Detect: People, Processes, and Technology, as defined by the Identify process, are put in place to quickly discover Threats to Critical Assets.
- Respond: People, Processes, and Technology, as defined by the Identify process, are put in place to contain and remove Threats (“Incidents”).
- Recover: People, Processes, and Technology, as defined by the Identify process, are used to return to “business as usual” or back to acceptable levels while the Incident Response process completes.
Telarus is currently working on revamping the security matrix and aligning service providers into each of the categories listed in the framework. This should make it easier for every Telarus partner to understand where to position different services. The goal is to shift away from products and think more about the services and solutions you can provide for your customers.
What goes into identifying our general plan?
- General Cybersecurity Consulting
- Vulnerability Assessments
- Penetration Testing
- Compliance Readiness
- Virtual CSO
- Phishing Simulation
- Awareness Training
- Business Impact Analysis
Telarus works with several providers who do a terrific job when it comes to cybersecurity consulting. They all have different specialties, and they all bring different skills to the table.
Next, we move to Vulnerability Assessments. The important thing to remember is that they don’t necessarily mean Penetration Testing. Vulnerability Assessments are more about asking questions and getting feedback from a customer.
If you go through a Vulnerability Assessment and a Penetration Test is recommended, Telarus works with many providers who can help you with this. When it comes to Penetration Testing, it’s crucial to ask your customer why they are requesting one. A good penetration test is there to uncover new vulnerabilities or validate assumptions about a security program. If a customer wants to buy a cheap penetration test, then essentially all that they are buying is a false sense of security. The reason we are highlighting the providers listed below is that they are top-shelf; what they bring to the table is advanced expertise.
Compliance Readiness is essential. Being ready from a technological perspective is good, but not passing pass compliance criteria hurts your company’s ability to operate.
Why is Virtual CSO important? Some compliance audits you can’t pass unless you have CSO. The idea of a virtual CSO program is that, just like with other MSSP services that are offered, you get economies of scale as a customer. You’re able to leverage any of the providers listed below who offer excellent advisory services in that CSO capacity.
Business Impact Analysis is a very formal approach to risk management; it essentially lives in the identify phase and should be the driver for all security initiatives. It does take time and effort, that’s why Telarus partners with many great providers who can bring this to a customer.
The idea behind a phishing simulation is to help users become more aware of what a phishing email looks like.
To be compliant, you not only have to be technologically sound, but you also need to have training for your employees. So, what are some providers who’ll come and teach your people how to understand security better?
Some of the elements that make up the “protect” segment of the framework include:
- Managed Security Services (Firewall, Web, Email)
- Global DDoS Protection
- Endpoint Protection
- Managed Cloud Firewall
- Web Application Firewall
- Privacy & Data Protection
- Zero Trust & Software-Defined Perimeter
- Mobile Enterprise Management Solutions
- Remote User VPN
- Patch Management
- Secure Access Service Edge
The most common element is managed security services. The whole idea around the Protect segment is that we’re looking at protecting things coming into our customers’ organization and looking inside the organization and protecting people and systems from doing bad things.
So how do Third-Party providers breakdown between some of the most popular offerings out there? The whole conversation revolves around what the customer is trying to achieve and what level of services the customer is looking for.
When we are talking managed cloud firewalls, we’re thinking about if a customer has a collection of internet circuits they want to aggregate up to a central location within a particular region or if they have existing MPLS networks from a particular provider. Having Managed Cloud Firewalls means it’s all fully managed by the provider, and that the person doesn’t have any equipment on-prem. Web Application Firewalls, on the other hand, are a little more specific. This means we are looking at and inspecting traffic coming into that customer’s environment to make sure the bad guys aren’t trying to come in.
When it comes to DDoS, Imperva is a provider that always comes up because they have an industrial-strength application. So, what other providers does Telarus work with when it comes to DDoS?
Telarus works with a lot of vendors who offer Endpoint Protection. Endpoint Protection is more than just a firewall. It’s things like artificial intelligence, anti-ransomware, EDR, and MDR.
The “Detect” phase of the framework includes:
- Intrusion Detection & Prevention
- Security Log Monitoring (SIEM)
- Advanced Threat Hunting
- SOC (Security Operations Center) as a Service
- Advanced Threat Detection and Awareness
- Machine Learning / AI
- Cloud Security Monitoring
- Log Management
- Threat Analytics
- Managed Security Service (MSS)
- Managed Detect and Respond (MDR)
- Managed Endpoint Detect and Respond (EDR)
Telarus works with a full suite of vendors who can help with anything from Advanced Threat Detection to Threat Detection with MSS.
When it comes to Security Log Monitoring (SIEM), customers should not be trying to buy these products and deploying them themselves; they should be buying them as a service. The idea behind SIEM is to be able to detect when something bad happens and how quickly we can contain and respond to it. The limited security staff that customers have should spend their time on consuming the information out of these platforms instead of managing them.
What you’re buying as a customer when it comes to SOC (Security Operations Center) as a Service is the advanced people, processes, and technology. Many customers often buy good technology and forget to think about if they have the right process and people. It takes the right expertise to manage that infrastructure. This is what you get when you purchase SOC as a Service.
So, what goes into the “Respond” segment of the framework?
- Incident Response, Containment, and Eradication
- Active Remediation, MSS & Endpoint Response
- Active SOC Response
- Advanced Global Incident Response
- Active Endpoint Threat Response
We like to help customers be in front of an incident. We want them to know we have instant response retainer services and that we also like to help them be prepared for the eventualities that an incident will happen in their environment.
Lastly, when we talk about the “recover” segment of the framework, we want to discuss the following:
- Asset Reconstructing and Recovery
- Continuity Planning
It is important to have a conversation with your customer about how prepared they are for a ransomware attack. Below you can find a list of providers Telarus partners with that can help you when it comes to DRaaS and BUaaS.
To learn more, visit www.Telarus.com.