zero trust security - with an immediate roi 08 mssp case study€¦ · mssp case study seceon’s...
TRANSCRIPT
Cyberbreachesaregrowinginbothfrequencyandseverity.Despitethevastamountsbeingspentontoday’sstateoftheartcybersecuritysolutions-databreachesarehappeningatanincreasingratewithover600detectedandreportedintheU.S.alonebyAugust2016,andgreaterseveritywithover20millionexposedrecords,a20%increaseoverrecord-breakingyears2014and2015,accordingtotheITRC.Mostorganizationsareunabletoproperlydealwithcyberthreatsbecause:theyaretooslowtoidentifythemandtooslowtostopthemfrominflictingdamageoncetheorganizationisbreached.Thechallengeismostcybersecuritysolutionsrequirehumanintervention–smarthumansthatarespecificallytrainedinhowtouseanarrayofcomplicatedtoolstoidentifyathreatandthenfigureouthowtostopit.Theproblem,asthe2016VerizonDataBreachReportexposes,isthat95%ofattacksexfiltrateand/orcorruptdatawithinafewhoursofabreach.Thisisnotenoughtimeforeventhesmartesthumanstoreact.Worseyet,analystsat451Researchestimatethatfewerthan4%ofenterprisesandgovernmentorganizationshavededicatedsecuritystaffinasecurityoperationscenter(SoC)tomonitoralltheseproductsforpossiblebreaches.SmallandmediumsizedorganizationsarethemostimpactedbythesesecuritythreatsandareincreasinglyaskingtheirManagedSecurityServiceProviders(MSSPs)andserviceproviderpartnerstohelpsupporttheirsecuritychallenges.NolongerareMSSPsdriventoadvocatefortheneedtoinvestinsecuritysoftwareandservices;recenthighprofilebreachesatYahoo,EddieBauer,Oracle’sMICROSsystem,AnthemandtheIRShavedoneallthatisnecessarytofuelthedemand.Themissionfortoday’sMSSPistoprovidesecurityofferingsthatcanloweracustomer’ssecurityriskatanacceptablepricepoint.1Infact,accordingtoarecentKaseyaLtd.
S o n i c w a l l . c o m S e c e o n . c o m
ZeroTrustSecurity-withanImmediateROIMSSPCaseStudySeceon’szerotrustmodel,combinedwiththeSonicWallnext-generationfirewall(NGFW)securityservicesprovidesapowerfulbreachdetectionandmitigationsolution.Thecombinedsolutionenablesabreakthroughinreducingoperationcost,whichallowsforextremelyprofitableMSSPserviceofferings.
08Fall
MSPGlobalPricingSurvey2,whichpolledownersandoperatorsfromnearly400MSSPs,overaquarterofallrespondentsidentified"heightenedsecurityrisk"asthenumberoneITproblemorserviceMSPsexpecttheirclientstofacein2016.
ThecombinationofSeceonOTMandSonicWallNGFW,breachescanbeshutdownastheyoccur,notweeksormonthsafterthedataisstolen.It'stheidealsolutiontobeusedbyMSSPswhoareonlyprofitableiftheycandealwiththreatsquicklyanddistributetheirstaffcostsacross10sto100sofcustomers.Considerthefollowingexample
• Agivencustomer’smanagedfirewallgeneratesevents,forNorth-Southtraffic,butdemandsdeeperhumananalysisforcomprehensivethreatdetectionandanalysis
• EventsforEast-Westtrafficareusuallyunderstoodbylookingattheserverlogsandnetworkflows,whichalsodemanddeeperhumananalysisandmanytimesrequirealotmoretimeevenwithagoodautomation
• Thevolumeofeventscanstackuptomorethanevenadedicated,trainedstaffcanhandle,whichnoMSSPcanmanageorafford.
• Oursurveyindicatesatleast3relevantthreatsoccurdailyinaF5000mid-sizecompany.Eachincidenttroubleshootingrequiresweedingthroughthefirewallandserverlogsandmanytimesevenlookingintonetworktrafficorpacketstodeterminetheexactanalysisofthreat.
Flows/LogsTroubleshooting ActivityTypeFlow/LogInstances AnalystsComments
Next-generationfirewall(NGFW)(SonicWall)generatesevents/logsaroundaninstanceofaninfecteddeviceattemptingtoconnecttoabadwebsite.
North-SouthActivity
444 NGFWisresettingconnectionsfromthedeviceovertime.Watchthisdeviceforothernon-criticalflaggedmessages
DeviceisalsoperformingIPSweeps East-WestActivity
135 Fewseparateinstancesacrosstheinternalnetwork
DeviceisalsoperformingIPPortscans
East-WestActivity
92 Fewseparateinstancesacrosstheinternalnetwork
Deviceneedstobeidentified InternalActivity
1 Whatdeviceisit?Whoorwhatgroupitbelongsto?
TotalActivity 672 instancestoinvestigate
• CostsofJuniorandSeniorSOCAnalystsareapproximatelyasfollows:Jr.SOCAnalyst
Sr.SOCAnalyst Costs
$75,000 $250,000.00SOCAnalystBurdenedrateperyear
$1,442.31 $4,807.69 costperweek$36.06 $120.19 cost/hour$0.60 $2.00 cost/minute
Thecostoftroubleshootingjustoneincidentbyajunioranalystis$600overthecourseof2-3days,thereportofwhichmustthenbereviewedandanalyzedbyamoresenioranalystoverthecourseofanother1-2days.Overtime,thecostintimeandresourcesisapproximately$1800/day,addingupto$450K/year!
Minutesperinstanceinvestigation 1.5Totalminutesofeffortperincident 1006.5Cost/minuteor$/minute $0.60Totalcosttocorrelateoneincident $603.90Typicalincidentsperbusinessdayinvestigatedatamid-sizedF5000(AsperPonemon/VerizonReports) 3Totalcostperbusinessday $1,811.70Totalcostperyear $452,925.00
Automatingthisprocesswouldsavemostofthiscostandmostimportantly,thevariablecostofdatabreaches.Costofdatabreachesmostlydependsontheindustryandthevalueorcriticalityoftheinformationbeingbreached;forexample,forhealthcareindustrytheapproximatecostoflosingonepatient’sPHIrecordis$355.Soafirmthatdealswith100,000patientsinthisindustryisatriskof$35Mifadatabreachhappensstealingallofthesepatients’records.
Seceon+SonicWallZeroTrustapproachisacomprehensivereal-timepreventionmethod,aswellasdetectionandresponseforbothNorth-SouthandEast-Westtraffic.UsingSonicWallnextgenerationfirewallsweofferperimeter-baseddefensesformonitoringNorth-Southtrafficandblockingunauthorizedaccess.Simultaneously,usingSeceon’sOTMforthreatdetectionandelimination,Seceonisabletomonitor,detectandtakeactionforEast-Westtrafficthatwouldnormallygoundetectedintraditionalsecuritydesigns.SeceonintegrateseasilywithSonicWallNGFWandanysourceofEast-Westtraffic,includingrouters,switches,servers,POS.directoriesandapplicationstoprovideasingle,comprehensiveviewofallfacetsofacustomer’senvironment,includingprioritizedthreatalertsandspecificactionstocontainthethreat.Thissolutionnotonlydetectsthreatsinminutesitprovidescompleteanalysisanditautomatesremediationstepstoaclickofabutton.Theaveragetimespentperthreatcanbeafew
minutespercustomerperincidenttodetectandstoptheproblem.UsingourExample:3threatspercustomerperday–Timespent:5minutesperthreat=yieldsacostof$8perdayThisallowsanMSSPtoofferasuperiorserviceandchargeapremiumwhilekeepingcoststooperatedowntoafewdollarspercustomerperday.ReferenceArchitectureConsiderthefollowingreferencearchitectureonhowmostManagedSecurityServiceProviders(MSSPs)candeploythecombinedsolutionofSonicWallNGFWandOTM.
VisibilityThefirststepinautomatingincidentanalysisandresponseistoprovidevisibilityintoalltrafficandthencorrelateanyabnormalitieswithanomaliesinbehavior.Seceon,theonlythreatdetectionandManagementCompanytovisualize,detect,andeliminatecyberthreatsinreal-time,offersitsOpenThreatManagement(OTM)platformforautomatedthreatdetectionandelimination.SeceonOTMcorrelatesalloftheseeventsfromSonicWall
MSSPReferenceArchitecturewithSonicWallandSeceonOTM
NGFW,networkflowsandserverlogstogether,usingdynamicthreatmodelsthatleveragemachinelearningtoderivethreatsthatarepostedinpriorityorder,and/orsentbyemailnotification.Moreover,byleveragingmachinelearning,policiesandthreatmodelsupdateautomatically,continuously“learning”andrequiringnointerventionforupdates.Thesesamelearningscanbeappliedacrossmultiplecustomerenvironments,ensuringthecommunicationofvaluablethreatinformationtoalloftheMSSP’scustomers.
OTMenablesMSSPtomaintainacomprehensiveviewofallcustomersthroughasinglepaneofglass--seeingeachcustomer’sthreatstatusinonescreenwhileallowingprotectedportalaccesstoeachindividualcustomerenvironment.Real-timedetectionWhenitcomestoeffectivebreachdetectionandresponse,wealsoknowtimeisoftheessence.Recentindustrydatashowsthatcredentialsarecompromisedinminutesandmostofanorganization’scriticaldataorintellectualpropertyislostwithinthefirsthour.Specifically,accordingtoVerizon’s2016DataBreachInvestigationReport3,81.9percentoforganizationssurveyedreportedthatacompromisetookonlyminutestoinfiltratecompanysystemswith67.8percentofrespondentsshowingthatassociateddatawas“breached”withindaysoftheinitialcompromise.Therefore,anythreatdetectionsolutionthatcannotdetectandremediatethreatsinnearreal-timeisnotmuchuse.ValuableassetscouldalreadybestolenandsoldontheDarkWebbeforeanorganizationknowstheyareevenmissing!Thecostoflosingtheseassetscanmeanmorethanlossofdata.ThePoneman2016report4
concludesthatonanaverageeachdatabreachcosts$4Mforthe383organizationsthatparticipatedin2016databreachcoststudy.Thecostsareexactedintermsoffinancialloss,reputationalimpact,exposureofpersonalinformationandpotentialcustomerreimbursement.AveragedatabreachcostpercapitaishighestisUSA($221)andGermany($213).Thisisacrossalloftheindustries,butcertainindustrieslikehealthcareandfinancialshavemuchhighercostperdatabreachpercapita.Real-timethreatdetectionandeliminationcanbethedifferenceinstemmingsignificantlossesinspiteoftheinevitablebreach.
Seceon Servers
Seceon Corp. Ne...
Public
Seceon IndiaSeceon D
MZ
Web Services
Unknow
nD
ata Center Ser... Em
ail ServersSeceon VPN
-PPTPAm
it
Sece
on Lab
Seceon DM
ZD
ata Center Ser...
SeceonOTMandSonicWallNGFWsolutionsprovidetheabilitytostopthreatsinreal-timeiby:
• ThreatsdetectedbytheSonicWallNGFWareforwardtotheSeceonOTMforanalysisandwithcombinedenricheddatafromothersources,SeceonOTMcreatesFWpolicies
• PushingpoliciestotheSonicWallNGFWtoblockcommunicationfromaddressesoutsidethenetwork,suchasthoseinvolvedwithDDoS,Bruteforce,APTsandMalwareCNCs.
• Pushingthepoliciestoisolateanysystems(endpointsorservers)thatinsidershaveusedtocapturehighvaluedata,sothattheycannotexfiltrateitoutoverthenetwork.Aswellaspreventingmalwareinfectedfromdoingharmtootherdevices
• Disablingofcredentialsincaseofcompromisedcredentials(databreach),orinsiderswhoareattemptingtoaccessofflimitssystems.
• Preventinglateralpropagationofthreats,suchasransomware,botnets,etc.• Helpingorganizationsseeandstopthreatsastheybecomeactiveinminutes,notin
weeks,whichistoday’snorm
Multi-TenancySupporttoempowerMSSPpartnerswithaSOC-in-a-boxsolution.Poweredbyadvanceddatacollectionandanalysis,machinelearningandpatent-pendingpredictiveandbehavioralanalytics,Seceon’sOTMprovidescustomerswithaproverbial“SOC-in-a-Box™,”automatinghumanandtimeintensiveanalysisanddecision-makingandsignificantlyspeedingthetimetodetectionandremediation.Anticipatingattackers’behaviorchoices,thesolutionenablesMSSPstoseeandstopthethreatsastheyhappen,preventingrisk,damageorlossofvaluableinformation.Immediatelyupondeployment,Seceon’ssolutionbeginstosurfaceaconciselistofthreatsinplainlanguage.Itusesbehavioralanalyticsgeneratedbyanextensivesetofdynamicthreatmodels,aidedbymachinelearningtechniquestodetectbothknownandunknownzero-dayattacks.Seceon’sOTMispurpose-builttobeoperationallyefficientandinstallationfriendly,allowingeasy-to-scaleandeffectivedeploymentwithminimaltraining.Seceon’sOTMprovidesMSSPswithasinglescreenforviewingmultipletenantswitheachtenantorcustomeronlyabletoseeitsownassets.WithOTMdeployedinamulti-tenancyenvironment,allcustomerscanbenefitfromtheplatform’smachinelearningcapabilities.Anynewthreatsarecaptured,reportedandfedbackintothesystem’sthreatmodels,ensuringthecontinuoussharingofthreatintelligenceacrossallcustomers.
o SingleviewforMSSPformultipletenantswitheachcustomerseeingonlyitsownassets.o Easytoapplylearnedsecuritylessonsfromonecustomertoanother
ImmediateROITodayThreatsaretypicallyfoundusingSIEMsolutions.Typically,mostsecuritysolutionslikeSIEMplatformscangeneratemanyalertsthatcanbeoverwhelmingforteamofsecurityanalyststoprocess.SeceonOTMnotonlyprocessesthemthroughtheirfeed,butalsocorrelatesthemwithotherfeedsandsurfacestherealhandfulofalertsthatneedattention.Theresultsofcombiningfeedstoaneventsavesthesecurityanalystfromcombingthroughhundredsofalertsfromdifferentsystemsandhandcorrelatingthosethatcanbefoundtoberelated.Thesecurityanalystonlyneedstoreviewmajororcriticalalertstodecideuponthecourseofaction–and/orfollowthesystemsrecommendedremediationstepsimprovingtheiroperationalefficiencyandloweringoperationalcosts.OTMhelpsMSSPsbyimprovingtheefficiencyofseniorsecurityanalysts,whoareveryhardtofindandwhosetimeisacostlyMSSPresourcethatneedstobespentwiselyoncybersecurityissuesthatreallymatterratherthanonmanymanualtasksthatcanbetakencareofbyautomation.AlsotheSIEMplatformstypicallyrequireahigherinitialinvestmentsincemostSIEMsrequireaperpetuallicensewithhigherupfrontcost.MostSIEMScan’tbesharedacrossmultiplecustomerswithoutcominglingtheirinformation.ThereforeSIEMsolutionsdonotlendthemselvestoallowingasingleoperatortoeasilymonitortensto100sofcustomersfromasinglescreen.SeceonOTMispricedonanumberofprotecteddevicesSAASmodelallowinga‘Payasyougo’modelidealforMSSPslookingtoofferamonthlyservicetoend-customerorganizationsofanysize.Astheexampleaboveshows-itimmediatelyprovidescostsavingsthroughoperationalefficiencyvs.SIEMsotherthreatdetectiontoolsonthemarket.Thejoint
Seceon-SonicWallNGFWsolutionhelpsMSSPstoeasilyscalethesecurityserviceswithlowinitialinvestmentthatcanbeincreasedincrementallywithgrowthintheircustomerbase.Seceon’szerotrustmodel,combinedwiththeefficacyofSonicWallNGFWsecurityservices,breachdetectionandmitigationiscontrolledinaswift,costeffectivemanner.Theendresultisasafernetworkforyourcompanyassets,personnel,andfinancialsuccess.AboutSeceon:SeceonanditsOTMAdvancedThreatDetectionandRemediationPlatformistheindustry’smosthighlyawardedplatformduring2016.Itsnovelapproachatfocusingondetectingandstoppingthreatsautomaticallybeforedataiscompromisedhasredefinedtheworkoftoday’sanalysts-freeingthemfromthedifficultworkofdetectingthreatsanddecidinghowtostopthemandallowingthemtofocusonhowpreventthemfromhappeninginthefirstplace.TheOTMsolutionwithitrecentlyaddedMSSPmultitenantcapabilitieshasfinallymadeitoperationallyprofitableforMSSPstomovebeyondonlyofferingmanagedfirewallservicesandoffercustomersofanysizeanabilitytoaddadvancedthreatdetectionandremediationservice–solvingtoday’smostvexingproblemhowtomakethreatanalysisandremediationataskthattakesminutestoperformwhenanincidentarisesbyminimallytrainedstaff.AboutSonicWall:Over25years,SonicWallhasbeentheindustry’strustedsecuritypartner,protectingmillionsofnetworksworldwide.Fromnetworksecuritytoaccesssecuritytoemailsecurity,wehavecontinuouslyevolvedourproductportfoliotofitinquicklyandseamlessly,enablingorganizationstoinnovate,accelerateandgrow.Ourcustomersknowittakesstrongsecuritytosayyes.Wearethetrustedpartnerthatallowsthemtosayyestothefuturewithoutfear.SonicWallsecuritysolutionsarethepreferredchoicefordistributedenterprise,government,education,retail,healthcareandfinancialdeployments.SonicWallproductshavebeenhailedbyindustrypublicationssuchasNetworkWorld,InfoWorld,PCMagazineandSCMagazineforeasy-to-use,high-efficacyandhigh-performanceappliancesandservices.In2016,SonicWallearnedthehighestratingof“Recommended”inthelatestversionoftheNSSLabsNext-GenerationFirewallSecurityValueMapforthefourthyearinarow,andwasratedasoneofthetopproductsforsecurityeffectiveness.SonicWall.Yourpartnerincybersecurity.
References:1.Techspective,CyberSecurityThreatDetection-TheCaseforAutomation,September2016http://techspective.net/2016/09/21/cyber-security-threat-detection-case-automation/2.KaseyaLtd.MSPGlobalPricingSurveyhttps://www.channele2e.com/2017/01/09/msp-global-pricing-survey-kaseya-2017-findings/3.Verizon’s2016DataBreachInvestigationReporthttp://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/4.ThePoneman2016CostofCyberCrimereporthttp://www.ponemon.org/library/2016-cost-of-cyber-crime-study-the-risk-of-business-innovationiThestatementscontainedinthiscasestudyregardingtheperformanceofSeceonproductsandservicesandSonicWallproductsandservicesareattributableonlytoeachcompany,respectively,andshouldnotbedeemedtobethestatementsorrepresentationsoftheothercompany.