Who are you going to believe, me or your own eyes? The dilemma of managed security

Florence Broderick    18 September, 2015
Organizations are facing a context of increasingly complex IT threats jeopardizing the everyday development of production processes. We are referring to persistent advanced attacks, zero-day threats, industrial espionage, hacktivism, etc. and at the same time the need to play by the rules (legislation and regulations) in security matters.

The challenge for organizations is to balance the tough demands of production processes and the management of the increasing complexity of threats with the intelligence and scaling required in each case. This makes necessary, not only the deployment of tools to deal with these threats, but also to have security experts or to outsource this service to specialized third parties that have trained staff and the appropriate tools to manage their security. The problem in this case is that organizations lose visibility and control over their own security.

At ElevenPaths, we believe that it is possible to go one step further in this never-ending cat-and-mouse game. The outsourced “traditional” security management is based on the operation of security tools such as firewalls, antivirus software, intrusion detectors, etc., and a SIEM (Security Information and Event Management) as a tool for collecting and correlating events generated by these security tools. The SIEM detects and alerts the operator when a security incident takes place, but the organization loses visibility of its own security and immediacy to respond.

The new approach to outsourced security management should enable the organization to have an immediate knowledge of the incident and a unified view of its security, allowing also an immediate and accurate response to the threats and the minimization of their impact on the business. This solution should also integrate both the information from all the tools used in the organization itself and external information. The organization should also benefit from a comprehensive and collective knowledge that enables it to anticipate incidents that are already happening or have happened to others.

The first step is to improve the incident detection by SIEMs. SandaS processes information received by SIEMs with a set of proprietary algorithms that detect activities that may go unnoticed for SIEMs.

The state-of-the-art dashboard enables the organization to access real-time data on its security and monitor the status of its security by the minute and how it is being managed.

Detecting an incident is not enough, a standardized classification and criticality assignment is necessary. The criticality level can be customized through SandaS according to the organization’s specific context and the affected elements. Moreover, it automatically notifies the relevant actors in that context for a more agile and efficient processing and resolution. It can even automatically execute resolution or remediation actions, thus optimizing resources.

SandaS is supported by multiple components of the ElevenPaths security platform, such as the Big Data processing framework Sinfonier, which enables the integration of internal and external sources, such as external events detected by other cybersecurity services. This allows for potential incidents to be detected faster and as closely as possible to the organization context, as well as the prevention or reduction of their impact.

Moreover, the most innovative feature of SandaS is its collaborative approach. With its global scale and the large volume of data that it handles from a variety of sources, it gets a comprehensive knowledge of suspicious evidence across its network. Thanks to this intelligence, it infers potential threats, immediately detects incidents that are already taking place and, above all, prevents them from happening in those organizations where they have not yet materialized.

To complete this view of security management, it would be required to link it to the business. It is necessary to assess the risk that threats and vulnerabilities pose for the business, as well as being able to manage the compliance with the many regulations, standards and policies. This enables us to make better decisions on the management of incidents and the definition of processes, procedures and policies for preventing and managing incidents.

This is why we have recently expanded our solution with GRC (Governance, Risk and Compliance) capabilities through the acquisition of the GesConsultor platform, which integrates into our family of products as SandaS GRC.

To find out more about the tool, check out the following video:

In upcoming posts we will get into more details on the functionality offered by the various components of SandaS and SandaS GRC which are offered through Telefonica’s Managed Security Services.

Leave a Reply

Your email address will not be published. Required fields are marked *