Next-gen managed security system providers doing more than filling the gaps

THE MAIN PROBLEM security professionals experience is that there just aren’t enough of them. Even the largest enterprise cybersecurity team comprises of a finite number of people and resources. But the threats ranged against organizations are far more wide-ranging and abundant than the scope of even the best-equipped IT department.

Threat instigators range from youngsters experimenting with scripts they stumble across online, through to (allegedly) government-funded outfits spreading either political disquiet or stealing state secrets. In between those extremes exist the massed ranks of “mere” common criminals, who look to exfiltrate commercial data for financial gain.

Even the simplest of identity thefts can have serious financial implications. Cybercriminals need not concentrate their attacks on financial institutions in particular; there is a multitude of ways that theft can be achieved.

The multitude of new threats which occur is the natural outcome of many, many thousands of hackers all working independently or in loose groupings, to find new ways around what was, until a second early, cutting-edge cybersecurity measures.

This is the reality for today’s beleaguered CISOs, CIOs, and CTOs.

The dangers and pressures faced right across the white hat, cybersecurity community are different, depending on which tier of responsibility each has. At managerial level and above, there’s often a legislative requirement for named individuals to be solely responsible for data governance. That same person is usually the one who has to justify IT budgets and explain why a potentially disastrous breach has occurred, despite significant investment in CAPEX and OPEX.

In worst case scenarios, exfiltration of data, or its corruption or deletion causes business losses; a quite literal impact on the bottom line.

Additionally, in today’s social media world and instant news environment, public relations also can take a nosedive which does more than merely damage reputations. Once a name lodges into public consciousness as a place where, as one example, individuals’ data was leaked, that organization may never recover its footing.

Mindful of this potential, many governments and transnational organizations are putting legislation in place which dictates the way data needs to be stored, managed and disseminated. Proscribing in this way may have come late in the day (in some cases), but its arrival is not so much timely, but rather a reiteration of what security professionals have known for years; namely, that data is the new currency of business (and government), and therefore it has value. And things of value attract predators.

In some ways, IT departments have suffered at the hands of their own success. In the same way that the individuals who pay salarymen each month are often only noticed when staff don’t get their wage, IT is usually only on the radar when it fails. Rare is the email to IT staff which says, in effect, “well done, nothing bad happened this month.”

Yet despite the well-publicized data breaches and the ones which damage enterprise every day and are rarely, if ever, disclosed, budgets on cybersecurity teams are squeezed, as they are right across IT departments. Within the broader IT function, cybersecurity wings have to carve out their place in shrinking budgets.

Abstraction of hardware and using XaaS both have the effect of moving budget sheet entries from the capital to operations columns – neither really offers much saving, although both help to speed up some areas of attack mitigation.

Enterprise’s most significant cost is often staff. If internal teams are deployed in fighting attacks and shoring up defenses on a daily basis, the first expenditure which goes to the wall is frequently training and much-needed research & education time allocations. Due to the ever-shifting nature of threats, staff need to be au fait with the latest cyber attack techniques – how else will organizations be able to counter AI-driven attacks, in the following few months?

Staff are overstretched and usually overworked, subsumed into their vital day-to-day operations. This brings certain value to the department and the broader business, without doubt, but by committing staff in this way, there is no room for so-called “blue sky thinking” in a cybersecurity sense. Learning about new scripting techniques, new payload distribution methods and changing attack vectors may be dismissed as “reading up on industry gossip.” But to a cybersecurity specialist, such activities are both vital, and sadly, often not possible.

With this not entirely rosy portrait now at least partially painted here, many enterprises and businesses are looking to third-party suppliers of security know-how and expertise. In some cases, some are just looking to plug gaps – either literally in staff shift patterns or in knowledge. Others are looking for a supplier whose offering is overarching, combining many of the services which exist as a piecemeal of internal provision and several external providers.

When looking for a security expert, organizations should be seeking companies which can:

– Cope with the complexity of the latest threats, as they emerge.

– Have facilities to predict where new methods and vectors will arise, using a combination of experience, skill, intuition and technological tools.

– Understand management’s mindset, appreciating the pressures faced by supervisors, managers, and C-level executives right across IT, but especially in system security.

– Appreciate budgetary issues, and either be able to re-allocate existing resources more efficiently or show their clients new ways of working which wring the best value out of what’s available.

– Be able to provide staff, either as seconded workers, or high-level consultants, or expertise on a specific requirement, and everything else in between.

At Tech Wire Asia, we’ve found three cybersecurity firms which we hope will be a good fit for your business and your department.

TRUSTWAVE

Known for its over 20 years in security and compliance, this company runs ten federated advanced security operation centres (ASOCs) across the world, across differing time zones, allowing it to see new threats as they appear, protecting their customers before the cybersecurity “grapevine” begins its dissemination of the latest news.

Leveraging Trustwave SpiderLabs, its elite security team, it brings together techniques employed behind breaches gleaned from incident response investigations, reverse engineering malware, conducting penetration tests and being active open-source security community members to create industry leading SpiderLabs Threat Intelligence. Staff are pulled from a variety of professions including law enforcement, military or government security experts, and can often be found as expert witnesses or public speaking.

Trustwave services are driven by client need: initially by considering the client’s risk management policies and existing provision, it delivers flexible cybersecurity solutions to match a client’s security maturity requirements – filling holes and bolstering the client’s existing cyber investment where needed, supplying expertise and/or solutions to fortify the environment and enable the 24 x 7 notification and isolation of attempted breaches.

The company’s offerings can allow it to be a single point of service for its clients, obviating the need to manage multiple technologies, isolated facility or service management companies.

SC Media awarded the company Best Managed Security Service at the SC Awards 2017, and the company was named as a leader in the 2018 Gartner Magic Quadrant for Managed Security Services, Worldwide.

To learn more about Trustwave, read the full profile here.

A10 NETWORKS

The US-based company’s main product is a container-based controller called the A10 Harmony Controller, although its product range also includes a selection of hardware and virtual appliances, offering protection mechanisms including application firewalls, general threat protection, and inspection of SSL traffic in real-time.

A10’s products are particularly suited to distributed application deployments, abstracting broad ranging hybrid cloud setups so they can be controlled seamlessly from a single point.

The A10 Harmony Controller presents a single dashboard for both management and ongoing analytics, largely independent of the infrastructure covered by the company’s provision.

A10 solution can be deployed either in organizations’ own data centers, across different cloud deployments, or even as SaaS.

The Lightning and Thunder product ranges allow analysis of traffic to specific applications, as well as broader cybersecurity measures, pre-empting the majority of today’s attacks.

The solutions can be load balanced via HAProxy, meaning quick availability and responsiveness on demand. The SaaS model means the underlying code base can be updated by A10 on a daily basis, rather than when internal staffing levels allow.

In addition to an impressive firewall provision, the company offers an FPGA-based DDoS protection system, and high-speed logging technologies to empower forensic teams.

CENTURYLINK

Another US-based company, CenturyLink has five security operations centers (SOCs) spanning three continents, including a presence in South & North America, London, and Singapore; the latter two cities also host CenturyLink offices.

The company additionally runs two dedicated SOCs to fulfill public contracts it has with the US and British governments. As well as managed security services (SCC), the company also offers cloud and telecommunications. Security services are therefore available as standalone products or as part of an overall package.

Building on its acquisition of Cognilytics, the company uses data analytics of trends and from existing clients to build incisive snapshots into current threat situations. Incident response services are available as standalone possibilities, as well as a range of payment plans, including a per-gigabyte structure for companies wishing to partition or assign particular service traffic to a third party.

CenturyLink can supply staff on the ground from a broad internal skillset including experts in firewalls, unified threat management systems, network and host intrusion prevention systems, WAF, VPN, email and web security, vulnerability scanning, and general threat intelligence provision.

The company’s broad experience is also leveraged into systems design and general IT consultancy services, which have high propensities for cybersecurity baked into outcomes.