MSSP Security Orchestration Shopping List - PowerPoint PPT Presentation

About This Presentation
Title:

MSSP Security Orchestration Shopping List

Description:

From SIEMs and web application firewalls (WAF) to intrusion detection systems (IDS) and anti-malware solutions, MSSPs must be ready to manage them all. Below is a quick look at what you should be looking for when exploring security orchestration solutions if you, or someone you love, is part of an MSSP. Visit - – PowerPoint PPT presentation

Number of Views:252

less

Transcript and Presenter's Notes

Title: MSSP Security Orchestration Shopping List


1
MSSP Security Orchestration Shopping List
2
Introduction
  • To say that MSSPs have a security orchestration
    challenge is the understatement of the century.
    But not just any security orchestration platform
    can satisfy the multi-tenant requirements of
    MSSPs.
  • Managed security services providers (MSSPs) can
    teach a master class on todays threat landscape.

3
MSSPs and SOC
  • With dozens of client environments to monitor,
    MSSPs get a broad view of what it takes to
    detect, manage and respond to cyberthreats of all
    kinds. And dont get us started about all the
    false positives to be addressed day in and day
    out.
  • MSSPs are also in the unique position of needing
    to understand how to fully leverage the vast
    landscape of security tools. Whereas an
    enterprise security operations team (SOC) would
    need the capabilities to manage one SIEM, for
    example, an MSSP needs to be prepared to manage a
    variety of client-selected technologies.

4
SIEM WAF
  • From SIEMs and web application firewalls (WAF) to
    intrusion detection systems (IDS) and
    anti-malware solutions, MSSPs must be ready to
    manage them all.
  • Below is a quick look at what you should be
    looking for when exploring security orchestration
    solutions if you, or someone you love, is part of
    an MSSP.

5
Security Orchestration Table
  • Security orchestration should provide a
    centralized security operations platform as the
    nucleus of its security management. A single
    console provides MSSPs with a centralized,
    detailed view of multiple customers. Within the
    scope of security orchestration are core features
    and functionality that should be considered table
    stakes for any organization.

6
Triage and Case Management
  • Triage
  • Streamline alert management and the triage
    process by eliminating noise, grouping related
    alerts, and integrating multiple data sources to
    provide and enrich insight across grouped alerts.
  • Case Management
  • Manage the entire SOC through a complete view
    presented in a single pane of glass, which
    analysts can use as their primary workbench.

7
Playbook Library Case Visualization
  • Playbook Library
  • Accelerate time to value with an out-of-the-box
    playbook knowledge base that drives the full
    range of playbook requirements and provides a
    balance between automation and analyst
    interaction.
  • Case Visualization
  • Visual representation of each case provides an
    intuitive understanding of complex cases and
    threats in a fraction of the usual time required.

8
Reporting Case Reduction
  • Reporting
  • One-click reporting of activity and KPI
    measurements to customers. Automation of
    reporting and distribution process.
  • Case Reduction Clustering
  • Reduces caseload via graph contextualization,
    clustering of contextually relevant cases, and
    automated case prioritization.

9
Cyber Ontology
10
Reporting Case Reduction
  • Automation
  • Automate cumbersome manual processes with a
    machine-speed response. Typical processes ripe
    for security automation include data
    normalization, alert filtration and consolidation
    and case enrichment.
  • Playbook and Workflow Authoring
  • Playbook design capability to create and
    implement analyst-customized workflows (without
    scripting).

11
Additional MSSP Requirements
  • Be sure to look for solutions that go beyond core
    security orchestration functionality to include
    these capabilities, tailored to the needs of
    MSSPs
  • Adapt workflows for similar use-cases to specific
    customers
  • Integrate SLA expectations with KPI performance
    measurement and reporting
  • Provide customer visibility through automated
    reporting and distributed dashboards
  • Collaboration between MSSP security professionals
    and customer resources
  • Health monitoring across MSSP customer base

12
Multi Tenancy
  • Multi-tenancy (at the environmental level, and in
    terms of data, permissions, dashboard, reporting,
    and unique customer playbooks) is crucial for any
    MSSP who wishes to reap the full value of
    security orchestration across its customer base
    and to give teams the proverbial single pane of
    glass access and vision.

13
MSSP
Multi-Tenancy
14
Integration
  • Given the infinite possible configurations, a
    security orchestration solution must have the
    capability to integrate with any environment.
    Out-of-the-box integrations offer an important
    solution, as well as an architecture that
    supports easily expanded integrations with the
    endless data sets MSSPs will encounter. For
    example, multiple SIEMs and non-standard alert
    sources, including e-mails.

15
MSSP
Techstack
16
Lets Go Shopping
  • For a deeper look and a full security
    orchestration shopping list, download our MSSP
    buyers guide for security orchestration and
    automation.
Write a Comment
User Comments (0)
About PowerShow.com