________Managed security services
Managed security services (MSS) is a systematic approach to managing an organization's security needs. The services may be conducted in house or outsourced to a service provider that oversees other companies' network and information system security. Functions of a managed security service include round-the-clock monitoring and management of intrusion detection systems and firewalls, overseeing patch management and upgrades, performing security assessments and security audits, and responding to emergencies. There are products available from a number of vendors to help organize and guide the procedures involved. This diverts the burden of performing the chores manually, which can be considerable, away from administrators.
Step 1: Preparation While it is impossible to prepare for every possible contingency, having a plan ahead of time should be your number one priority. This is a crucial step, and it requires the forethought of someone experienced in incident handling. Your MSSP should have identified and handled many incidents in the past, and you can draw on this experience to help formulate a plan for your company. They will likely have suggestions you would not have even considered. In addition, you should provide your MSSP with as much information as possible to help them understand your environment. Network diagrams and host profiles that describe the types of services running on critical hosts are especially beneficial. If your MSSP offers managed vulnerability scanning, you can allow them to periodically scan your infrastructure and use the information to build network and host profiles in addition to proactively identifying potential vulnerabilities. Step 2: Identification Your MSSP should be watching events on your network 24 hours a day in near real time. If they are an effective MSSP, they should quickly identify an incident. Without constant monitoring, it could be a considerable amount of time after an incident occurs that you are able to identify it. With each minute that passes, the potential for damage grows. You should make sure your MSSP has skilled analysts on staff at all times. A good indicator of skill are SANS certifications. Experienced network professionals consider many certifications "fluff". However, the GIAC Certified Intrusion Analyst (GCIA) certification requires a lengthy written practical assignment and two written tests that measure the capability of an individual to conduct effective intrusion analysis. It is one of the best certifications out there, and achievement of it is no small task. Notification of the incident in progress can occur in many ways including email, telephone, or pager. You should expect to be notified by telephone or pager when a high-threat incident is identified since time is of the essence. Mature MSSP's offer secure web-based portals that dramatically facilitate communications during the incident handling process. Features you should look for include:
Step 3: Containment At this point your MSSP has alerted you to a situation. You need to initiate procedures to bring the incident under control and allow it to spread no further. Once again, the experience of your MSSP should be called into play. You should expect your MSSP to be more than a glorified escalation service. The MSSP should be able to recommend procedures to contain the incident. Your MSSP may also be able to dispatch incident handling experts (probably for an additional fee) to assist with the incident handling process. Prior to this step, and before making any changes to any machines, you must decide what approach you are going to take in the incident handling process. Will you try to eliminate the problem and restore operations as soon as possible? Or do you want to prosecute the responsible parties? While prosecution is often the preference of many victims of a compromise, it forces a whole new level of handling to come into play. Steps must be taken to preserve evidence and chain-of-custody, otherwise you may find yourself in court without a leg to stand on. If you choose to go this route, ask your MSSP to help in suggesting proper procedures for maintaining the evidence for use in a court of law. Step 4: Eradication Although they may seem like similar steps, eradication differs from containment. In the containment phase, you are merely trying to prevent the problem from getting worse. In the eradication phase, you eliminate the threat from your network. Your MSSP should be able to point you to the proper resources (patches, scanning tools, AV updates, virus removal tools) before you even ask for them. It is the MSSP's job to stay current on the latest vulnerabilities and recommended remediation. Step 5: Recovery The recovery phase is where you restore your business to full working order as it was before the incident. This usually involves restoring from backups and testing the network to make sure no traces of the threat remain. The MSSP's role in this step will vary depending on the service they are providing for your organization. If the MSSP remotely manages any firewalls, IDS, AV, or content scanning systems for you, they should maintain configuration backups. Should any of these systems be impacted by the incident, the MSSP engineers will be able to work with you to quickly restore an impacted system under their management. If your MSSP offers managed vulnerability scanning in its suite of services, such a scan can help verify the recovered systems have been properly patched and locked down. Step 6: Lessons Learned This is a step that is often overlooked even when not working with a managed security services provider. There should always be a follow-up meeting to discuss the incident and make suggestions to improve the incident handling plan. It should not be a time for placing blame, but instead a time to focus on preventing future occurrences of the incident that just happened. It is crucial for your MSSP to be involved in this step. Not only can the MSSP offer unbiased suggestions from an outsider's perspective, they should incorporate feedback from the incident into their service delivery to offer a more effective service. If you keep your MSSP in the dark, they may be hindered in mitigating risk for a similar incident in the future. Source1:http://bt.counterpane.com/managed-security-solutions.html Source2:http://searchmidmarketsecurity.techtarget.com/definition/managed-security-services |
- Home
- AUDIT
- Compliance
- SERVICES
- PRODUCTS
- Industry Focus
- Aviation & Airlines
- Telecom & ISP
- Education Sector
- BFSI/Banking/Insurance
- IT / ITES / BPO
- E-Commerce
- Government & Defense
- Health Care & Life Sciences
- Infrastructure
- Manufacturing & Engineering
- Media
- Retail & FMCG
- Security Articles>
- NETWORK SECURITY MANAGEMENT
- Information security companies
- WEB APPLICATION SECURITY>
- Wireless Pen Testing
- Web Authentication Server
- Web Application Testing
- Web App Vulnerability
- Web Application Monitoring
- Application Server Monitoring
- Application Vulnerabilities
- website security audit
- Application Security Assessment
- Application Penetration Testing
- Juniper firewall india
- Managed security services
- Security consultancy service
- Wireless Pen Testing
- NETWORK SECURITY>
- TCP IP Stack
- E-mail Password Encryption
- Block Port Problem
- Secured E-mail Server Hosting
- Infosec Phishing Protection
- Information Security Policy
- IT Security Management
- Intrusion Prevention System
- Intruder Detection System
- Internet Security Firewalls
- Identity Access Management
- Security Event Log
- Cyberoam Firewall
- Network Security Software
- Antivirus Firewall Software
- Symantec Antivirus Corporate
- Sonicwall firewall
- Online antivirus
- Best antivirus 2012
- Hardware Firewall
- Internet software security suites
- TCP IP Stack
- Industry>
- CONSULTING AND AUDIT>
- Data security>
- Appliance>
- NETWORK SECURITY MANAGEMENT
- Aviation & Airlines
- SECURITY GROUP
