Your message has been sent

You can find the message in your personal profile at "My messages".

An error occured

Please try again.

Make an appointment with

So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.

Create an onsite appointment with

So that you can make an onsite appointment, the appointment request will open in a new tab.

Make onsite appointment

Header of DCSO Deutsche Cyber-Sicherheitsorganisation GmbH

Forums it-sa Expo Knowledge Forum B

Rangers, Watchmen, Warriors: Why Managed Cyber Defense synergies matter

How Managed Security Service Providers should master Threat Intelligence, Managed SOC and Cyber Incident Response end-to-end.

Buy trade fair ticket

You can register for this action soon.

You can register for the digital action soon.

Please come back at the scheduled date and time.

The action is currently live. Please scroll down to watch.

This action is only available onsite: Forums it-sa Expo

Add action to bookmarks and download as iCal

Join now

Note: If you continue, the contact data you provided during registration may be transmitted to the respective provider in accordance with our General Terms and Conditions.

Please log in or register in advance so that you can take part in actions or watch the action videos!

This action has already taken place. This action will soon be available as a video.

This action has already taken place. Please scroll down to watch the video.

This action has already taken place. Please login or register to watch the video.

This action has already taken place. It's not available any more.

You are in!

Your ticket / access to the action was sent to you by email.

There is a problem with the action at the moment. Please come back later or contact support.

calendar_today Wed, 23.10.2024, 13:45 - 14:00

event_available On site

place Forum, Booth 6-235

Action description

south_east

Speaker

south_east

Themes

Endpoint Protection Managed Security Services / Hosting Network Security / Patch Management SIEM / Threat Analytics / SOC Trend topic

Key Facts

Threat Intel, SOC & Incident Response: Synergies matter most
MSSPs strengthen Industry and Public Sector defenses
Engineering Security. Together.

Organizer

DCSO Deutsche Cyber- Sicherheitsorganisation GmbH

Event

This action is part of the event Forums it-sa Expo

Action description

From its beginnings purely at the perimeter and without significant managed support, cyber defense has evolved substantially over the decades. As a result, a greater number of attack vectors on increasingly deeply networked (business) processes can now be countered much more effectively. This also increases the chances of fighting back against constantly growing threats and increasingly better orchestrated attackers. The key to success for the defenders lies in leveraging synergies that result from the interaction of security operations in three concentric circles with decreasing "distance" from the target. The better a medium-sized company, a global corporation, an urban authority or even a government agency can be supported by a Managed Security Service Provider (MSSP), the lower the probability of a successful, deep attack on processes and assets.

Ideally, RANGERS scouting the terrain first provide detailed insights into the threat actors as well as their cyber capabilities and tactics. Meanwhile, the "close" internal perpetrators must by no means be overlooked. Insights and knowledge of these RANGERS form the basis for curated Threat Intelligence (TI). Preferably, many national and international TI sources should be fused across a wide range of industries and authorities. The deeper and broader this foundation - and the better it is interlinked with the rest of the security service portfolio - the higher the probability of detecting threats at an early stage.

The second line of defense covers the entire infrastructure, endpoints, applications and processes protected by a managed security service provider for a company or public organization. WATCHMEN rely on a wide range of deployed sensors, endpoint protection solutions and data stream analyses to gain a comprehensive picture of the customer's situation. These SOC analysts evaluate and triage the particularly suspicious activities that are automatically filtered out of a series of threat indicators and anomalies. Only this constant evaluation, coupled with the in-depth knowledge of expected communication and events within the customer infrastructure, guarantees that the SOC analysts are focused and only react to real threats.

In the event of a state actor with massive resources or a capable internal perpetrator managing to break through the first and second line of defense, a managed security service provider should still have resources at its disposal. Figuratively speaking, these would be the WARRIORS who are deployed to repel the threat that has materialized. In cyber incident response, every second counts to prevent the attacker from spreading further and to isolate them within the customer infrastructure as quickly as possible. To this end, highly specialized and trained experts must be available 24/7/365 for virtual and physical deployment on site (e.g. in customer data centers). These specialists will be most effective if they can act in concert with SOC analysts’ knowledge (about the customer environment) and Threat Intel (insights into possible attacks through curated intelligence). From hundreds of deployments across different industries, the incident responders form a valuable insurance policy to minimize damage for customers and return to normal operations as rapidly as possible.

A holistic and fully interlinked approach to Threat Intelligence, SOC analyses and Incident Response thus enables unique security synergies to be leveraged for customers:

ENGINEERING SECURITY. TOGETHER. ... read more

Language: English

Questions and Answers: No