Send message to

Do you want to send the message without a subject?
Please note that your message can be maximum 1000 characters long
Special characters '<', '>' are not allowed in subject and message
reCaptcha is invalid.
reCaptcha failed because of a problem with the server.

Your message has been sent

You can find the message in your personal profile at "My messages".

An error occured

Please try again.

Make an appointment with

So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.

Create an onsite appointment with

So that you can make an onsite appointment, the appointment request will open in a new tab.

Header of DCSO Deutsche Cyber-Sicherheitsorganisation GmbH
Forums it-sa Expo Knowledge Forum B

Rangers, Watchmen, Warriors: Why Managed Cyber Defense synergies matter

How Managed Security Service Providers should master Threat Intelligence, Managed SOC and Cyber Incident Response end-to-end.

calendar_today Wed, 23.10.2024, 13:45 - 14:00

event_available On site

place Forum, Booth 6-235

Action Video

south_east

Action description

south_east

Speaker

south_east

Themes

Endpoint Protection Managed Security Services / Hosting Network Security / Patch Management SIEM / Threat Analytics / SOC Trend topic

Key Facts

  • Threat Intel, SOC & Incident Response: Synergies matter most
  • MSSPs strengthen Industry and Public Sector defenses
  • Engineering Security. Together.

Event

This action is part of the event Forums it-sa Expo

Action Video

grafischer Background
close

This video is available to the it-sa 365 community. 
Please register or log in with your login data.

Action description

From its beginnings purely at the perimeter and without significant managed support, cyber defense has evolved substantially over the decades. As a result, a greater number of attack vectors on increasingly deeply networked (business) processes can now be countered much more effectively. This also increases the chances of fighting back against constantly growing threats and increasingly better orchestrated attackers. The key to success for the defenders lies in leveraging synergies that result from the interaction of security operations in three concentric circles with decreasing "distance" from the target. The better a medium-sized company, a global corporation, an urban authority or even a government agency can be supported by a Managed Security Service Provider (MSSP), the lower the probability of a successful, deep attack on processes and assets.

Ideally, RANGERS scouting the terrain first provide detailed insights into the threat actors as well as their cyber capabilities and tactics. Meanwhile, the "close" internal perpetrators must by no means be overlooked. Insights and knowledge of these RANGERS form the basis for curated Threat Intelligence (TI). Preferably, many national and international TI sources should be fused across a wide range of industries and authorities. The deeper and broader this foundation - and the better it is interlinked with the rest of the security service portfolio - the higher the probability of detecting threats at an early stage.

The second line of defense covers the entire infrastructure, endpoints, applications and processes protected by a managed security service provider for a company or public organization. WATCHMEN rely on a wide range of deployed sensors, endpoint protection solutions and data stream analyses to gain a comprehensive picture of the customer's situation. These SOC analysts evaluate and triage the particularly suspicious activities that are automatically filtered out of a series of threat indicators and anomalies. Only this constant evaluation, coupled with the in-depth knowledge of expected communication and events within the customer infrastructure, guarantees that the SOC analysts are focused and only react to real threats.

In the event of a state actor with massive resources or a capable internal perpetrator managing to break through the first and second line of defense, a managed security service provider should still have resources at its disposal. Figuratively speaking, these would be the WARRIORS who are deployed to repel the threat that has materialized. In cyber incident response, every second counts to prevent the attacker from spreading further and to isolate them within the customer infrastructure as quickly as possible. To this end, highly specialized and trained experts must be available 24/7/365 for virtual and physical deployment on site (e.g. in customer data centers). These specialists will be most effective if they can act in concert with SOC analysts’ knowledge (about the customer environment) and Threat Intel (insights into possible attacks through curated intelligence). From hundreds of deployments across different industries, the incident responders form a valuable insurance policy to minimize damage for customers and return to normal operations as rapidly as possible.

A holistic and fully interlinked approach to Threat Intelligence, SOC analyses and Incident Response thus enables unique security synergies to be leveraged for customers:

ENGINEERING SECURITY. TOGETHER.
... read more

Downloads

Language: English

Questions and Answers: No

close

This content or feature is available to the it-sa 365 community. 
Please register or log in with your login data.