Despite spending a substantive amount on enterprise security tools and experts every year, some CIOs and CISOs remain unsatisfied with the state of their organization’s security posture.
This disconnect seems to go hand-in-hand with an absence of central or holistic approach that takes into consideration all the people, processes and technology within the organization. Critical security management tends to fall to admins who deploy and interpret findings to the best of their abilities, but from a bottom-up approach rather than a top-down perspective.
Gaining the Right Perspective
Threats, vulnerabilities, risks, security policies, compliance and consequences are all discussed within the context of any proposed enterprise security tool. A typical well-protected organization will have separate tools for application, data, network, endpoint, and mobile device management. Each tool will have its own set of admins, who will create their own set of security policies and rules, providing their own set of vulnerabilities, risk scores and consequences. This approach neglects the need for a central interface to aggregate the inputs to these tools such as security policies of the organization or aggregate the outputs of these tools such as offenses, vulnerabilities and risk scores. More recently, SIEM tools like IBM’s QRadarTM have taken an integrated approach and have started to address this integration and API capabilities to tie things together. Some SIEM platforms still leave a lot to be desired.
On their own, integrated enterprise security tools suffer from a lack of organizational context in the findings and offenses. The Security Management Services from VSS build upon those capabilities and provide CIOs and CISOs an organization-specific perspective; not from a “tool-up” view, but rather from an organizational view down to the tool, ensuring business needs and goals are met.
Focus on the Critical Areas
An organization, like a living organism, has its unique vulnerabilities specific to each critical functioning area. The majority of today’s security tools do a good job focusing on securing a unique operation within the organization, but in doing so, can give a false sense of security that the entire organism is safe and healthy. Just like any healthy organism can fall prey to single humble virus, a very well-protected organization can be exploited by previously unknown threats. The emergence of new hazards like phishing, ransomware and the continued breach of respected and well-protected organizations is a testament to this now-familiar phenomenon. Today’s threats demand a fresh approach; an approach based on security management processes; focused on the people, processes and technology of an organization.
Security Management Services by VSS help make this happen by treating applications as a “composite asset”, or an asset comprised of more than one asset. Our security professionals help CISOs gather information about applications that need to be protected. We also track the internal team members who are responsible for using and managing these applications.
With VSS Managed Security Services, clients can expect:
Strategic Planning and Roadmap
We meet with executive leadership to capture the security management vision and goals of the organization. Based on this input, VSS proposes a phased, strategic roadmap with clear milestones and KPIs to measure progress. Transparency is maintained through scheduled annual, quarterly and monthly reviews, allowing all parties to assess the current state of security, and set goals for upcoming periods to mitigate risk and ensure compliance. Reviews cover:
- Scope to ensure all assets are included
- Asset vulnerabilities to identify and assign risk
- Security policies to confirm and ensure compliance
Information Risk and Protection
Information Risk and Protection activities are ongoing. This includes:
- Vulnerability testing and risk assessment
- Security policy formulation and compliance
- Application security reviews
- QRadar log and flow expansion
Security Operations and Response
Our Security Operations Center offers 24x7x365 monitoring of the endpoints, networks, applications, and systems. This results in ongoing refinement of the security policies and the incident response plan.
Security Tools – Administration and Monitoring
Our team of Systems Administrators and Operators ensure that all security tools are working around the clock. This eliminates the need for our clients to hire expensive security resources to maintain their security investments.
Ready to take the first step in evaluating your organization’s enterprise security tools?
Contact our Security team to determine a holistic approach to security that takes into consideration the people, processes and technology that are involved in running your organization.