In most cases, this involves a thorough review of the infrastructure, including any cloud services used by the company. The enterprise customer’s Trusted Advisor can play an instrumental role in ensuring the proper execution of this phase. A penetration test and a test of exploits against employees may be advisable. These services can cost between $10,000 and $25,000. Some companies may be willing to do them for free, but the fee-based alternatives are generally viewed as more comprehensive. “I am a huge advocate of proactive threat hunting,” said Trustwave’s Steve Baer, vice president of sales engineers at Trustwave. “And by that, I mean a realistic threat assessment; not just a pen test not a port scan, and not something you’ve had done by the same firm for the last three years. I’m talking about a deep, under the covers, search for adversarial activity in your environment. I equate that to making sure your foundation is sound before you build a house on top of it. You might do an architec- tural redesign, but before you do any of that, make sure everything is sound.” Most of the customers participating in AVANT’s assessment surveys were no strangers to third-party security assessments. More than 60 percent have had such an assessment conducted within the last year, nine percent have done so more than a year ago, and another nine percent have never done a third-party security assessment at all. The remainder were uncertain of whether such a test had ever been done at all. It will be important to view security from the standpoint of defending your data center while at the same time providing the necessary protections to fully support your company’s web-facing products and services. This will be explored in more detail below. For the time being, however, it is important to note that the company’s local infrastructure will need endpoint security, a traditional firewall, or in certain circumstances a next generation firewall that incorporates a variety of otherwise disparate functions. Decision-makers should anticipate a need for a comprehensive solution that gathers log information from a wide array of sources and inputs, and then correlates that data with both known threats and behavioral analysis to uncover threats that might not have an existing signature associ- ated with it. This function is typically built around the use of a SIEM platform that should be coupled with intrusion prevention and detection capabilities that can be extended to server-based or virtual machine-based devices. The alerts that arise from this kind of system need to be evaluated by qualified security analysts, and that’s typically where an MSSP can be of service for companies that don’t have the resources, or their own 24x7 SOC. On the cloud side of the equation, most companies would be well advised to adopt a stateful fire- wall (which tracks network connections), a web application firewall, and DDoS protection, as well as making sure that the security features of the cloud service are properly configured from the customer point of view. Copyright © 2020 ACopyright © 2020 AVVANT CommunicANT Communicaations, Inc.tions, Inc. 184 Copyright © 2020 AVANT Communications, Inc. 7
Managed Security Trends and Insights Page 18 Page 20