| Smarter and more responsive | |
| “A security service is no longer just about firewalls. Our approach is a holistic one” |  Ergo: Sean O’Farrell, senior consultant engineer |
| Today’s rapidly evolving threat landscape demands smarter and more responsive managed security services. Ergo can provide Information Security Consultancy and Systems Review which allow a proactive and preventive approach to potential security breaches. We bring value to organisations by reducing the burden on security operations, protecting our clients from malicious attack, and preventing data leakage.A security service is no longer just about firewalls. Ergo’s approach is a holistic one, incorporating perimeter security, threat monitoring, compliance enforcement, data loss prevention (DLP), ediscovery, identity management, device management, rights management and encryption.
In Ergo, we enable our customers to put their hands around the security challenge in a user centric way. Our solutions deliver comprehensive security in a transparent and efficient manner.
|
|
| Responsibility boundaries | |
| “It is just not enough to assume all responsibility is transferred to an MSSP when a contract is signed” |  Integrity Solutions: Paul Ryan, principal security and GRC consultant |
| The key concern for organisations considering a managed security service is understanding where the boundaries of responsibility and accountability lie. Full clarity in this area is critical when taking on a Managed Security Service Provider (MSSP). It is important to remember that an MSSP is addressing an outsourced security component and like any other strategic business decision organisations need to consider the impact of this decision.It is important that all aspects of the contract are thoroughly inspected before signing up to an MSSP. It is just not enough to assume all responsibility is transferred to an MSSP when a contract is signed. As such, expectations regarding the type of relationship and contract being sought should be defined in advance in order to get the most benefit from the agreement. All aspects of a contract can be addressed by due diligence, risk management strategy, built in assurance controls, and also by establishing trust with the MSSP.
This is where Integrity Solutions comes in. Our business is security. We take a collaborative and partnership approach to managed security services which enables us to work as an extension of your existing team, allowing you to do more with the limited resources you have.
|
|
| Doing enough | |
| “The challenge with security however, is that you never know if you have done enough or in the right way until it is too late” |  NextGen Group: Lars Meyer |
| Information security is increasingly becoming strategic to companies, as a lack of security can expose their business to the risk of losing their competitive advantage while heavy and inflexible security measures can strangulate their business.The challenge with security however, is that you never know if you have done enough or in the right way until it is too late, because your IT infrastructure has been compromised. At the same time, the threat landscape is changing rapidly and keeping up to date in today’s busy schedule is close to impossible. This makes the idea of outsourcing security and with this risk, very attractive.
The problem is that it is not possible to outsource risk. You can insure your car against an accident but at the end of the day it is still you sitting in the car if a crash happens. So what enterprise have to be concerned about are shiny Managed Security Services offerings which promise a black box security solution were the customer does not have to worry about anything. In the NextGen Group we take a practical and honest approach to security. We understand that you are sitting in the driver seat of your IT infrastructure which makes it our job to not only secure it but understand where you are planning to go. With the NextGen Security Managed Service, we are establishing a cooperation with our customers were we are first of all try to understand your business needs and then advice you on the routes which are available for a safe journey. The threat landscape has changed tremendously over the last couple of years. We are now seeing highly sophisticated attacks executed by novices simply made possible by the new business model of cybercrime “Hacking as a Service”. Instead of taking the risk of attacking themselves, incredibly skilled and intelligent hackers now earn money by developing easy to use tools which enable less skilled criminals to execute sophisticated attacks which easily circumvent the classic enterprise security solutions consisting of a firewall, a proxy and endpoint antivirus. The Cyber Kill Chain, a term first used by Lockheed Martin, describes a sophisticated, stealthy and continuous computer hacking process which attackers use nowadays to target their victims. The challenge for any hacker is to successfully go through every single stage in this chain to accomplish the end-goal of either attacking the IT infrastructure directly or using the infrastructure as a resource for other criminal activity. The challenge for the company is to defend each link and stop the attack at the earliest possible stage along the kill chain, successfully defended itself against the entire Advanced Persistent Threat. In reality however, 100% security is not possible, every threat prevention technique can be evaded and cyber criminals have been very successful at doing so. For instance a recent whitepaper from the SANS Institute “Beating the IPS” shows that every Intrusion Prevention System “IPS” from every vendor, can be evaded. A good analogy is the human immune system. A healthy lifestyle will keep us fit but for example, there is no total protection from viral infection. However being sick is not the end of the world as long as the body is able, or sometimes with medical intervention, enabled to effectively defend itself and mitigate the impact of the infection. There is however a big difference between us humans and an IT system. We know when we feel sick and we instinctively know when to go to the doctor. Getting this level of visibility into an IT infrastructure is difficult and expensive. The solution, which we provide with NextGen Security Managed Services, is what we like to call “The Magic Sauce”, which is a combination of different threat prevention techniques implemented at every single step of the Cyber Kill Chain that makes it close to impossible for the attacker to evade all of its activity which in turn provides the best possible security defence. With this we enable our customers to define their IT infrastructure by first of all gaining visibility to determine exactly what needs to be protected. Then control appropriate usage and with this lower the attack surface and finally implement and manage the different threat prevention techniques at every step of the Cyber Kill Chain to defend against Advanced Persistent Threats “APTs” as well as other network related attacks like a Distributed Denial of Services “DDoS”.
|
|
Subscribers 0
Fans 0
Followers 0
Followers