Download presentation
Presentation is loading. Please wait.
1
MSSP Security Orchestration Shopping List
2
Introduction To say that MSSPs have a security orchestration challenge is the understatement of the century. But not just any security orchestration platform can satisfy the multi-tenant requirements of MSSPs. Managed security services providers (MSSPs) can teach a master class on today’s threat landscape.
3
MSSPs and SOC With dozens of client environments to monitor, MSSPs get a broad view of what it takes to detect, manage and respond to cyberthreats of all kinds. And don’t get us started about all the false positives to be addressed day in and day out. MSSPs are also in the unique position of needing to understand how to fully leverage the vast landscape of security tools. Whereas an enterprise security operations team (SOC) would need the capabilities to manage one SIEM, for example, an MSSP needs to be prepared to manage a variety of client-selected technologies.
4
SIEM & WAF From SIEMs and web application firewalls (WAF) to intrusion detection systems (IDS) and anti-malware solutions, MSSPs must be ready to manage them all. Below is a quick look at what you should be looking for when exploring security orchestration solutions if you, or someone you love, is part of an MSSP. security orchestration solutions
5
Security Orchestration Table Security orchestrationSecurity orchestration should provide a centralized security operations platform as the nucleus of its security management. A single console provides MSSPs with a centralized, detailed view of multiple customers. Within the scope of security orchestration are core features and functionality that should be considered table stakes for any organization.
6
Triage and Case Management Triage Streamline alert management and the triage process by eliminating noise, grouping related alerts, and integrating multiple data sources to provide and enrich insight across grouped alerts. Case Management Manage the entire SOC through a complete view presented in a single pane of glass, which analysts can use as their primary workbench.
7
Playbook Library & Case Visualization Playbook Library Accelerate time to value with an out-of-the-box playbook knowledge base that drives the full range of playbook requirements and provides a balance between automation and analyst interaction. Case Visualization Visual representation of each case provides an intuitive understanding of complex cases and threats in a fraction of the usual time required.
8
Reporting & Case Reduction Reporting One-click reporting of activity and KPI measurements to customers. Automation of reporting and distribution process. Case Reduction & Clustering Reduces caseload via graph contextualization, clustering of contextually relevant cases, and automated case prioritization.
9
Cyber Ontology
10
Reporting & Case Reduction Automation Automate cumbersome manual processes with a machine-speed response. Typical processes ripe for security automation include data normalization, alert filtration and consolidation and case enrichment.security automation Playbook and Workflow Authoring Playbook design capability to create and implement analyst-customized workflows (without scripting).
11
Additional MSSP Requirements ● Be sure to look for solutions that go beyond core security orchestration functionality to include these capabilities, tailored to the needs of MSSPs: ● Adapt workflows for similar use-cases to specific customers ● Integrate SLA expectations with KPI performance measurement and reporting ● Provide customer visibility through automated reporting and distributed dashboards ● Collaboration between MSSP security professionals and customer resources ● Health monitoring across MSSP customer base
12
Multi Tenancy Multi-tenancy (at the environmental level, and in terms of data, permissions, dashboard, reporting, and unique customer playbooks) is crucial for any MSSP who wishes to reap the full value of security orchestration across its customer base and to give teams the proverbial single pane of glass access and vision.
13
MSSP Multi-Tenancy
14
Integration Given the infinite possible configurations, a security orchestration solution must have the capability to integrate with any environment. Out-of-the-box integrations offer an important solution, as well as an architecture that supports easily expanded integrations with the endless data sets MSSPs will encounter. For example, multiple SIEMs and non-standard alert sources, including e-mails.security orchestration
15
MSSP Techstack
16
Let’s Go Shopping For a deeper look and a full security orchestration shopping list, download our MSSP buyer’s guide for security orchestration and automation.security orchestration shopping list
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.