With the unprecedented growth of Managed security services market and the growing acceptance of Security-as-a-service delivery offered by cloud based companies for enterprises and small and medium businesses alike to reduce OPEX and CAPEX related security. Managed security service providers (MSSPs) need to up their ante in addressing the growing threat and their advanced threat protection (ATP) services.
To do that we need to have a Structured Advanced Threat Protection Framework to provide organisations an answer to the new class of advanced targeted attacks. And since there is no all in one solution to assure Protection from a Sophisticated targeted attack, MSSPs should deploy several security technologies with an eye to provide a complete ATP solution. And since, all the range of security software’s available has its own set of strengths and weaknesses. MSSPs should deploy the software’s in such a way that one software’s weakness can be compensated using another software.
|FRAMEWORK OF MSSP|
“Prevention is better than cure”:
The first step is to prevent the intrusion of threats in to the network by deployment of purpose built software’s like antivirus, antimalware’s and e.tc, to prevent known threats from entering the network. Then through network behaviour analysis we should flag traffic and any activity indicative of an attack in progress like malformed protocols, anomalous traffic associated with vulnerability exploit attempts, Fast flux activity and more. Then we should authenticate legitimate users with the help of authentication software’s and ensure endpoint security in Mobile and BYOD environments.
“You have to be vigilant about keeping your own fire alive.” ― Tift Merritt
The second step is to monitor and detect the suspicious unknown code through IPS and IDS software’s. So, we can sandbox it to analyse by sending it through a network sniffing device to know if it is malicious or not. If its malicious then we can move on to mitigate it as the third step.
“I think malware is a significant threat because the mitigation, like antivirus software, hasn't evolved to a point to really mitigate the risk to a reasonable degree.”- Kevin Mitnick
Upon detecting a threat through the sandbox an alarm will be raised to SOC and its customer to take immediate mitigation to ensure the safety of resources and data. At the same time the response is taken for the improvement of gateway services for fixes and implementing it on all security layers and being delivered to different security enforcement points to update Antivirus and Intrusion prevention systems signatures and e.tc. So, that the threat will be known in all levels and can prevent the threat in the future.
This complete framework’s flexibility in terms of all available options allows MSSP to tailor the best ATP service for each customer’s need. Veeras.com