With
the unprecedented growth of Managed security services market and the growing
acceptance of Security-as-a-service delivery offered by cloud based companies
for enterprises and small and medium businesses alike to reduce OPEX and CAPEX
related security. Managed security service providers (MSSPs) need to up their
ante in addressing the growing threat and their advanced threat protection
(ATP) services.
To
do that we need to have a Structured Advanced Threat Protection Framework to
provide organisations an answer to the new class of advanced targeted attacks.
And since there is no all in one solution to assure Protection from a
Sophisticated targeted attack, MSSPs should deploy several security
technologies with an eye to provide a complete ATP solution. And since, all the
range of security software’s available has its own set of strengths and weaknesses.
MSSPs should deploy the software’s in such a way that one software’s weakness
can be compensated using another software.
 |
| FRAMEWORK OF MSSP |
“Prevention
is better than cure”:
The
first step is to prevent the intrusion of threats in to the network by
deployment of purpose built software’s like antivirus, antimalware’s and e.tc,
to prevent known threats from entering the network. Then through network
behaviour analysis we should flag traffic and any activity indicative of an
attack in progress like malformed protocols, anomalous traffic associated with
vulnerability exploit attempts, Fast flux activity and more. Then we should
authenticate legitimate users with the help of authentication software’s and
ensure endpoint security in Mobile and BYOD environments.
“You have to be vigilant about keeping your own
fire alive.” ― Tift Merritt
The
second step is to monitor and detect the suspicious unknown code through IPS
and IDS software’s. So, we can sandbox it to analyse by sending it through a
network sniffing device to know if it is malicious or not. If its malicious
then we can move on to mitigate it as the third step.
“I think malware
is a significant threat because the mitigation, like antivirus software, hasn't
evolved to a point to really mitigate the risk to a reasonable degree.”- Kevin
Mitnick
Upon
detecting a threat through the sandbox an alarm will be raised to SOC and its
customer to take immediate mitigation to ensure the safety of resources and
data. At the same time the response is taken for the improvement of gateway
services for fixes and implementing it on all security layers and being
delivered to different security enforcement points to update Antivirus and
Intrusion prevention systems signatures and e.tc. So, that the threat will be
known in all levels and can prevent the threat in the future.
This
complete framework’s flexibility in terms of all available options allows MSSP
to tailor the best ATP service for each customer’s need. Veeras.com
No comments:
Post a Comment