Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Choosing Between Managed Security Services or In-house SIEM? Consider the Benefits of both!
Matteo Masserini Emerging Region Sales Specialist
Steven Kulley Regional Product Manager - EMEA
Tarun Sondhi Group Product Manager Choosing Between Managed Security Services or In-house SIEM 1
SYMANTEC VISION 2012
Is IT Security Keeping Pace?
Choosing Between Managed Security Services or In-house SIEM 2
Source: Symantec 2011 Threat Management Survey
SYMANTEC VISION 2012 Choosing Between Managed Security Services or In-house SIEM 3
How do I demonstrate due
care around security incident handling?
How can I manage both broad and
targeted threats?
How do I stay on top of emerging threats?
How do I meet compliance needs?
How do I meet both needs
affordably with the same staff?
Am I running in place or innovating ?
Key Customer Challenges
SYMANTEC VISION 2012
Common Decision Drivers
Choosing Between Managed Security Services or In-house SIEM 4
Multiple Compliance Regulations
Establish IT Controls
Monitoring and Incident
Response
Reporting and Metrics
Security Challenges
Threats from
hackers: Casual to
Targeted
Shinking
Vulnerability
disclosure to exploit
window
Malicious and
Criminal Motivation
Cost Challenges
CapEx vs. OpEx Buy vs. Build Planning for
Growth
SYMANTEC VISION 2012
Operations Structure
• Security Strategy
• Planning and Design
• Execution/Implementations
• Operations
– Change Management
– Incident Management
– Monitoring
– Ticketing systems
– Escalation processes
– Moves/Adds/Changes
– etc • Service Improvement/Optimization
Choosing Between Managed Security Services or In-house SIEM 5
People
Process
Tools
SYMANTEC VISION 2012
Are you a Cost Center or Profit Center?
Choosing Between Managed Security Services or In-house SIEM
6
20%
Innovating
80%
Sustaining and
Running
Worst Case Best Case
Decrease
Low Value
Operations
Co
st
Cen
ter
Pro
fit Gen
era
tor
20%
Sustaining and
Running
80%
Innovating
Increase
Value
Creation
SYMANTEC VISION 2012
What makes up the 80 %
Symantec Customer Confidential 7
Incident Monitoring
Performance Management
Problem Management
Change Management
Configuration Management
MAC’s Availability
Management
Patch Management
Capacity Management
Availability Monitoring
Out-Tasking “80%”
SYMANTEC VISION 2012
Traditionally Two Silos
Characteristics MSSPs SIEMs
Location Cloud Delivered On Premise
Primary Use Case Compliance & Security Compliance & Security
Technologies Comprehensive Comprehensive
Customizability Limited Extensive
Time to Value Faster Slower
Global Visibility Broad Limited
Cost Opex + Capex +
Choosing Between Managed Security Services or In-house SIEM 8
SYMANTEC VISION 2012 9
Drivers:
• Staffing challenges - 24x7 coverage - Recruiting and
retention - Headcount restrictions
• Skills gaps - Threat expertise
• Higher priority projects • Urgency to deliver
outcomes
Advantages
• Out-tasked 24/7/365 solution • Offers offsite log retention • Minimum Build - faster time to
value
Cautions
• Effort to transfer domain knowledge
• Customization options are limited
Choosing Between Managed Security Services or In-house SIEM
Investment in Outcome – MSSP’s
SYMANTEC VISION 2012
Invest In Effort - SIEM
10
Drivers:
• Specific regulations prevent exporting log data to third parties
• Already have investments in internal staff/expertise
• High customization needs
Advantages • Flexible and customizable • Enables effective management of
security incidents • Local log storage
Cautions
• Time to value is steep • Substantial infrastructure requirements • Significant effort to sustain long term
Choosing Between Managed Security Services or In-house SIEM
SYMANTEC VISION 2012
Security Management Maturity Model Se
curi
ty
A B C D E
Labor Centric
Use of individual tool consoles to manage and monitor the environment
Tools Based
Investment in smart tooling, integration intensive with reporting benefits
Integrated Picture
Centralized tool platform, automated processes
Dynamic Defense
Change in emphasis from reactive to proactive, understanding security risk posture
Agile Management
Becoming threat aware, efficient and effective granular controls to focus on specific threats
A B C
D
E
Functional Maturity
Choosing Between Managed Security Services or In-house SIEM 11
SYMANTEC VISION 2012
Security Management Maturity Model – Current State Se
curi
ty
A B C D E
Labor Centric
Use of individual tool consoles to manage and monitor the environment
Tools Based
Investment in smart tooling, integration intensive with reporting benefits
Integrated Picture
Centralized tool platform, automated processes
Dynamic Defense
Change in emphasis from reactive to proactive, understanding security risk posture
Agile Management
Becoming threat aware, efficient and effective granular controls to focus on specific threats
A B C
D
E
X
Current State
Target State
X
Functional Maturity
Choosing Between Managed Security Services or In-house SIEM 12
SYMANTEC VISION 2012
Security Management Maturity Model – Step 1 Se
curi
ty
A B C D E
Labor Centric
Use of individual tool consoles to manage and monitor the environment
Tools Based
Investment in smart tooling, integration intensive with reporting benefits
Integrated Picture
Centralized tool platform, automated processes
Dynamic Defense
Change in emphasis from reactive to proactive, understanding security risk posture
Agile Management
Becoming threat aware, efficient and effective granular controls to focus on specific threats
A B C
D
E
X
SIEM Target State
X
Functional Maturity
Choosing Between Managed Security Services or In-house SIEM 13
MSSP
SYMANTEC VISION 2012
Security Management Maturity Model –Step 2 Se
curi
ty
A B C D E
Labor Centric
Use of individual tool consoles to manage and monitor the environment
Tools Based
Investment in smart tooling, integration intensive with reporting benefits
Integrated Picture
Centralized tool platform, automated processes
Dynamic Defense
Change in emphasis from reactive to proactive, understanding security risk posture
Agile Management
Becoming threat aware, efficient and effective granular controls to focus on specific threats
A B C
D
E
X
SIEM Target State
X
Functional Maturity
Choosing Between Managed Security Services or In-house SIEM 14
MSSP
SYMANTEC VISION 2012
Security Management Maturity Model – Step 3 Se
curi
ty
A B C D E
Labor Centric
Use of individual tool consoles to manage and monitor the environment
Tools Based
Investment in smart tooling, integration intensive with reporting benefits
Integrated Picture
Centralized tool platform, automated processes
Dynamic Defense
Change in emphasis from reactive to proactive, understanding security risk posture
Agile Management
Becoming threat aware, efficient and effective granular controls to focus on specific threats
A B C
D
E
X
SIEM Target State
X
Functional Maturity
Choosing Between Managed Security Services or In-house SIEM 15
MSSP
SYMANTEC VISION 2012
MSSP and SIEM – A combined Approach
Attack Monitoring
24x7
Policy Violation
& Compliance
8x5
16 Choosing Between Managed Security Services or In-house SIEM
Thank you!
Copyright © 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Choosing Between Managed Security Services or In-house SIEM 17
SYMANTEC VISION 2012
Symantec™ Global Intelligence Network Identifies more threats, takes action faster & prevents impact
Information Protection Preemptive Security Alerts Threat Triggered Actions
Global Scope and Scale Worldwide Coverage 24x7 Event Logging
Rapid Detection
MSS Monitoring • 4 SOC’s
• 1,100+ MSS
Customers, 15 billion
logs a day
Malware Intelligence • 180M Norton client
• Botnet Command &
Control Servers
Email/Web .Cloud • 5M decoy accounts
• 8B+ email messages/day
• 1B+ web requests/day
Vulnerabilities • SecurityFocus / BugTraq
• 45,000+ vulnerabilities
• 105,000 technologies
Austin, TX Mountain View, CA
Culver City, CA
San Francisco, CA
Taipei, Taiwan
Tokyo, Japan
Dublin, Ireland Calgary, Alberta
Chengdu, China
Chennai, India
Pune, India
Choosing Between Managed Security Services or In-house SIEM 18