Choosing Between Managed Security Services or In-house SIEM? Consider the Benefits of both!

Matteo Masserini Emerging Region Sales Specialist

Steven Kulley Regional Product Manager - EMEA

Tarun Sondhi Group Product Manager Choosing Between Managed Security Services or In-house SIEM 1

SYMANTEC VISION 2012

Is IT Security Keeping Pace?

Choosing Between Managed Security Services or In-house SIEM 2

Source: Symantec 2011 Threat Management Survey

SYMANTEC VISION 2012 Choosing Between Managed Security Services or In-house SIEM 3

How do I demonstrate due

care around security incident handling?

How can I manage both broad and

targeted threats?

How do I stay on top of emerging threats?

How do I meet compliance needs?

How do I meet both needs

affordably with the same staff?

Am I running in place or innovating ?

Key Customer Challenges

SYMANTEC VISION 2012

Common Decision Drivers

Choosing Between Managed Security Services or In-house SIEM 4

Multiple Compliance Regulations

Establish IT Controls

Monitoring and Incident

Response

Reporting and Metrics

Security Challenges

Threats from

hackers: Casual to

Targeted

Shinking

Vulnerability

disclosure to exploit

window

Malicious and

Criminal Motivation

Cost Challenges

CapEx vs. OpEx Buy vs. Build Planning for

Growth

SYMANTEC VISION 2012

Operations Structure

• Security Strategy

• Planning and Design

• Execution/Implementations

• Operations

– Change Management

– Incident Management

– Monitoring

– Ticketing systems

– Escalation processes

– Moves/Adds/Changes

– etc • Service Improvement/Optimization

Choosing Between Managed Security Services or In-house SIEM 5

People

Process

Tools

SYMANTEC VISION 2012

Are you a Cost Center or Profit Center?

Choosing Between Managed Security Services or In-house SIEM

6

20%

Innovating

80%

Sustaining and

Running

Worst Case Best Case

Decrease

Low Value

Operations

Co

st

Cen

ter

Pro

fit Gen

era

tor

20%

Sustaining and

Running

80%

Innovating

Increase

Value

Creation

SYMANTEC VISION 2012

What makes up the 80 %

Symantec Customer Confidential 7

Incident Monitoring

Performance Management

Problem Management

Change Management

Configuration Management

MAC’s Availability

Management

Patch Management

Capacity Management

Availability Monitoring

Out-Tasking “80%”

SYMANTEC VISION 2012

Traditionally Two Silos

Characteristics MSSPs SIEMs

Location Cloud Delivered On Premise

Primary Use Case Compliance & Security Compliance & Security

Technologies Comprehensive Comprehensive

Customizability Limited Extensive

Time to Value Faster Slower

Global Visibility Broad Limited

Cost Opex + Capex +

Choosing Between Managed Security Services or In-house SIEM 8

SYMANTEC VISION 2012 9

Drivers:

• Staffing challenges - 24x7 coverage - Recruiting and

retention - Headcount restrictions

• Skills gaps - Threat expertise

• Higher priority projects • Urgency to deliver

outcomes

Advantages

• Out-tasked 24/7/365 solution • Offers offsite log retention • Minimum Build - faster time to

value

Cautions

• Effort to transfer domain knowledge

• Customization options are limited

Choosing Between Managed Security Services or In-house SIEM

Investment in Outcome – MSSP’s

SYMANTEC VISION 2012

Invest In Effort - SIEM

10

Drivers:

• Specific regulations prevent exporting log data to third parties

• Already have investments in internal staff/expertise

• High customization needs

Advantages • Flexible and customizable • Enables effective management of

security incidents • Local log storage

Cautions

• Time to value is steep • Substantial infrastructure requirements • Significant effort to sustain long term

Choosing Between Managed Security Services or In-house SIEM

SYMANTEC VISION 2012

Security Management Maturity Model Se

curi

ty

A B C D E

Labor Centric

Use of individual tool consoles to manage and monitor the environment

Tools Based

Investment in smart tooling, integration intensive with reporting benefits

Integrated Picture

Centralized tool platform, automated processes

Dynamic Defense

Change in emphasis from reactive to proactive, understanding security risk posture

Agile Management

Becoming threat aware, efficient and effective granular controls to focus on specific threats

A B C

D

E

Functional Maturity

Choosing Between Managed Security Services or In-house SIEM 11

SYMANTEC VISION 2012

Security Management Maturity Model – Current State Se

curi

ty

A B C D E

Labor Centric

Use of individual tool consoles to manage and monitor the environment

Tools Based

Investment in smart tooling, integration intensive with reporting benefits

Integrated Picture

Centralized tool platform, automated processes

Dynamic Defense

Change in emphasis from reactive to proactive, understanding security risk posture

Agile Management

Becoming threat aware, efficient and effective granular controls to focus on specific threats

A B C

D

E

X

Current State

Target State

X

Functional Maturity

Choosing Between Managed Security Services or In-house SIEM 12

SYMANTEC VISION 2012

Security Management Maturity Model – Step 1 Se

curi

ty

A B C D E

Labor Centric

Use of individual tool consoles to manage and monitor the environment

Tools Based

Investment in smart tooling, integration intensive with reporting benefits

Integrated Picture

Centralized tool platform, automated processes

Dynamic Defense

Change in emphasis from reactive to proactive, understanding security risk posture

Agile Management

Becoming threat aware, efficient and effective granular controls to focus on specific threats

A B C

D

E

X

SIEM Target State

X

Functional Maturity

Choosing Between Managed Security Services or In-house SIEM 13

MSSP

SYMANTEC VISION 2012

Security Management Maturity Model –Step 2 Se

curi

ty

A B C D E

Labor Centric

Use of individual tool consoles to manage and monitor the environment

Tools Based

Investment in smart tooling, integration intensive with reporting benefits

Integrated Picture

Centralized tool platform, automated processes

Dynamic Defense

Change in emphasis from reactive to proactive, understanding security risk posture

Agile Management

Becoming threat aware, efficient and effective granular controls to focus on specific threats

A B C

D

E

X

SIEM Target State

X

Functional Maturity

Choosing Between Managed Security Services or In-house SIEM 14

MSSP

SYMANTEC VISION 2012

Security Management Maturity Model – Step 3 Se

curi

ty

A B C D E

Labor Centric

Use of individual tool consoles to manage and monitor the environment

Tools Based

Investment in smart tooling, integration intensive with reporting benefits

Integrated Picture

Centralized tool platform, automated processes

Dynamic Defense

Change in emphasis from reactive to proactive, understanding security risk posture

Agile Management

Becoming threat aware, efficient and effective granular controls to focus on specific threats

A B C

D

E

X

SIEM Target State

X

Functional Maturity

Choosing Between Managed Security Services or In-house SIEM 15

MSSP

SYMANTEC VISION 2012

MSSP and SIEM – A combined Approach

Attack Monitoring

24x7

Policy Violation

& Compliance

8x5

16 Choosing Between Managed Security Services or In-house SIEM

Thank you!

Copyright © 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.

Choosing Between Managed Security Services or In-house SIEM 17

SYMANTEC VISION 2012

Symantec™ Global Intelligence Network Identifies more threats, takes action faster & prevents impact

Information Protection Preemptive Security Alerts Threat Triggered Actions

Global Scope and Scale Worldwide Coverage 24x7 Event Logging

Rapid Detection

MSS Monitoring • 4 SOC’s

• 1,100+ MSS

Customers, 15 billion

logs a day

Malware Intelligence • 180M Norton client

• Botnet Command &

Control Servers

Email/Web .Cloud • 5M decoy accounts

• 8B+ email messages/day

• 1B+ web requests/day

Vulnerabilities • SecurityFocus / BugTraq

• 45,000+ vulnerabilities

• 105,000 technologies

Austin, TX Mountain View, CA

Culver City, CA

San Francisco, CA

Taipei, Taiwan

Tokyo, Japan

Dublin, Ireland Calgary, Alberta

Chengdu, China

Chennai, India

Pune, India

Choosing Between Managed Security Services or In-house SIEM 18