Embed Size (px)
DESCRIPTION
- Overview of the AlienVault USM Platform - Differentiation through Delivery "Threat Detection That Works" - Ways to Engage via Managed Services, Security Device Management and Professional Services - AlienVault MSSP Program Details
Citation preview
AlienVault – MSSP Program Overview
AUGUST 13, 2014
A DIFFERENT APPROACH TO SECURITY FOR MSSP’S
AGENDA
• Market Overview• “The 5 areas customers consider when selecting an MSSP” • Where most MSSPs struggle to offer real value• Overview of the AlienVault USM Platform• Differentiation through Delivery "Threat Detection That Works”• AlienVault MSSP Program Details
Market RealitiesWHAT WE KNOW ABOUT ORGANIZATIONS• Lack the in-house capabilities required to keep pace with
changing business demands, compliance mandates, and emerging threats for strategic implementation of new IT security solutions.
• Don’t have the capabilities to effectively monitor and manage the security infrastructure to ensure optimal utilization of current assets.
• Have in-house IT staffs that spend too much time on day- to-day operational security issues versus new strategic projects.
• Depend on IT security tools and processes that provide a reactive, rather than proactive, approach to mitigating risk and minimizing data loss and downtime.
… Which has led to organizations moving to MSSPs
Those who look for a platform that is already integrated – or “Unified
(Integrated) Security Management”
Two Types of MSSPs
Those who try to buy/build and integrate it all on
their own…
Observations of MSSPs in the MarketCHALLENGES ON DELIVERING VALUE
Operationalizing the Offering - Many MSSPs don’t have the experience needed to avoid the costly mistakes and end up managing the system far more than they spend on the value they bring to their customers. Attempting to tie disparate systems together is a failed strategy.
Basic (i.e. “Weak”) Correlation - Correlation of events and Incident-specific reports are required to offer true security visibility; however most MSSPs don’t deploy solutions that allow customers to get anything more than very basic reporting/correlation
Deployment of SIEM technology to provide in-house alerting and log analysis: - MSSPs typically lack the needed insight into the customer IT and business environment; thus, they are challenged in determining whether events involving users, administrators, internal applications and data are inappropriate or unacceptable.
Let’s “double-click’ on these challengesHigh Fidelity vs. False Positives - “Custom” correlation is the only way to achieve any true value/threat visiblity from a SIEM platform. The task of base-lining an environment and creating these alerts/alarms is daunting enough in a single environment – How can an MSSP deliver this across many environments?
Poor Change Management - Strong correlation is based on “known” baselines and an intimate understanding of a customers environment. MSSPs by virtue of what they do – are an after thought to change management by the organizations who work with MSSPs. Every change to that environment impacts the fidelity of correlation. Poor correlation = poor threat detection.
Poor Log Storage - Logs are only valuable to your customers if they can access them. Storing logs for a sufficient period of time or in a location that the customer cannot be access makes the services less valuable.
CORRELATION
Delivering Confidence, Simplicity & ValueWHAT YOU CAN OFFER YOUR CUSTOMERS
Managed security operations and response - Provide first line incident detection and triage - Escalate to customer as needed for remediation response
Reporting of vulnerabilities and threats - Identify known malicious entities probing their systems - Detect latest attack payloads - Identify compromised systems - Leverage time-tested security controls with minimal deployment overhead - Identify potentially insecure behaviors - Identify unpatched software, known to vulnerable
… A single security technology stack makes this possible – AT SCALE
POWER OF THE OPEN THREAT EXCHANGE (OTX) TO DETECT THREATS
Crowd-sourced threat data from 8,000+ sites across 140 countries500,000+ IPs validated dailyFree Threat Services
• Reputation Alert Monitor
• Threat Finder
• Interactive Threat Map
Award-Winning Solution Used by 10,000+ for Threat Detection, Incident Response and Compliance
Management
What Is Valuable?
Identify Ways to
Compromise
Start Looking for
Threats
Look For Strange Activity
Piece It All
Together
Understand the Threats
Unified Security Management Platform
Asset Discovery Active & Passive Network Scanning Asset Inventory Host-based Software Inventory
AssetDiscovery
Identify Ways to
Compromise
Start Looking for
Threats
Look For Strange Activity
Piece It All
Together
Understand the Threats
Unified Security Management Platform
AssetDiscovery
Vulnerability
Assessment
Start Looking for
Threats
Look For Strange Activity
Piece It All
Together
Understand the Threats
Unified Security Management PlatformAsset Discovery Active & Passive Network Scanning Asset Inventory Host-based Software Inventory
Vulnerability Assessment Network Vulnerability Testing Remediation Verification
AssetDiscovery
Vulnerability
Assessment
ThreatDetection
Look For Strange Activity
Piece It All
Together
Understand the Threats
Unified Security Management PlatformAsset Discovery Active & Passive Network Scanning Asset Inventory Host-based Software Inventory
Vulnerability Assessment Network Vulnerability Testing Remediation Verification
Threat Detection Network & Host IDS Wireless IDS File Integrity Monitoring
AssetDiscovery
Vulnerability
Assessment
ThreatDetection
BehavioralMonitoring
Piece It All
Together
Understand the Threats
Unified Security Management PlatformAsset Discovery Active & Passive Network Scanning Asset Inventory Host-based Software Inventory
Vulnerability Assessment Network Vulnerability Testing Remediation Verification
Threat Detection Network & Host IDS Wireless IDS File Integrity Monitoring
Behavioral Monitoring Log Collection NetFlow Analysis Service Availability Monitoring
AssetDiscovery
Vulnerability
Assessment
ThreatDetection
BehavioralMonitoring
SecurityIntelligen
ce
Understand the Threats
Unified Security Management PlatformAsset Discovery Active & Passive Network Scanning Asset Inventory Host-based Software Inventory
Vulnerability Assessment Network Vulnerability Testing Remediation Verification
Threat Detection Network & Host IDS Wireless IDS File Integrity Monitoring
Behavioral Monitoring Log Collection NetFlow Analysis Service Availability Monitoring
Security Intelligence SIEM Event Correlation Incident Response
Asset Discovery Active & Passive Network Scanning Asset Inventory Host-based Software Inventory
Vulnerability Assessment Network Vulnerability Testing Remediation Verification
Threat Detection Network & Host IDS Wireless IDS File Integrity Monitoring
Behavioral Monitoring Log Collection NetFlow Analysis Service Availability Monitoring
Security Intelligence SIEM Event Correlation Incident Response
AssetDiscovery
Vulnerability
Assessment
ThreatDetection
BehavioralMonitoring
SecurityIntelligen
ce
AV Labs Threat
Intelligence
Contextual Threat Intelligence
Threat Intelligence Powered by Open Collaboration
OTX + AlienVault Labs
MSSP “GETTING STARTED” PACKAGES
Public Training + Deployment Assistance
Private Training + Deployment Assistance
Packages include…
• AlienVault product training for one (1) engineer at a public AlienVault training center
• Three (3) days of remote support by a Certified AlienVault Deployment Architect
• AlienVault product training for up to 8 people at your facility
• Three (3) days of remote support by a Certified AlienVault Deployment Architect
Become a certified AlienVault MSSP partner
MSSP Partner of AlienVaultSMALL SAMPLING OF PARTNERS
Today we have 100+ MSSPs around the world… some supporting less than 5 customers…some supporting 100’s of customers
• Breaches/Infection rates have no correlation to company size so smaller MSSPs have the same challenges that larger MSSPs do. The problem they solve is just as significant.
• Larger companies do have larger budgets so when serving the small business and mid-market; efficiency at scale is important.
We offer entry points for any size MSSP. The largest to the newly formed.
