pandasecurity.com

From Managed Security Services to the

next evolution of CyberSoc Services

Gianluca Busco ArréCountry Manager

MSSP / MDRWhere the Industry is going… leaders and laggers

From Managed Security Services to the next evolution of CyberSoc Services

MSSP industry trends…

From Managed Security Services to the next evolution of CyberSoc Services

MDRs: trends and differentiators

E2020, MDR services Growth: +45% CAGR.MDR Growth

Threats and security solutions continue to evolve.

Threats More attacks exploiting administrative tools. Greater difficulty to detect them.

Security Solutions Greater visibility, especially in Endpoint (EDR)

Customers They demand detection and response in real time of threats that reach the endpoint.

Lack of SKILLED people, processes and technologies. Demand MORE and BETTER

SERVICES

FACTORS

PROJECTIONS* By 2020, 15% of organizations will consume MDR

(Vs. 1% now).

By 2020, 80% of MSSPs will offer MDR services.

* Gartner: Market Guide for Managed Detection and Response Services

From Managed Security Services to the next evolution of CyberSoc Services

Typical MSSP approach

Prevention of known malware. Detection gap

Generator of consummated incident alerts without context

The only possible answer is disinfection

Medium prevention. Zero detection - High Cost

REAL APPROACH

Internet security, perimeter and network devices:

Firewall, IDS/IPS, UTMs, Gateways, Web filtering

VPN, routers, switches

DDoS

Network vulnerability analysis

Endpoint Security:

“Blind” security

Known threats Prevention: EPP/AV

Regulatory Compliance

CLAIM

From Managed Security Services to the next evolution of CyberSoc Services

Typical MDR approach

Detection of threats that have bypassed other controls

No alerts to the client. Response as soon as possible

Forensic Analysis Reduction of attack surface (ASR) to prevent future attacks

No Prevention. High Detection and Response – High Cost

REAL APPROACH

Security based on Visibility capabilities (Telemetry) that enables the response:

NTA (Network Traffic Analysis)

EDR (Endpoint Detection and response)

Deception

Big-Data Platforms, Advanced Analytics. Alternatively SIEM integration and analysis

CLAIM

From Managed Security Services to the next evolution of CyberSoc Services

The Model.

MDRsForensic Cosole

Data Analytics Platform

Advanced Reporting Tool

GDPR Data Control

LogTrust

EDR – Endpoint Detection and Resposne

Platform, Solutions

and Services for

MSSP and MDRs

"…a cynical [but perhaps no less astute!] reader may quip

that “an MDR is simply an MSSP that knows how to

detect actual threats and not just to monkey around with

compliance.”

"…it seems to us that over the next 1-2 years, MDR will

become simply a type of an MSSP service type that

focuses on detection excellence and remote incident

response…»

*Garther MDRs definition:

https://www.gartner.com/document/3733918

From Managed Security Services to the next evolution of CyberSoc Services

REAL APPROACH

CLAIM

Services on top of Panda Managed Services:

100% Attestation Service.

Threat hunting and Investigation

Extended by the Security Services Provider

Endpoint Visibility

RESULT: Very high Prevention. Very High Early Detection and Response – Lowest TCO for the Customer

• Endpoint security

• Internet, perimeter and network devices security

• SIEM Internet, perimeter, network and endpoint

• Compliance, IT Optimization, Productivity

Enablement of MSS and MDR leads by Panda Security

From Managed Security Services to the next evolution of CyberSoc Services

SECURITY

ASSESSMENT

SECURITY

OPERATIONS

THREAT HUNTING

THREAT

INTELLIGENCE

Deploym. & Configuration (2)

Endpoint protection health (2)

Alerts & Reports (2)

Cross Network-Endpoint FW &

IPS/IDS management (3)

Deception tecniques (4)

Endpoint Patch management (4)

Network Patch management (4)

1 2 3

Endpoint Audit (2)

Ep Vulnerability Assessment (3)

Executive breach Simulation (3)

Network Vulner. Assessment (4)

PenTest (4)

3

DETECTION & RESPONSE

PREVENTION

INVESTIGATION

4

Threat Hunting &

Investigation

ASR &

Threat Intel.

Assessment

SecOpsPrevent,

Detect and Response

Incident Prevention Service (1)

Blocked Items early classif (2)

Incident Detection Service (1)

Containment & Remediation

Service (2)

High Priority Crisis Mngment (3)

Incidents Reports (2)

Endpoints in Netbots check (4)

Level 1: Hunting (2)

Level 2: Proactive Hunting (2)

Level 3: Past or dormant

attackers (2)

Identification Compromised

Systems (2)

Security health check (Search

IoC at the endpoints and

network) (2)

Detailed Forensic Analysis (2)

ATTACK SURFACE

REDUCTION

Endpoint Attack Surface

reduction Program (2)

Network Attack Surface

reduction Program (3)

Training Threat Intelligence (2)

Early alerts new incidents (3)

360º Advanced

MSS

1. Advanced Managed Security Services

Anti-Ransomware Warranty (2)

Anti-APT Service (2)

Managed SIEM: HTTP, SSL, DNS, Endpoints (3)

Virtual CISO (3)

* Mix of services from some MSSP and MDR in USA and Europe. It is not intended to be an exhaustive list

Advanced Managed Services Portfolio (1/2)*

LEGENDA(1) Near zero cost for the provider. Covered with Panda Adaptive Defense and its services

(2) Low cost, as supported by Panda Adaptive Defense and services, augmented by Provider

(3) Panda Adaptive Defense helps in some parts of the service, along with other technologies. Having Panda

Adaptive Defense installed in the customer can help to promote cross-selling of the whole service

(4) Supported by partner with other technologies. Panda Adaptive Defense can help to promote the cross-sell

of the service

2. Other Advanced Services

ProductivityComplianceIT

Optimization

REGULATIONS PRODUCTIVITY ANALYSIS

GDPR compliance (3)

PCI compliance (3)

HIPAA compliance (3)

By Industry and Geo

Regulatory compliance (3)

IT OPTIMIZATION

IP Flow and Geo destination

profiling (2)

Bandwidth Usage Profiling (2)

Software licenses optimization

service (2)

Users and Devices activity Summary: normal

and outliers (2)

Ad hoc Users activity monitoring & Reports (2)

Applications behavior monitoring & reports (2)

Inventory & network mapping (3)

Web categorization & Reputations (2)

Other Global

Advanced

Service

Virtual GDPO (3)

Employee education on best practices (3)

* Mix of services from some MSSP and MDR in USA and Europe. It is not intended to be an exhaustive list

LEGENDA(1) Near zero cost for the provider. Covered with Panda Adaptive Defense and its services

(2) Low cost, as supported by Panda Adaptive Defense and services, augmented by Provider

(3) Panda Adaptive Defense helps in some parts of the service, along with other technologies. Having Adaptive

Defense installed in the customer can help to promote cross-selling of the whole service

(4) Supported by partner with other technologies. Panda Adaptive Defense can help to promote the service

Advanced Managed Services Portfolio (2/2)*

Panda Adaptive Defense 360 vsGartner’s Adaptive Security Architecture

Predict

Respond Detect

PreventProactive

Exposure Assessment

Predict Attacks

Baseline

Systems

Remediate/

Make Change

Design/

Model Change

Investigate/

Forensics

Contain Incidents

Harden and

Isolate Systems

Divert Attackers

Prevent Incidents

Detect Incidents

Confirm

and Prioritize ProductPanda Adaptive Defense Managed Service

From Managed Security Services to the next evolution of CyberSoc Services

Adaptive Defense 360 and Advanced Managed Security Servicesvs Gartner’s Adaptive Security Architecture

Predict

Respond Detect malware & threats

Assessment – SecOps - Prevent

Proactive

Exposure Assessment

Predict Attacks

Baseline

Systems

Remediate/

Make Change

Design/

Model Change

Investigate/

Forensics

Contain Incidents

Harden and

Isolate Systems

Divert Attackers

Prevent Incidents

Detect Incidents

Confirm

and Prioritize

Threat

Intelligence

AD360

ART

DC

Endpoints Security Audit

Endpoints Vulnerability Assessment

Executive Breach Simulation

Network Vulnerability Assessment

Penetration Testing - Ethical Hacking

Deployment & Configuration Service

Endpoints health monitoring and management

Incidents and attacks real-time notifications and

weekly/monthly reports

FW & IDS/IPS from perimeter to the Endpoints

Deception and attacks analysis

Endpoints Patch Management

Network Patch Management

Full Security Incident Prevention Service (100% Attestation

Service)

Early blocked item classification

Advanced Managed Security Services

Panda Adaptive Defense 360Panda Adaptive Defense Managed Service

MSSP’s Managed Services

Security Incidents Detection Service –

Level 1: Hackers and Insiders Hunting with known/validated IoAs/IoCs

Level 2: Proactive Hunting based on customer Profiling (new IoAs/IoCs)

Level 3: Finding Past or Dormant attackers (new IoAs/IoCs - retrospective

analysis for events)

Security Incidents Containment and Remediation Service

High Priority Security Incidents: Crisis leadership for

Containment, Remediation & Business Recovery

Security Incidents operative and executive reports

Identification of compromised Subsystems and Endpoints by

hacker/Insider

Remote Security health check of discovered IoCs/IoAs

Complete Forensic Analysis. Operational and Executive

reports and timelines

• Reactive and proactive Endpoint ASR program

• Reactive and proactive Network ASR program

• Training Threat Intelligence to Internal SoCs (TTP)

• Early alerts of incidents in the same Industry and/or generic

security Incidents

Anti-Ransomware Warranty

Anti-Advanced Persistence threats service

Managed SIEM: HTTP, SSL, DNS and Endpoints

correlations. On-premise SIEM or Cloud (Panda Data

Analytics)

Virtual CISO

Virtual GPO

360 Advanced Service

Advanced Managed Security Services

Advanced Managed Security Services

Advanced Managed Security Services

From Managed Security Services to the next evolution of CyberSoc Services

Data Analytic helps Security posture

A complete view across

organizations

From Managed Security Services to the next evolution of CyberSoc Services

The Evolution of the Cyber Attacks

The Evolution of the Cyber Attacks

The Evolution of the Cyber Attacks

Product Training

• Product Certifications

• Access to Panda Security

eCampus

• Technical training by Panda

Security Support team (product, tools, threat Intel, etc)

• Preferential access to product

beta versions

• Joint development projects

Joint Events &

conferences

Panda blog &

Social Media

Webinars &

Dedicated Events

Joint Case

Studies

Word of Mouth

Press releases

announcements

Social Media

Quarterly

Breakfasts &

meeting with

prospects

Cobranded

Marketing

Material

Marketing

CustomerRetention

Bra

nd

Aw

are

ne

ss

Ma

rke

tSh

are

s

NewCustomers

• Panda Partner Account Manager assigned to support the MSSP.

• Pre-sale Panda technician available to support the first sales activities.

• Access to our Corporate Intranet for Integrators.

• Access to Panda opportunities/ leads.

• Opportunities registration Portal

• Joint Marketing and Sales activities planning schedule to fulfil strategy and annual sales targets.

Panda Security Commitment

Dedicated teams:

Support and sales

From Managed Security Services to the next evolution of CyberSoc Services

pandasecurity.com

Thank you.