Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
pandasecurity.com
From Managed Security Services to the
next evolution of CyberSoc Services
Gianluca Busco ArréCountry Manager
MSSP / MDRWhere the Industry is going… leaders and laggers
From Managed Security Services to the next evolution of CyberSoc Services
MDRs: trends and differentiators
E2020, MDR services Growth: +45% CAGR.MDR Growth
Threats and security solutions continue to evolve.
Threats More attacks exploiting administrative tools. Greater difficulty to detect them.
Security Solutions Greater visibility, especially in Endpoint (EDR)
Customers They demand detection and response in real time of threats that reach the endpoint.
Lack of SKILLED people, processes and technologies. Demand MORE and BETTER
SERVICES
FACTORS
PROJECTIONS* By 2020, 15% of organizations will consume MDR
(Vs. 1% now).
By 2020, 80% of MSSPs will offer MDR services.
* Gartner: Market Guide for Managed Detection and Response Services
From Managed Security Services to the next evolution of CyberSoc Services
Typical MSSP approach
Prevention of known malware. Detection gap
Generator of consummated incident alerts without context
The only possible answer is disinfection
Medium prevention. Zero detection - High Cost
REAL APPROACH
Internet security, perimeter and network devices:
Firewall, IDS/IPS, UTMs, Gateways, Web filtering
VPN, routers, switches
DDoS
Network vulnerability analysis
Endpoint Security:
“Blind” security
Known threats Prevention: EPP/AV
Regulatory Compliance
CLAIM
From Managed Security Services to the next evolution of CyberSoc Services
Typical MDR approach
Detection of threats that have bypassed other controls
No alerts to the client. Response as soon as possible
Forensic Analysis Reduction of attack surface (ASR) to prevent future attacks
No Prevention. High Detection and Response – High Cost
REAL APPROACH
Security based on Visibility capabilities (Telemetry) that enables the response:
NTA (Network Traffic Analysis)
EDR (Endpoint Detection and response)
Deception
Big-Data Platforms, Advanced Analytics. Alternatively SIEM integration and analysis
CLAIM
From Managed Security Services to the next evolution of CyberSoc Services
The Model.
MDRsForensic Cosole
Data Analytics Platform
Advanced Reporting Tool
GDPR Data Control
LogTrust
EDR – Endpoint Detection and Resposne
Platform, Solutions
and Services for
MSSP and MDRs
"…a cynical [but perhaps no less astute!] reader may quip
that “an MDR is simply an MSSP that knows how to
detect actual threats and not just to monkey around with
compliance.”
"…it seems to us that over the next 1-2 years, MDR will
become simply a type of an MSSP service type that
focuses on detection excellence and remote incident
response…»
*Garther MDRs definition:
https://www.gartner.com/document/3733918
From Managed Security Services to the next evolution of CyberSoc Services
REAL APPROACH
CLAIM
Services on top of Panda Managed Services:
100% Attestation Service.
Threat hunting and Investigation
Extended by the Security Services Provider
Endpoint Visibility
RESULT: Very high Prevention. Very High Early Detection and Response – Lowest TCO for the Customer
• Endpoint security
• Internet, perimeter and network devices security
• SIEM Internet, perimeter, network and endpoint
• Compliance, IT Optimization, Productivity
Enablement of MSS and MDR leads by Panda Security
From Managed Security Services to the next evolution of CyberSoc Services
SECURITY
ASSESSMENT
SECURITY
OPERATIONS
THREAT HUNTING
THREAT
INTELLIGENCE
Deploym. & Configuration (2)
Endpoint protection health (2)
Alerts & Reports (2)
Cross Network-Endpoint FW &
IPS/IDS management (3)
Deception tecniques (4)
Endpoint Patch management (4)
Network Patch management (4)
1 2 3
Endpoint Audit (2)
Ep Vulnerability Assessment (3)
Executive breach Simulation (3)
Network Vulner. Assessment (4)
PenTest (4)
3
DETECTION & RESPONSE
PREVENTION
INVESTIGATION
4
Threat Hunting &
Investigation
ASR &
Threat Intel.
Assessment
SecOpsPrevent,
Detect and Response
Incident Prevention Service (1)
Blocked Items early classif (2)
Incident Detection Service (1)
Containment & Remediation
Service (2)
High Priority Crisis Mngment (3)
Incidents Reports (2)
Endpoints in Netbots check (4)
Level 1: Hunting (2)
Level 2: Proactive Hunting (2)
Level 3: Past or dormant
attackers (2)
Identification Compromised
Systems (2)
Security health check (Search
IoC at the endpoints and
network) (2)
Detailed Forensic Analysis (2)
ATTACK SURFACE
REDUCTION
Endpoint Attack Surface
reduction Program (2)
Network Attack Surface
reduction Program (3)
Training Threat Intelligence (2)
Early alerts new incidents (3)
360º Advanced
MSS
1. Advanced Managed Security Services
Anti-Ransomware Warranty (2)
Anti-APT Service (2)
Managed SIEM: HTTP, SSL, DNS, Endpoints (3)
Virtual CISO (3)
* Mix of services from some MSSP and MDR in USA and Europe. It is not intended to be an exhaustive list
Advanced Managed Services Portfolio (1/2)*
LEGENDA(1) Near zero cost for the provider. Covered with Panda Adaptive Defense and its services
(2) Low cost, as supported by Panda Adaptive Defense and services, augmented by Provider
(3) Panda Adaptive Defense helps in some parts of the service, along with other technologies. Having Panda
Adaptive Defense installed in the customer can help to promote cross-selling of the whole service
(4) Supported by partner with other technologies. Panda Adaptive Defense can help to promote the cross-sell
of the service
2. Other Advanced Services
ProductivityComplianceIT
Optimization
REGULATIONS PRODUCTIVITY ANALYSIS
GDPR compliance (3)
PCI compliance (3)
HIPAA compliance (3)
By Industry and Geo
Regulatory compliance (3)
IT OPTIMIZATION
IP Flow and Geo destination
profiling (2)
Bandwidth Usage Profiling (2)
Software licenses optimization
service (2)
Users and Devices activity Summary: normal
and outliers (2)
Ad hoc Users activity monitoring & Reports (2)
Applications behavior monitoring & reports (2)
Inventory & network mapping (3)
Web categorization & Reputations (2)
Other Global
Advanced
Service
Virtual GDPO (3)
Employee education on best practices (3)
* Mix of services from some MSSP and MDR in USA and Europe. It is not intended to be an exhaustive list
LEGENDA(1) Near zero cost for the provider. Covered with Panda Adaptive Defense and its services
(2) Low cost, as supported by Panda Adaptive Defense and services, augmented by Provider
(3) Panda Adaptive Defense helps in some parts of the service, along with other technologies. Having Adaptive
Defense installed in the customer can help to promote cross-selling of the whole service
(4) Supported by partner with other technologies. Panda Adaptive Defense can help to promote the service
Advanced Managed Services Portfolio (2/2)*
Panda Adaptive Defense 360 vsGartner’s Adaptive Security Architecture
Predict
Respond Detect
PreventProactive
Exposure Assessment
Predict Attacks
Baseline
Systems
Remediate/
Make Change
Design/
Model Change
Investigate/
Forensics
Contain Incidents
Harden and
Isolate Systems
Divert Attackers
Prevent Incidents
Detect Incidents
Confirm
and Prioritize ProductPanda Adaptive Defense Managed Service
From Managed Security Services to the next evolution of CyberSoc Services
Adaptive Defense 360 and Advanced Managed Security Servicesvs Gartner’s Adaptive Security Architecture
Predict
Respond Detect malware & threats
Assessment – SecOps - Prevent
Proactive
Exposure Assessment
Predict Attacks
Baseline
Systems
Remediate/
Make Change
Design/
Model Change
Investigate/
Forensics
Contain Incidents
Harden and
Isolate Systems
Divert Attackers
Prevent Incidents
Detect Incidents
Confirm
and Prioritize
Threat
Intelligence
AD360
ART
DC
Endpoints Security Audit
Endpoints Vulnerability Assessment
Executive Breach Simulation
Network Vulnerability Assessment
Penetration Testing - Ethical Hacking
Deployment & Configuration Service
Endpoints health monitoring and management
Incidents and attacks real-time notifications and
weekly/monthly reports
FW & IDS/IPS from perimeter to the Endpoints
Deception and attacks analysis
Endpoints Patch Management
Network Patch Management
Full Security Incident Prevention Service (100% Attestation
Service)
Early blocked item classification
Advanced Managed Security Services
Panda Adaptive Defense 360Panda Adaptive Defense Managed Service
MSSP’s Managed Services
Security Incidents Detection Service –
Level 1: Hackers and Insiders Hunting with known/validated IoAs/IoCs
Level 2: Proactive Hunting based on customer Profiling (new IoAs/IoCs)
Level 3: Finding Past or Dormant attackers (new IoAs/IoCs - retrospective
analysis for events)
Security Incidents Containment and Remediation Service
High Priority Security Incidents: Crisis leadership for
Containment, Remediation & Business Recovery
Security Incidents operative and executive reports
Identification of compromised Subsystems and Endpoints by
hacker/Insider
Remote Security health check of discovered IoCs/IoAs
Complete Forensic Analysis. Operational and Executive
reports and timelines
• Reactive and proactive Endpoint ASR program
• Reactive and proactive Network ASR program
• Training Threat Intelligence to Internal SoCs (TTP)
• Early alerts of incidents in the same Industry and/or generic
security Incidents
Anti-Ransomware Warranty
Anti-Advanced Persistence threats service
Managed SIEM: HTTP, SSL, DNS and Endpoints
correlations. On-premise SIEM or Cloud (Panda Data
Analytics)
Virtual CISO
Virtual GPO
360 Advanced Service
Advanced Managed Security Services
Advanced Managed Security Services
Advanced Managed Security Services
From Managed Security Services to the next evolution of CyberSoc Services
Data Analytic helps Security posture
A complete view across
organizations
From Managed Security Services to the next evolution of CyberSoc Services
Product Training
• Product Certifications
• Access to Panda Security
eCampus
• Technical training by Panda
Security Support team (product, tools, threat Intel, etc)
• Preferential access to product
beta versions
• Joint development projects
Joint Events &
conferences
Panda blog &
Social Media
Webinars &
Dedicated Events
Joint Case
Studies
Word of Mouth
Press releases
announcements
Social Media
Quarterly
Breakfasts &
meeting with
prospects
Cobranded
Marketing
Material
Marketing
CustomerRetention
Bra
nd
Aw
are
ne
ss
Ma
rke
tSh
are
s
NewCustomers
• Panda Partner Account Manager assigned to support the MSSP.
• Pre-sale Panda technician available to support the first sales activities.
• Access to our Corporate Intranet for Integrators.
• Access to Panda opportunities/ leads.
• Opportunities registration Portal
• Joint Marketing and Sales activities planning schedule to fulfil strategy and annual sales targets.
Panda Security Commitment
Dedicated teams:
Support and sales
From Managed Security Services to the next evolution of CyberSoc Services