What are Managed Security Services? A systematic approach to managing an organization’s security needs. Functions include round-the-clock monitoring and management of intrusion detection systems and firewalls, overseeing patch management and upgrades, performing security assessments and security audits, and responding to emergencies.

Typical Profile• Single site or distributed IT assets on-perm or in clouds

• Multi-vendor disparate tech deployed

• Lack cyber security staff with time to monitor/react to events

Customer’s Options for Event Log Monitoring

• DIY - buy a SIEM tool. Undertake a design, install, and developed project planning. Hire skilled staff. Build processes

• Get help from experts (MSS) for all or some of the burdens

MSSP Benefits• Faster time to protection and easier to meet compliance mandates

• More cost effective and consistent predictable linear costs (and OPEX vs CAPEX purchase)

Why Foresite• Vendor agnostic

• Simple fixed device-based pricing, regardless of log value, number of events, number of tickets created or FW change requests carries out

• Dedicated TAM and account reviews to extract maximum value

• Co-management service option

• Are you monitoring and storing logs from firewalls? (Why? How? 24/7? Or Why not? Do you know how valuable it is?) What about other assets that contain company data, like servers?

• Given that threats are persistent and non-discriminative, if it’s 3am - how would you find out if a breach is imminent? What would you do next if you were breached or had a cyber incident? How are incidents of compromise being spotted today?

Quoting Questions1. Make/model of the infrastructure

2. Service level (monitor/managed)

3. Single/HA

4. Quantity

5. Term (1, 3 or 5 years)

Demo - sells it!We can run through ‘A Day in the Life of an Incident’ showing the entire process from trigger through to identification and remediation

Common Challenges • How to keep a pace with the vast, persistent non-discriminative threats

• Compliance requirements being increasingly enforced

• Cyber skills needs shortage

• 24/7 vigilance is a tough and costly endeavor

• Spend more wisely on security

What is the Value of Log Monitoring?The most accurate way to detect network anomalies, data breach attempt, and track network intruders is proactively monitoring event log data across your security devices and business critical assets

Whether You are Considering SIEM or You Have SIEM, You Should Know That:1. SIEM projects have common pitfalls: SIEM requires detailed project planning. Any failure in planning will produce thousands of events and false positives (”noise”) which valuable resources have to spend time wading through, treating as legitimate threats. a. Define threat detection priorities upfront, what to monitor, what threat intelligence feeds you need, and identify the key data source that need to be fed to the SIEM tool; making sure you don’t over-simplify or lack sufficient context. Failure to feed a key data source into a SIEM product, for example - monitoring authentication failures without integrating AD, means a SIEM tool will be unable to produce the required alert. b. Build and use cases gradually. If you throw all sources at your disposal at the SIEM tool, the tuning and optimization will be a nightmare, even for competent staff. SIEM tools do not have business rules out of the box - you have to write, build, and tune them.

2. Hard to acquire the operational skilled resources 24/7 to run SIEM: SIEM solution don’t run themselves, even with automation. Having a SIEM tool adds to the cost of managing your security infrastructure due to staff needs, which go beyond simple administration level. After rolling out SIEM, the technology typically requires a minimum of two full-time, skilled employees for 24/7/365 operational over for proactive security threat management (i.e. 2 x £90,000). Acquiring the skilled resources can be a tough endeavor, especially with the publicised cyber security skill shortage.

3. Unexpected Costs and Delayed Protection: SIEM costs can rise unexpectedly due to implementation, resources to operationalize and manage SIEM and SIEM’s billing model. These often cost as much as the solution cost! Implementation can be complex, requiring infrastructure upgrades or developers, delaying production and protection.