GET ON THE FRONT FOOT
Transcript of GET ON THE FRONT FOOT
ARTICLE
MANAGED SECURITY SERVICESa
JOIN THE WINNING TEAM
GET ON THE FRONT FOOTWITH FUTURE-PROOFING YOUR CYBER SECURITY
ADAPTINGTO A NEW CYBER ENVIRONMENT
In today’s business environment, organisations are becoming digital by default. Almost every
department is using cloud-based solutions so now the IT security challenge lies in gaining a
company-wide perspective on potential vulnerabilities.
Loose security in just one business department can have
repercussions for the entire organisation, resulting in IT’s
responsibilities being stretched to the limit. As the scope and
sophistication of cyber attacks evolves, businesses must be able to
act fast. Rapid response relies on collecting and making sense of
intelligence from across all systems and applications, no matter what
function is using them.
Adapting to a new cyber environment
A lot of IT managers fear that a major incident will occur on their
watch. Even if the breach is outside of their supervision, they know it’s
their team that must lead the incident response and ultimately have to
explain the situation to the board.
As new services and solutions are adopted, it’s becoming less feasible
for a single department to bear the responsibility for monitoring all IT
usage. While existing security tools will likely pick up the more overt
threats, such as malware or ransomware, it’s often the subtler threats
like a breach of personal or financial data that can have the biggest
impact. It could be the case that IT only finds out about a data or IP
breach once it’s in the public domain. This poses not only reputational
risks, but could also have serious legal ramifications, especially with
the GDPR now in force.
There’s compelling evidence that IT departments typically don’t
feel well enough equipped to guard their IT estate round-the-clock.
Research from EY1 found that 75% of IT security professionals rate the
maturity of their vulnerability identification as very low to moderate.
48% didn’t have a security operations centre (SOC) in place, and
only 12% felt confident in their ability to detect a sophisticated cyber
attack. Gaining the breadth and depth of insight to effectively secure
the organisation is not simply a technology issue, but part of a larger
resource issue many organisations are facing.¹Cybersecurity regained: preparing to face cyber attacks Report by EY
ARTICLE
MANAGED SECURITY SERVICES
PAGE 02
aa
“It’s often the subtler threats like a
breach of personal or financial data
that can have the biggest impact.”
Dealing with internal challenges
Ideally, IT managers would be able to take a longer-term perspective
on their organisation’s security. It’s well acknowledged that IT is
fundamental to the future of the organisation, so being able to look
strategically at how security can grow in sync with the business’
ambitions over the next two to three years is vitally important. In reality,
pressing day-to-day demands usually take central focus, making
forward planning a luxury most IT managers don’t have.
Maintaining robust IT security is far from a static task. For many compa-
nies, even if there’s consensus on the importance of security, they
still lack sufficient internal security skills and experience. Investing in
the latest security products alone just isn’t enough. These products
are often complex so training is required to operate them effectively.
Furthermore, the pace at which the security landscape is evolving
places an informational strain on IT managers. They have to keep up
with security developments and undergo training on how to deal with
new threats, while still maintaining day-to-day IT responsibilities.
The fight for sufficient budget to cover security initiatives also presents
a challenge. Budget holders often don’t fully appreciate the risk until
the threat is real, therefore getting sign off on the funds to fulfil all
internal technological and personnel needs may not be easy. This
often means that the IT department finds itself overextended trying
to cover all bases.
Embracing infrastructure change
For many IT teams, the process of developing a future-proof security
strategy is taking place against a backdrop of infrastructure changes.
In the past, IT security considerations have largely been confined to
on-premises data centres protected by well-fortified firewalls. As
more organisations move at pace towards hybrid and multi-cloud
environments, which bring a new set of data management challenges,
their entire approach towards data security must be re-evaluated.
To address this change, IT security must be viewed as a holistic
concept so it can effectively integrate evolving infrastructure with
the latest security products. Our partner NetApp does this with Data
Fabric2, an architecture and set of data services that integrates data
management across cloud and on-premises environments. These
services allow for enhanced visibility, access, control, protection and
security of all the organisation’s data, wherever it may reside.² https://www.netapp.com/us/info/what-is-data-fabric.aspx
A 360-degree threat perspective
To reinforce the company’s ability to identify and act on a potential
cyber attack, IT needs to gain a comprehensive and integrated view
of their threat intelligence. This begins by acknowledging that IT
security is a 24/7 job. Hackers want to catch companies who are on
the backfoot but many organisations simply don’t have the IT resource
available to look through logs and detect abnormalities day and night.
Companies are generally doing well at protecting their assets when it
comes to basics such as firewalls, anti-virus scanning and intelligence
products. The issue is that these products operate as islands - they
don’t ‘talk’ to each other or bring all intelligence into a place where it
paints a full picture of the organisation’s security landscape.
The human element is crucial for integrating solutions and turning intel
into insight. Attack patterns may not be obvious, and so businesses
need to have people who can combine different log systems to
identify patterns and detect threats. Doing this requires extensive
experience and skills which are impossible to acquire overnight.
75%48%
12%
of IT security professionals rate thematurity of their vulnerability
identification as very low to moderate.
of IT security professionalsdoesn’t have a security operations
centre (SOC) in place.
of IT security professionals felt confident in their ability to detect a
sophisticated cyber attack. Bas
ed
on
re
sear
ch f
rom
EY
PAGE 03
ARTICLE
MANAGED SECURITY SERVICES
PAGE 04
aa
“With Proact you have instant access
to a 24/7 virtual security team to
enhance your internal capabilities.”
PAGE 05
The strategic value of managed services
Introducing managed services provides you with an enhanced level of resource with which to reinforce
your security approach. Working with a partner like Proact, you can have instant access to a 24/7 virtual
security team to enhance your internal capabilities. Our managed security services give you the instant
benefit of our vast experience in business and cyber security. Assembling the right team of experts and
implementing premium technology could take a typical IT department several years. With Proact, our
team of security experts is already in place, meaning your security operations can get up-and-running
immediately. By presenting the cost savings of a managed services approach, our customers typically
find it easier to secure funding from senior stakeholders. You can take advantage of our scale and will
avoid the risks associated with investing a lot of money to build your own solution that wouldn’t see a
positive ROI for years. Plus we can design and build services and solutions for you, which means you
can spend your time concentrating on business-critical projects.
vSOC advantage
Becoming a Proact partner gives you the opportunity to benefit from
our vSOC service, which adds a protective layer to your organisation’s
defences. We work closely with your in-house team to detect things
you normally wouldn’t pick up in your own environment. Based on
years of experience, our team can identify potential issues - maybe
there’s no obvious threat picked up in logs, but abnormal patterns or
activity suggest something that needs addressed.
Our team identifies threats and helps you build your response. We
can show you which assets are being attacked and what actions you
need to take, helping you stay alert to threats regardless of where and
when they emerge.
To future-proof your business, it’s important to realise that you can’t
do everything alone. Working together, we can offer the skills and
expertise to take your security approach to the next level, providing
you with all the support you need to get on the front-foot and address
vulnerabilities proactively.
“Assembling the right team of
experts and implementing premium
technology could take a typical IT
department several years.”
DELIVERING BUSINESS AGILITY SINCE 1994
MORE ABOUT PROACT
CONTACT US
Follow us on social media
c
Proact is Europe’s leading independent data centre and cloud
services provider. By delivering flexible, accessible and secure IT
solutions and services, we help companies and authorities reduce
risk and costs, whilst increasing agility, productivity and efficiency.
We’ve completed over 5,000 successful projects around the world,
have more than 3,500 customers and currently manage in excess
of 100 petabytes of information in the cloud. We employ over 800
people in 15 countries across Europe and North America. Founded
in 1994, our parent company, Proact IT Group AB (publ), was listed
on Nasdaq Stockholm in 1999 (under the symbol PACT).
Proact IT
PO Box 1205
SE-164 28 Kista
Sweden
Telephone +46 8 410 666 00
Email [email protected]
For further information about Proact’s activities please visit us at
www.proact.eu