Managing Your Managed Security Service Provider Stephen

June 13, 2024

25 Less than a minute

10 Slides3.58 MB

Save Document

Managing Your Managed Security Service Provider Stephen Seljan, General Dynamics Fidelis Improving Your Security Posture June 24, 2014 1

Overview Introduction SOC Analyst Expectations Event Analysis Event Tuning Device Logging Negative vs. Positive Filters Conclusion & Questions

Critical Questions Does your MSSP know your critical infrastructure? Does your MSSP know what alerts are important to you? Does your MSSP know what you are vulnerable to? Do you work with your MSSP to tune alerts on a daily/weekly basis? Do you ensure all security devices and logs are reporting as they should be? Do you perform frequent review of old alerts

SOC Analyst Expectations SOC Analyst Expectations

Event Analysis (or the lack of)

Device Logging

Device Trending

Positive vs. Negative Filters

Event Review Why an Event Review? Because you don’t know what you don’t know until you know it Takes an average of 225 days to detect APTs Days, weeks, even months for AV to detect new Malware New indicators of compromise released everyday New rules pushed daily to IDS/IPS systems Poorly written filters

Conclusion & Questions

June 13, 2024

25 Less than a minute

Related Articles

Designing & Delivering Whole-Person Transitional Care The Hospital

Business Management Curriculum Module 3: Introduction to Budgets and

Measures of Progress Membership Engagement Kim McMahon Director

® FAFSA NIGHTS Free Application for Federal Student Aid Parent

Early-warning Indicators, Supervisory Intervention and

Paper 2: Answers