Connect with us

Expert Speak

MSSP Checklist: Tips for Achieving Success



Written by Jonathan Nguyen-Duy, Vice President, Global Field CISO at Fortinet

Complicated IT environments and expanding network edges create new cybersecurity risks. In response to the evolving threat landscape, more companies have turned to managed security service providers (MSSPs) who can provide access to hard to find security expertise and the latest technology. To position themselves competitively in a crowded market, MSSPs must offer the right combination of services, around-the-clock protection as well as, cost effective solutions that deliver better risk management and compliance. It’s a two-fold challenge that requires speed and scale in detection and response for more competitive value propositions.

Managed Security Provider (MSSP) Success Checklist
Creating a successful service offering means understanding customers’ security and business objectives. To help customers achieve these goals, an MSSP must establish a robust set of offerings that offer access to the latest technologies and security expertise at a price point that makes sense.

Actionable Alerts
Most customers begin their evaluation process by reviewing an MSSP’s solutions. Information overload and alert fatigue is a common problem facing security teams so the ability to address security monitoring is a key requirement.  Without high-fidelity alerts that correlate events effectively, security teams find themselves spending too much time investigating false alerts.

To help address these problems, MSSPs must provide customers with aggregated alerts enriched with context that reduce false positives, while also helping to define, guide, and accelerate investigations. MSSPs who can enable prioritization based on severity levels with technology that streamlines task assignments and automate response can differentiate themselves from other providers.

Advanced Threat Detection
In addition to alerts, advanced threat detection is also tied to the MSSP’s ability to incorporate advanced threat intelligence into its offering. With threat actors continually improving their tactics, techniques and procedures customers want a provider with real-time access to robust threat intelligence that can quickly detect attacks at machine speed. While many customers may already subscribe to threat intelligence feeds, disaggregated information across a fragmented security architecture actually creates security gaps and increases key metrics like mean times to detect and respond.

MSSPs need to support actionable alerts with high-quality threat intelligence. When combining the two in a single pane of glass, an MSSP can help customers respond to zero-day attacks, other emerging threats, as well as variations of known attacks more rapidly, and thereby reduce the likelihood of a data breach.

SOC Services
MSSPs offer more than just access to the latest technologies. Customers also turn to their providers for services, including talking to experienced people who can guide them through the incident response process. The cybersecurity talent gap leaves many companies struggling to find the right staffing to protect their systems, network, and data. Often, customers turn to an MSSP to act as their security operations center (SOC) or support their current team.

With this in mind, MSSPs must deliver a range of services from their own SOC, specifically those that can be offered at particular service levels or tailored to individual customer needs. By delivering a fully managed or co-managed SOC service, MSSPs can fill the talent gap by providing the human resources customers need, not just the technology and tools.

Automated Response
Some customers may have SOC teams that need augmentation because they are bogged down by manual, inefficient, error-prone, and time-consuming steps. These customers need automation so that their teams can effectively filter repetitive tasks and focus on more critical issues.

MSSPs that offer automated response capabilities can address higher-level requirements to address a larger market with more advanced requirements.  By offering Security Orchestration, Automation and Response (SOAR) with updated playbooks, MSSPs can offer highly differentiated services featuring enhanced detection and accelerated incident investigation and response.

Visibility and SIEM Access
Today, nearly every customer has a complex environment, regardless of company size. Most customers have multiple-point products that create gaps in visibility and control. To gain that visibility, many work with an MSSP who can cost-effectively provide them with a cohesive Security Information and Event Management (SIEM) solution.

One of the keys to SIEM effectiveness is the ability to ingest large volumes of data from a wide arrange of vendor products.  The ability to provide centralized management and customization options using API integrations is one-way MSSPs can distinguish themselves within the market. In addition, MSSPs should consider services like granular reporting with event management that highlights important activity and alerts – providing a cost-effective alternative to traditional in-house SIEM deployments.

Flexible Deployment
Many organizations are implementing digital transformation and research consistently shows that security is the primary concern.  Cloud adoption, distributed computing, remote working, complexity, and increasing threats are key challenges driving customers to seek MSSPs with flexible solutions.

Most customers want their MSSP to be their “one-stop shop” for managing cyber risk and compliance. To differentiate themselves, MSSPs need to offer customizable solutions with flexible technology in the form of appliances, virtual machines, or cloud-delivered services along with pay-as-you-go options that allow customers to onboard new solutions quickly and efficiently as their needs change. To do this, MSSPs need to offer on-demand services with extensive self-service catalogs – especially incident response and reporting.

The Business Benefits of Choosing & Working with an MSSP
Beyond providing the right services and technologies, MSSPs must also demonstrate their business value. Many customers recognize their security problems but cannot articulate where the MSSP fits into solving them. To demonstrate the vital role they can play in securing customer networks and enabling the business, MSSPs should consider offering the following:

Specialized Skills and Services
For most customers, gaining access to the skills and services that help them solve their unique security issues poses a significant challenge. While no two customer requirements are the same, all organizations are seeking cost-effective ways to access scarce security skills and services.

MSSPs should focus on platform scalability that allows efficient customer focus without the cost of dedicated staffing. MSSPs need flexible solutions that evolve with customer needs.  In some cases, a customer may want a comprehensive technology and services package that gives them an entire team and all capabilities. In other cases, the customer may just be building out a SOC and looking to grow over time. Being able to meet customers where they are now, as they are now, and evolve with them is key to helping them understand the value.

24/7 Service
Threat actors can attack at any time of day, often outside of traditional work hours. Even companies with a SOC may not be able to have someone on-call every day, all day. MSSPs can provide that co-managed service for companies without a dedicated SOC or augment the current SOC to address these outside-of-business times.

Rapid Response
Our networks and systems are more interconnected than ever before, so the sooner a company can respond to a threat, the less damage that threat can cause. With automated response capabilities, customers can reduce response time to ensure a reduction in potential damage. Manual processes are no longer adequate as they can take anywhere from four to fifteen hours, but automated response technologies can reduce that to twenty minutes or less. Incident response is all about automation for speed and scale.

Lower Total Cost of Ownership
Building a SOC, deploying SIEM, tools and hiring the staff can be cost-prohibitive.  Accelerating business requirements and cost concerns means companies are seeking alternatives to tradition build and operate approaches.  The shared services model offered by MSSPs is an increasingly attractive model that provides accelerated time-to-service along with better risk management and compliance than traditional in-house solutions.  MSSPs offer a predictable, demonstrated cost model that provides better value for risk management and business outcomes.  Aligning operational metrics to customer business outcomes is a key differentiator.

Final Thoughts
Customization and scalability go hand-in-hand when building out solutions. Services are just as important as technologies; part of providing a solution is delivering value through the right technologies that solve the right problems, at right price. Providing access to technology, expertise and services is the foundational value of MSSPs.  By keeping this top of mind, MSSPs should focus on a platform approach that allows highly customizable, scalable solutions with a TCO that unlocks value and growth.

Cyber Security

New Hacktivism Model Trends Worldwide



Check Point Research (CPR) outlines a new model of hacktivism now trending worldwide. Five characteristics mark today’s form of hacktivism, according to researchers: political ideology, leadership hierarchy, formal recruiting, advanced tools, and public relations. CPR gives the hacktivist group Killnet an example of the latest model, detailing its attacks by country and attack timeline. CPR warns that hacktivism that originates in conflict-related geographies has the potential to scale worldwide.

  • Before, hacktivism was mostly focused on a few individuals carrying small-scale DDoS and defacement attacks
  • Now, hacktivism is better organized, structured, and sophisticated
  • CPR believes the new model of hacktivism began in conflict areas in the Middle East and Eastern Europe and proliferated to other areas during 2022

Check Point Research outlines a new model of hacktivism now trending worldwide. The hacktivism of the new model is better organized, structured and sophisticated, compared to the past. Hacktivist groups no longer consist of a few random individuals who carry out small DDoS or defacement attacks on low-tier websites. These are coordinated organizations with distinct characteristics previously unseen.

Key Characteristics:

  • Consistent political ideology (manifestos and/or sets of rules)
  • Hierarchy of leadership (Smaller groups relay attack orders to “commanders)
  • Formal recruitment process (Based on minimum requirements)
  • Tools that the groups provide to their members (Advanced tools for notoriety)
  • Robust public relations functions (Presences on major websites)

Why now?
CPR suspects the shift in the hacktivism model began roughly two years ago, with several hacktivist groups like Hackers of Savior, Black Shadow, and Moses Staff that focused exclusively on attacking Israel. CPR believes the Russian-Ukrainian war has proliferated the new model of hacktivism significantly. For example, The IT Army of Ukraine was publicly mobilized by the Ukrainian government to attack Russia. The new hacktivism also saw groups that supported the Russian geopolitical narrative, with groups like Killnet, Xaknet, From Russia with Love (FRwL), NoName057(16), and more.

Case Study: Killnet, from East to West
In April of this year, the group completely shifted its focus to support Russian geopolitical interests all over the world. The group claimed to have executed more than 550 attacks, between late February and September. Only 45 of them were against Ukraine, less than 10% of the total number of attacks.

  1. March: the group executed a DDoS attack on Bradley International Airport in Connecticut (US)
  2. April: websites belonging to the Romanian Government, such as the Ministry of Defense, Border Police, National Railway Transport Company and a commercial bank, were rendered unreachable for several hours.
  3. May: massive DDOS attacks were executed against two major EU countries, Germany and Italy
  4. June: Two very significant waves of attacks were executed against Lithuania and Norway in response to severe geopolitical developments between those countries and Russia
  5. July: Killnet focused their efforts on Poland and caused several government websites to be unavailable.
  6. August: Cyber-attacks were deployed on Latvia, Estonia and USA institutions
  7. September: the group targeted Asia for the first time and focused its efforts on Japan, due to Japan’s support for Ukraine

Sergey Shykevich, Threat Intelligence Group Manager at Check Point Software, said, “Hacktivism now has a whole new meaning. Before, the term meant a few random folks launching small DDoS attacks. Hacktivism is no longer just about social groups with fluid agendas. Now, hacktivism is better organized, structured and more sophisticated. I believe everything changed within the past year, especially with the start of the Ukraine-Russia war.”

“There are some key characteristics that mark the new model of hacktivism, including a consistent political ideology, a clear hierarchy of leadership, formal recruiting processes, sophisticated tool set, and robust PR capabilities. Though the change began in specific conflict-related geographical regions, it has now spread west and even further. Major corporations and governments in Europe and the US are being heavily targeted by this emerging type of hacktivism. All this allows the new hacktivism groups to be mobilized to governmental narratives and achieve strategic and broad-based goals with higher success levels – and much wider public impact – than ever before,” he said.

Continue Reading

Expert Speak

The All-Seeing Eye: Why Data Privacy is More Important Than Ever



In this day and age, you’d be hard-pressed to find someone who can confidently say their data is completely secure. The sad truth is, very little of our personal data is safe from prying eyes, and this is something more and more people are becoming aware of.

For instance, you’ve probably had an experience where you looked something up on the internet and then got assaulted by targeted advertisements for the very thing you were looking up. How does this work, though?

The answer is cookies. These crumbs of data that are stored on your device are what enable websites to track your activity.

Initially, websites weren’t even required to inform you when installing cookies on your device. The landmark General Data Protection Regulation, passed by the EU and implemented in May 2018, made it mandatory for websites to be transparent about their data collection and purpose, resulting in those notifications you get asking you to accept or reject cookies when you go to a website.

Cookies, however, are just a drop in the ocean when talking about data privacy. The Universal Declaration of Human Rights, 1948, describes the right to privacy as a basic human right, but the truth is most big tech corporations simply don’t care. Their argument is that we’ve already consented to their data policies. But, let’s be honest here—no one really reads through license agreements, do they?

They’re extremely drawn out and use complicated legal and technical jargon, and this plays into the hands of these corporations. They also argue that no one is being compelled to use their software and that we can always use an alternative if we’re unhappy with their policies, but that’s a moot point. No one should be expected to forfeit their privacy to use a product.

The data collected about an individual’s browsing habits can also be used to create a profile for advertising purposes, but this leads to yet another issue—not a single company, including today’s big tech companies, can say its data is completely safe. Data breaches still happen and compromise the personal data of millions, yet most companies simply view these breaches as ordinary setbacks.

The good news is more people are talking about data privacy, and some have even deleted their social media accounts. Whether this will impact how big tech views and handles our personal data, however, remains to be seen.

We at ManageEngine take data privacy very seriously and have done so before it became fashionable, politically correct, or legally binding to take such a position. We ask for only the least amount of information necessary, gathering only what we believe is essential for doing business or for the specific transaction at hand. In fact, we completely disable non-essential and intrusive third-party cookies from all our websites and products. You can even disable all cookies completely to prevent your browser from sending us any information.

To learn more about our privacy policy, click here.

Continue Reading

Expert Speak

It’s Surprisingly Common for Criminals to Impersonate Your Brand and Customers Often Pay the Price



Written by Werno Gevers, Regional Director of Mimecast Middle East

Cybersecurity experts are urging companies in the Middle East to take bold steps to protect against online brand impersonation attacks that could trick customers and employees into sharing sensitive personal information – or even passwords and banking logins. Werno Gevers, cybersecurity expert at Mimecast, says cybercriminals are increasingly hijacking trusted brands to launch cyberattacks from lookalike web and email domains to increase their chances at successfully duping their victims – and many companies are not keeping pace.

“A lack of technology and appropriate security policies can leave the door open to criminals using trusted brands to trick customers, partners, suppliers and the brand’s employees,” says Gevers. “Deploying online brand protection tools can help companies identify and take down malicious websites impersonating their web and email domains before customers fall victim. This should be supported by a robust regime of frequent and ongoing cyber awareness training to equip every employee with the knowledge to spot and avoid risky behaviour.”

In a survey conducted by Mimecast in 2021, 75% of consumers in the Saudi Arabia and 78% of consumers in the UAE said they’d stop spending money with their favourite brand if they fell victim to a phishing attack involving that brand. Compared to a global average of 57%, this places the region’s consumers among the most unforgiving of all markets surveyed. More than 80% of consumers in the region also believe it is the brand’s responsibility to protect itself from email impersonation, with a similar percentage saying it is the brand’s responsibility to protect itself from fake versions of its website.

Despite the risks, Mimecast’s latest State of Email Security 2022 report found that as much as 42% of organisations in Saudi Arabia and 38% in UAE were only somewhat prepared – or not prepared at all – to deal with attacks that spoof their email domains. This potentially leaves the door open to threat actors subverting trusted brands to trick consumers or employees into divulging information that could later be used in sophisticated social engineering attacks, or even to breach organisational defences.

Gevers says employees that receive suspicious email communication on their work email address should report it to their security teams immediately. “Security teams can use this information to contain the threat and protect the rest of the organisation. Security teams have tools and technologies that can protect people outside the organisation too, which can help keep threats from spreading to the company’s customers and partners. It is essential that dangerous communication is reported to security teams, as it helps improve the organisation’s security and resilience against attack.”

According to Gevers, there are some tell-tale signs that the person you’re speaking to may be a scammer, including:

  1. Receiving unsolicited communication from someone or some company that you aren’t expecting
  2. Messages that contain unbelievable offers, spelling errors or a sense of urgency
  3. Mails sent from webmail accounts, for example
  4. Mails containing redirects to login pages that have suspiciously long URLs
  5. Being asked for PIN numbers or login details

“If you see one or more of the above signs, stop immediately and verify the request by contacting the organisation who is purportedly reaching out to you. Don’t rely on the number provided in the communication: if the email claims it’s from your bank, for example, rather phone the bank on their main number and check the validity of the communication. Don’t ever share your login details, don’t make payments with cryptocurrencies, and don’t click on links unless you know they can be trusted.”

Despite a company or consumer’s best efforts, there is still a possibility that cybercriminals could successfully trick someone into sharing personal information that the criminal may use later to commit further fraud or breach organisational defences. If this is the case, Gevers advises that the victim take immediate steps to limit the potential damage.

“Firstly, change all your social media, email, and banking passwords. If an email communication was sent to you by a scammer, report it to your security team so they are aware of it. No one likes to fall victim to cybercrime but it’s nothing to be embarrassed about. Being honest and swift can potentially prevent other people from falling victim too.”

He adds that any such cases should be reported to the relevant authorities so that law enforcement may investigate and, hopefully, find and prosecute the perpetrators. “Countries across the Middle East have acknowledged the dangers cybercrime poses to their citizens, businesses, and critical infrastructure, and are taking steps to strengthen law enforcement capabilities to combat the scourge of cybercrime.”

Continue Reading

Follow Us


Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.