Cyber-Security-Monitoring-Guide

More documents

Recommendations

Info

Cyber Security Monitoring and Logging GuideUnderstand the benefits of using third party expertsThere are many reasons why an organisation may wish to employ external cyber security monitoring and logging providers,such as to help carry out activities outlined in previous chapters.Most respondents to the Project Survey placed a high value on the many differing benefits of outsourcing cyber securitymonitoring and logging services, which included:• 24 x 7 x 365 coverage• Cost advantages over developing your own solution (eg. because of leveraging, personnel, tools and approaches)• Access to cyber security monitoring and logging specialists• Cyber security (protective) monitoring• Access to ‘surge support’ (swift deployment of experienced coordination)• Fast provision of an effective cyber security monitoring capability.Other factors that were also well supported included: lower risk delivery of services; independent view of risk; quick andeasy, low-risk compliance; and SLAs with service credits.You should procure cyber security monitoring and logging services from a trusted,certified external company who employ professional, ethical and highly technicallycompetent individuals. CREST member companies are independently assessed and canprovide you with a certified, trusted relationship, backed by an effective industry body.Outsourcing challengesWhilst there are many benefits associated with outsourcing cyber security monitoring and logging services, there are alsoa number of challenges to address. Project research identified a number of challenges associated with the provision ofappropriate cyber security monitoring and logging services which included:• Significant variations in the (type and quality of) provision of services• Lack of clarity about what is actually being offered• The proliferation of ‘specialist’ (often proprietary) tools and their lack of integration• Insufficient links (in a number of cases) to cyber security incident response services• No related standard or qualification for their provision• No standard generic for assessing knowledge, skill and competence of service providers, particularly SOC and Cloudbasedsolutions• No codes of conduct for M&L service providers• Vendor hype.Respondents to the Project Survey were asked about the extent to which they consider a range of topics prior tooutsourcing activities or services to external cyber security monitoring and logging providers. Most respondents fullyconsider a wide range of important topics which could cause problems when outsourcing, which were:1. Loss of control of your data (particularly sensitive data)2. Gaining access to your own data stored by outsourcers3. Level of support in responding to a cyber security incident4. Reduced access to business context information5. Location of analysts and how they can be contacted.!Concerns over these types of issue were typically more highly rated than the benefitsof outsourcing. However, if these types of issues are handled effectively then theoutsourcing of some or all cyber security monitoring and logging services shouldmake good business sense.48
Cyber Security Monitoring and Logging Guide“You need to provide great clarity around requirements before outsourcing – but if you are going tooutsource, then do it properly”Technical considerationsThe type and quality of products and services in the cyber security and monitoring arena varies enormously. Consequently,clients are often:• Bewildered by what is actually being offered and what they will be delivered• Unsure of how to differentiate the quality and type of services on offer• Saddled with unsuitable (sometimes expensive) services• Over-reliant on product-led solutions that they do not fully understand or optimise.One of the possible reasons for this situation is that a large part of cyber security budget is often technology-led withsecurity dollars being owned by technology vendors, rather than by suppliers of security services.“Cyber security monitoring is not just about having the latest technology box”Many providers of cyber security services offer turn-key solutions, yet the best value is typically for a client to developdeeper relationships with their suppliers - thinking of them as a force multiplier, rather than just an outsourcer. Even at amore detailed level, technical security services need to be more integrated, ensuring the smooth inter-relationships betweencomponents like triage, forensics and root cause analysis.Determine what activities should be outsourcedOnce you have reviewed your requirements for cyber security monitoring and logging, you should now determine thetypes of service you require and which of these services you will consider outsourcing to expert suppliers.Many respondents to the Project Survey were willing – to an extent - to consider outsourcing a range of cyber securitymonitoring activities, as shown in the chart below.To what extent would you consider outsourcing the following to providers ofcyber secuity monitoring and logging services?Content filteringThreat intelligence (as opposed to justthreat data or news)Vulnerability managementSecurity device managementCyber security (protective) monitoringSystem health monitoringBig data analyticsLog retentionCyber security incident response0.0 0.5 1.0 1.5 2.02.5 3.0 3.5 4.0 4.5 5.049
Page 1: Cyber SecurityMonitoring and Loggin
Page 4 and 5: Cyber Security Monitoring and Loggi
Page 60: The quadrants in this diagram outli

Cyber-Security-Monitoring-Guide

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?