Our courses offer a good compromise between the continuous assessment favoured by some universities and the emphasis placed on final exams by others.
MSSP-SOC – Security as a Service
A short guide for Organisations and MSSP
Prepared BY – Cyber Future Tech
Mail: [email protected]
Threat landscape continuous to get progressively worse with sophisticated attacks spotted in the wild; attackers leveraging build-in OS features to live of the land gaining a stronger foothold on target environment
Organisations today face many new types of issues—advanced phishing attacks are proving all too successful, Banking Trojan transforming intoransomware are some forms of malware, that many seem helpless toprevent.
This paper is an attempt to share thoughts on helping Small and Medium scaleOrganisations get most value of the partnership with MSSP; and enabling MSSP in Creating,Managing and Offering clients effective Security As A Service.
The paper is divided into two sections, the FIRST focuses on helping Organisations evaluate MSSP, Challenges they may face while in contract and How to ensure a successful partnership.
The SECOND section, looks from a MSSP point-of-view. Pointing out how they should align People, Process and Technology to deliver service.
Chapter 1 – For Organisations
Why You Should Use Managed Security Services Provider
Before organizations decide to partner with an MSSP, we must first understand organization’s needs. Examples why companies choose to prefer an MSSP as a solution for SOC support include:
An MSSP can provide host of security services (like intrusion detection and prevention, incident management, managed vulnerability and identity and access solutions), apart from this they also can provide a level of experience handling those things that an in-house SOC might not have.
An MSSP sees problems like DDoS attacks, malware infestations and phishing scams every day. An in-house SOC staff member might only see something like that every few months. Repetition of tasks lends for a more prepared and experienced team of professionals, one of the key benefits of working with MSSP.
Consider these before you start
Evaluate Managed Security Service Providers
The outsourcing of organisations digital security involves an in-depth discovery process. It’s not one of those decisions that depends solely on price & cost. Getting a right outsourcing company with the great reputation is critical to organization's viability. Making a bad decision or deciding on a single provider based only on cost can hurt organisations business. These are the areas that beshould looked at prior to looking at the cost:
Questions to prospective MSSP
As part of the evaluation process, you may want to pose these question to MSSP vendor to get clear understanding and if this is the right choice
Challenges with MSSP
There are bound to be challenges in any engagement and when comes to MSSP these challenges pose risk to your business. The following are few challenges an organisation might want to be prepared for
Ensuring a successful partnership with an MSSP
The possibility of conflict exists with any partnership, including the hiring of MSSP to augment your IT/InfoSec staff’s capabilities. Partnering with an MSSP is an increasingly popular choice to help manage your information security, however certain steps must be taken to ensure a successful& healthy relationship
Chapter 2 – For MSSP – SOC
Primary mission for a MSSP is to provide organizations with a highly mature detection and response capability designed to mitigate against threats that put most critical business assets at risk.
With MSSP - SOC as a Service, Organisations enjoy actionable intelligence and complete visibility into their environment, allowing for a dramatically improved security posture.
Challenges for MSSP
With so many models of service offering MSSP’s face a myriad of technical challenges in the infrastructure they develop, the tools they employ, and the processes adopted to drive services.
Scalability, Automation, Internal Processes and Professional Expertise are often cited as the most significant technical issues, along with following which makes MSSP’s service delivery a challenge
To effectively deal with these, the first thing an MSSP should do is bring all stakeholders to the table to map the regulatory and legal risk at the IT, human and third-party layers.
Make sure your provider is ranking risk by potential legal & business impact & calculating the likelihood of threats associated with that risk. Then the provider can identify security gaps, assess incident readiness and help you develop targeted security and response processes based on those calculations of likelihood and impact potential.
How MSSP-SOC can provide best Security Services
Managed SOC can ensure maximum value to client’s business by complementing the technical components with consistent approach in managing, organizing and aligning People, Process and Technology ensuring effective service offering.
In addition to establishing (or augmenting) client SOC, MSSP SOC will provide security monitoring and incident response services to you via a managed service 24x7, anywhere in the world. The SOC will also be tightly linked with Security Research team to facilitate the sharing of new and emerging indicators of compromise.
STAFFING A SOC: PEOPLE
MSSP SOC team should work closely with Clients in-house information security function to provide skilled on-site/off-site resources throughout the design and build phases of the project. Once normal operations commence, MSSP remote 24x7 security monitoring team will be complemented by advanced monitoring and response services
MSSP SOC Team
MSSP SOC should have a hierarchy of roles with a clear escalation path. Day-to-day alerts are received and investigated by the L1(Level 1) Analyst; a real security incident is stepped up to a L2(Level 2) Analyst; and business critical incidents pull in the L3 Analyst & L4 SME and if necessary, the SOC Manager.
An important role in MSSP world would be of “Service Delivery Manager” or can be called as “Cyber Security Advisor” who is primary point of contact for client and is responsible for setting up services and gathering information about client’s environment and pass it on to SOC
OPERATIONALIZING SOC - PROCESS
Managing a SOC in a clear and well-defined manner is crucial for its success. Managed SOCshould work closely with Clients to bring proven SOC management processes to client’s environment and tailor them to organization’s needs, where necessary.Following processesshould be in place MSSP
EQUIPPING A SOC: TECHNOLOGY
A SOC is comprised of a diverse range of advanced tools that monitor the security of an organization’s systems and network infrastructure. The primary technology used in a SOC is a SIEM solution. It collects and correlates log data and network flows from sensors placed throughout the network.
There’s no doubt that cyber attackers have outpaced the security capabilities of most small and medium enterprises. Attackers know how to bypass perimeter controls, and count on their ability to enter the network undetected and stay there as long as it’s financially rewarding to do so. But they won’t stop there. As long as there are monetary gains to be had in cyberspace, attackers will be ready to exploit them.
It’s time for small & medium enterprises to evolve as well, and seize the opportunity provided by MSSP SOC to improve their security strategies and get a step ahead of cyber attackers.
CYBER FUTURE TECH
Cyber Security Training Provider
email: [email protected]
Ans. In this series of posts, I’m going to show you step by step method to test a Web Application.
Always remember one thing, Every person has its own way to do the work.
Following mentioned things will be discussed.
Mapping the Web Application.
Preparing the Attack Surface.
Testing the Client-Side Controls.
Testing the Session Management system.
Testing the Auth. Mechanism.
Testing the Forget Password Utility.
Testing for Input Based Vulnerabilities.
Testing for Access Controls.
1. Mapping the Web Application.
==> In this phase a penetration tester in simple words, tries to gather information about the target.
There are two modes to gather information Active mode and Passive mode.
In Passive mode, the tester gathers information without being directly interacting with Web App.
In Active mode, the tester uses various utilities in the web application and tries to gather information.
The tester tries to gather information like :-
Purpose for which the web application was made for.
Checks for framework like WordPress, Drupal etc.
It’s Server information.
Programming languages used by Web App.
The technologies being used by web application.
Checks for Input areas.
Checks Output areas.
Gathers information about API.
Checks for third party files being access by the web app.
MSSP-SOC – Security as a Service ( A short guide for Organisations and MSSP )
Your money or your life: Digital extortion scams
Firewall Basic Bypassing Techniques With Nmap and Hping3
Preventing Cybersecurity Disaster: Learning from the Top Security Breaches in 2018
Another Reluctant Hacker