Managed Security - A Masergy Guide

Your Managed Security questions answered

Masergy’s Managed Security Services provide comprehensive managed detection and response on a global scale. Here are the answers to your frequently asked questions.

What are the types of network security?

Corporate IT networks use various cybersecurity strategies to protect the devices, data, and users on their network. Modern network security must encompass both an organization’s on-premise and cloud-based resources. At a high level, there are several types of network security strategies used by enterprises:

1. Perimeter defenses are the firewalls and Intrusion Prevention System (IPS) hardware deployed at egress/ingress points on virtually all customer networks. As traditional security tactics, just “building a wall” is not enough today to keep hackers out. If a company contracts with a managed security service provider, they will actively monitor these perimeter defenses.

2. Endpoint security includes the antivirus and anti-malware software installed by customers on all devices (often called “endpoints” by network architects) attached to a corporate network. Endpoint security is relatively simple but some endpoint security systems are sophisticated enough to validate users prior to accessing corporate network resources.

3. Log management or what is also known as Security Information and Event Management (SIEM), is a system that captures and studies system event logs for devices on the network, along with any firewalls and third party security devices. Enterprises have so many devices that a manual review of these logs by a security team is impractical due to workforce constraints. This explains why security analytics tools are necessary today.

4. Behavioral analysis security leverages big data and distributed computing resources to identify events, trends, and historic patterns of usage on a corporate network. This security regime analyzes those big datasets using algorithms, machine learning, and behavioral analytics to determine what the normal behavior of an everyday user is and can automatically flag anomalies as a potential security issue.

5. Zero Trust is a security model whereby organizations do not automatically allow access or “trust” between devices whether they are inside or outside its network perimeter. In this model, all access to every device and data resource on a corporate network is on a need-to-know basis with strictly enforced access control security rules.

Most enterprises use some combination of these security strategies.

What are managed security services?

Managed security services are the third-party providers that oversee and administer a corporate IT security policy. Companies typically contract with a managed security services provider as an adjunct to their existing corporate IT staff. In return they receive a team of certified security experts helping to identify threats and also mitigate them.

What is Cloud Security?

Cloud security is the broad term for protection of data and other assets stored in high-availability distributed online servers. All public and private cloud providers–whether they are infrastructure as a service (IaaS) or software as a service (SaaS) vendors–enable a baseline level of security to protect against unauthorized access to cloud-based assets. However, most organizations apply additional cybersecurity measures to their SaaS and IaaS cloud-based assets to match their specific data security and retention policies. This enhanced level of cloud security could include redundancy for disaster recovery, data loss protection (DLP) to disable access when suspicious activity is detected, and user access controls such as a cloud access security broker (CASB) solution.

What does an MSSP do?

A Managed Security Services Provider or “MSSP” helps organizations monitoring and management cybersecurity across its IT systems and devices. Clients typically contract with MSSPs to handle the day-to-day security operations for which their in-house IT department is either understaffed or ill equipped to support. For example, MSSPs handle the configuring and monitoring of firewalls and other cybersecurity technologies and systems on the client’s corporate network.

What is the difference between MSP and MSSP?

A managed service provider or “MSP” differs from a managed security services provider (MSSP) in that the MSSP specializes in providing security services. There are many different types of MSPs that deliver outsourced networking connectivity, IT help desk, and other staff augmentation. However, MSSPs are solely focused on delivering outsourced cybersecurity monitoring and management services for an organization.

What is the cost of DIY cybersecurity versus using a managed security service provider (MSSP)?

One of the key costs to consider when choosing whether to build your own security operations center (SOC) vs. outsourcing security work to an MSSP is labor. Finding and retaining expert security talent is time consuming, expensive, and often not achievable because of scarce security talent available today. While labor costs vary depending on the region, the average cost to operate a 24/7 SOC comes out to a minimum of USD$1 million per year based on a total of eight full-time certified cybersecurity employees along with all of the appropriate technology, tools, and facilities. Here are the eight factors for measuring the total cost of SOCs

In comparison, you can outsource all of your company’s cybersecurity tasks to the experts at Masergy for the total cost of hiring a single DIY cybersecurity expert.

Why are enterprises choosing managed security solutions over DIY cybersecurity?

Enterprise IT leaders are increasingly turning to managed security service providers (MSSPs) for help with their cybersecurity initiatives. A recent Gartner CIO survey found that 95% of security leaders expect cybersecurity threats to increase and negatively impact their organization.

For certain organizations, the idea of building an in-house IT security team is appealing due to the ability to control all aspects of a do-it-yourself (DIY) solution. However, what many companies don’t count on is this:

  • Total control often increases the complexity and expense of an enterprise security initiative
  • Mid-sized enterprises falsely believe their existing IT staff can also perform cybersecurity tasks in addition to their regular desktop support responsibilities
  • Skill sets needed to thwart cyber attacks are much different than desktop support, and experts with those cybersecurity skills are harder to obtain.
  • There is a global cybersecurity workforce shortage. The latest stats from (ISC)², a non-profit technology trade association, shows the global cybersecurity workforce needs to grow by 145% to meet the demand for skilled cybersecurity talent–meaning it’s difficult for companies to retain good cybersecurity professionals.

Smart CIOs and CISOs know that by outsourcing their enterprise-level security program to a dedicated MSSP, they are able to focus their limited internal IT resources on strategic security priorities. Outsourcing to MSSP experts also provides immediate coverage in the form of security incident monitoring, responding to problems in real time and reducing the signal-to-noise ratio of security incidents.

When a CIO or CISO chooses a Masergy Managed Security solution, Masergy is handling all of the day-to-day threat management, data protection, and ongoing compliance requirements while demonstrating security impact and value through real-time security analytics and reporting.

How does Masergy Managed Security use machine learning to stop threats?

Masergy developed patented technologies that use sophisticated machine learning and behavioral analytics algorithms to automate the monitoring of threats anywhere on your corporate network. Our detection and response platform changes the game by providing a clearer, correlated picture of your security status, quickly distilling alerts down to the meaningful few. Masergy combines our 19+ years of security threat intelligence with the power of machine learning and big data analytics to predict, detect, and protect against the most advanced cyber threats on your network.

What makes Masergy Managed Security unique in the industry?

Our approach to cybersecurity protects your employees and their data using a combination of network behavioral analysis and expert human monitoring. Masergy Managed Security uses patented machine learning technology to continuously and automatically learn the unique normal behaviors of each client network. By analyzing the actual historical behavior of your employees and external partners on your corporate network to the predicted behavior using our machine learning techniques and historical datasets, Masergy Managed Security detects even the most subtle anomalies.

We couple our patented cybersecurity technology and standardized processes with a dedicated team of security experts available 24/7. Masergy employs certified security experts on three continents who continuously monitor and investigate all suspicious behaviors and threat alerts. When a threat is confirmed, we block the malicious traffic and initiate an incident response with actionable remediation steps.

Can Masergy Managed Security help protect our company assets in the AWS, Microsoft Azure, IBM, and Google Cloud Platform?

Yes, Masergy Managed Security services offer multiple turnkey cloud security solutions and protection options for all major public and private cloud platforms. For example:

  • If your company is moving on-prem assets into the cloud, Masergy Managed Cloud Workload Protection (CWP) can secure your cloud computing and storage environments during and after the transition.
  • For enterprises invested in the Microsoft Office 365 cloud ecosystem, Masergy Security Monitoring for Microsoft Office 365 will continuously scan your apps and services to notify you of potential security issues, isolate malicious content, and automatically thwart opportunities for data exfiltration.
  • Our Managed Cloud Access Security Broker (CASB) services are optimized to enforce your company’s specific security, compliance, and governance policies between your on-prem endpoints and cloud-based IaaS, PaaS, and SaaS assets. Whether your business is just starting your journey to the cloud or you’re already a multi-cloud enterprise, Masergy Managed Security services can help.

Visit our Cloud Security page for more information.

What is managed detection & response cybersecurity?

Top industry analyst firm Gartner defines managed detection & response as the 24/7 cybersecurity services provided by an external managed security services provider (MSSP) that delivers:

  • Detection of potential cybersecurity incidents on the company’s corporate network and endpoints (often including cloud-based assets and mobile devices)
  • Investigation into the scope and severity of the incidents
  • Actions to remotely disrupt and contain the threats along with detailed reporting about the threat

Why use human cybersecurity analysts for managed detection & response when artificial intelligence and machine learning is faster?

While machine-learning algorithms accelerate the process of finding anomalies in vast oceans of data, humans are still 50% of the security success equation.
Machine learning and behavior analytics do NOT equate to higher levels of human intelligence and complex decision making. These solutions are very good at spotting anomalous behavior, but they still require security analysts to investigate the findings. For instance, Masergy’s team of tenured and industry-certified professional security experts understand the unique nuances of your network to add a human touch to your company’s security.

We couple our patented information security technology and standardized processes with a dedicated team of security experts available 24/7. Masergy employs certified security experts on three continents in our state of the art Security Operations Centers (SOCs). The analysts in our SOCs leverage our suite of managed detection & response tools and machine learning technologies to continuously monitor and investigate all suspicious behaviors and threat alerts. When a threat is confirmed, we block the malicious traffic and initiate an incident response with actionable remediation steps.

What are the advantages of using a Cloud Workload Protection solution?

Companies are increasingly moving their on-prem based apps into either public or private cloud computing platforms. Whether your organization chooses public cloud platforms such as AWS and Microsoft Azure or a private cloud platform such as IBM Cloud, moving digital workloads off of on-prem servers delivers compelling cost, agility, and scalability benefits. Forward-thinking CIOs know that migrating as many of these digital workloads as possible to the cloud is the best way to achieve operational efficiency.

Cloud Workload Protection (CWP) solves the inherent problem with using legacy perimeter-based cybersecurity products designed to protect on-prem servers. In fact, it’s a new agent-based technology that is specifically designed for cloud computing environments. Leveraging a managed security service for tenant-side security gives IT/Security teams the opportunity to refocus limited time and resources on strategic business opportunities instead of managing infrastructure and technology.

Masergy Managed Cloud Workload Protection solutions are designed for highly dynamic cloud environments and include a complete suite of security functions that comprehensively secure and monitor cloud workloads to reduce risks and improve operational efficiencies.

Masergy Managed Cloud Workload Protection deploys automatically via scripts or orchestration tools using lightweight, tamper-resistant agents. These agents automatically authenticate into the SaaS-based management platform and receive updated security policies every 60 seconds according to workload tags for specific security and use cases. Any security misconfigurations, vulnerabilities, or indicators of compromise (loC) notifications found on your cloud-based workloads are immediately sent to the Masergy Security Operations Center (SOC) for triage and immediate response.

Why does my company need a Cloud Access Security Broker (CASB)?

As organizations adopt a cloud-first approach to IT, they must also avoid a patchwork of point solutions that cannot provide consistent and scalable controls across all cloud applications.

Masergy’s Managed CASB solution is built from the ground up for visibility, control, and compliance in the cloud, offering end-to-end data and threat protection for all applications on any device. With support for SaaS apps like Office 365 and G-Suite, Salesforce, and any of the other thousands of cloud apps that are on the market today. Masergy’s Managed CASB solution is built to manage risks with officially sanctioned applications and unmanaged shadow IT apps that are in use all with one solution. Masergy Managed SD-WAN customers can also leverage our CASB solution to automate the blocking of SaaS apps using the built-in Shadow IT Discovery features of our Intelligent Service Control customer management portal.

Does Masergy Security Consulting services offer cloud asset and onsite server audits?

Yes, the Masergy professional security services team can provide any-sized company with a holistic, 360 degree view into the security of your network. Masergy consultants temporarily install our proprietary security scanning hardware on your network and then perform a deep vulnerability assessment and penetration test. Scans include endpoints and devices located both onsite and in the cloud, ensuring that you have a true understanding of all potential attack surfaces for both external and internal cybersecurity threats.

Our holistic approach to security auditing gives Masergy’s professional security services team the ability to see what’s happening on the network during the testing and attack phases of the penetration test. This audit tests the effectiveness of your corporate security measures and provides detailed, actionable remediation strategies. Our audit tools take only an hour to install and work “passively” on your network so we do not have to displace any of your current equipment. You get the holistic view you need to create a comprehensive process to secure assets in the cloud, on-premise or both.