SlideShare a Scribd company logo

Managed Detection and Response (MDR) Whitepaper

Marc St-Pierre
Marc St-Pierre

The document discusses managed detection and response (MDR) solutions and investigative capabilities as a key selection factor for MDR offerings. It outlines that MDR solutions have shifted focus from prevention to detection and response due to difficulties preventing advanced cyber threats. The document recommends that when selecting an MDR vendor, buyers should consider the vendor's investigative experience and capabilities. It provides examples of digital forensic investigation elements that MDR solutions perform, such as data collection and analysis, and recommends questions for buyers to ask vendors about their investigative expertise and how they incorporate those skills into MDR services.

1 of 4
Download to read offline
White paper Your Guide to OpenText™ and Filogix® Collaborative Document Solutions Maintaining 66 ABC™ Part 1 Active® Compliance The biggest challenges of Life Sciences companies today are maintaining a robust product pipeline and reducing time to market while complying with an increasing and evolving multitude of Federal and international regulations. Managed Detection and Response (MDR): Investigative Capability as a Key Selection Factor Dr. Edward G. Amoroso Chief Executive Officer, TAG Cyber Distinguished Research Professor, NYU Managed detection and response (MDR) solutions benefit from investigative capabilities, particularly as derived and evolved from the digital forensic community. Buyers should thus include investigative experience as a selection factor when reviewing MDR offerings.
Copyright © 2021 Open Text. All Rights Reserved. Trademarks owned by Open Text. Managed Detection and Response (MDR): Investigative Capability as a Key Selection Factor Introduction The emergence of managed security service (MSS) offerings in the late 1990’s was driven primarily by the need for enterprise teams to have experts remotely manage their firewall and review the log records being generated. As offerings from managed security service providers (MSSPs) evolved, and as perimeter-based firewalls became less important, the emphasis of most MSS solutions shifted from device management toward the analysis of collected logs. In this report, we outline how this shift has resulted in increased emphasis by practitioners on new managed detection and response (MDR) commercial offerings. As will be outlined below, such MDR solutions combine data collection, correlative processing, incident response, and data analysis support for the enterprise buyer. They also help to address the security skills gap by augmenting the enterprise team with outsourced experts. We also focus in this report on a key selection factor that buyers are advised to consider in their selection of an MDR partner. This key factor, investigative capability, involves the MDR vendor’s ability to perform analytic tasks to make sense of the data from managed infrastructure. The case is made here that investigative capabilities, including how such expertise has evolved within the vendor team, is a primary predictor of MDR success. Baseline MDR Capabilities The best way to differentiate traditional MSS from evolved MDR is to visualize where these respective offerings reside in the defensive lifecycle model included in the NIST Cyber Security Framework (CSF) . Most observers view any shift along this model as being either a shift-left toward more preventive focus, or a shift-right toward more detection and response focus. Figure 1 below depicts this shift landscape. Figure 1. Landscape Shift Options: Left and Right One of the main reasons MDR solutions have been so successful is that advanced cyber threats have been so difficult to prevent, especially when they are initiated by capable actors such as nation-state military groups. Security teams have had to place their primary focus on addressing on-going incidents, responding to live attacks, or responding to completed incidents with the necessary remediation and recovery actions. The result has been a definitive shift right in the cyber security industry, with major emphasis on detection and response. In addition to MDR, buyers now have access to solutions for network detection and response (NDR), endpoint detection and response (EDR), and even extended (wildcard) detection and response (XDR). Each of these offerings focuses its attention on dealing with on-going or previous incidents. Identify Protect Detect Respond Recover MDR Servce Emphasis Shift Right Shift Left Focus on Preventing Cyber Attacks Focus on Dealing with Cyber Attacks 1 https://www.nist.gov/cyberframework
Copyright © 2021 Open Text. All Rights Reserved. Trademarks owned by Open Text. Managed Detection and Response (MDR): Investigative Capability as a Key Selection Factor Investigation as a Key MDR Component As might be evident in this shift, MDR solutions are heavily oriented toward investigation of incidents versus the earlier focus in previous generations of managed security on prevention and mitigation. This emphasis suggests that the selection process for an MDR vendor should include sufficient review of the local capability for supporting investigation work, based on collected data before, during, and after an incident. One area where such investigative capability has been particularly highlighted is digital forensics. For many years, enterprise teams, law enforcement, and other stakeholders have used digital forensic methods to investigate the characteristics and data on targeted devices, systems, and software (including stored and ephemeral data). The resulting best practices offer excellent insight into the types of methods that should be included in any MDR offer. Elements of Digital Forensic Investigation When law enforcement and other forensic examiners are working a digital investigation, they must engage either explicitly or implicitly with a four-step lifecycle model that includes many discrete tasks. Each task in this model – which is represented below as a de facto guide, rather than a formal standard – is designed to help uncover insights from artifacts, and most are now heavily reliant on technology support for proper execution. Figure 2. Elements of Cyber Investigation Step 1: Preservation This involves freezing any activity that might damage or change important digital evidence. This type of activity applies to MDR offerings, where collected logs, telemetry and other ephemeral data must be stored securely — without the possibility of tampering or damage. Step 2: Collection This involves obtaining the digital evidence that will be required for the investigation. MDR solutions have analogous collection capability with the capture of remote logs, audit records, alerts, alarms, and other telemetry from the managed infrastructure. Step 3: Examination This involves technical and systematic review and search of evidence relevant to the investigation. Every MDR must include similar examination capability, usually performed using a combination of automated and manual procedures in the MDR SOC. Step 4: Analysis This important task involves the correlative and logical review of digital evidence to draw conclusions. Increasingly, MDR solutions use intelligent algorithms to perform the analysis task. Such solutions typically combine the best elements of signature, behavioral, and artificial intelligence-based processing. Step 5: Reporting This final step involves documenting findings in a manner useful to all participants in the investigation. Every MDR now includes the requirement to support reporting requirements, often with the nuance that summary analyses be consumable by both cyber experts and business executives. This analysis of digital forensics methods suggests that any selected MDR platform and supporting vendor should be rooted deeply in proper digital investigative capability. As outlined above, MDR solutions focus on detection and response – both of which are essential aspects of the five-step process for digital forensic investigation. It therefore stands to reason that an MDR vendor must have deep understanding in this area. Preservation Collection Examination Analysis Reporting Progress in Digital Forensic Investigation Several academic works (including https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.258.7882&rep=rep1&type=pdf) use this basic model to describe digital forensic examination.
Copyright © 2021 Open Text. All Rights Reserved. Trademarks owned by Open Text. Managed Detection and Response (MDR): Investigative Capability as a Key Selection Factor Questions to Ask Your MDR Vendor The TAG Cyber analyst team recommends that buyers considering MDR options should adjust their conventional source selection process to include increased emphasis on investigative expertise and experience amongst the MDR principals. To that end, we have created a series of simple questions that might be asked of the MDR solution provider to help gauge this level of investigative capability which we believe helps to predict the success of an MDR engagement: About TAG Cyber TAG Cyber is a trusted cyber security research analyst firm, providing unbiased industry insights and recommendations to security solution providers and Fortune 100 enterprises. Founded in 2016 by Dr. Edward Amoroso, former SVP/CSO of AT&T, the company bucks the trend of pay-for-play research by offering in-depth research, market analysis, consulting, and personalized content based on hundreds of engagements with clients and non-clients alike—all from a former practitioner perspective. Copyright © 2021 TAG Cyber LLC. This report may not be reproduced, distributed, or shared without TAG Cyber’s written permission. The material in this report is comprised of the opinions of the TAG Cyber analysts and is not to be interpreted as consisting of factual assertions. All warranties regarding the correctness, usefulness, accuracy, or completeness of this report are disclaimed herein. To what degree does the MDR vendor possess direct forensic investigative experience with modern digital scenarios? Obviously, digital forensics and MDR are different activities, and we fully understand that contracts for MDR will likely not include work items for forensic analysis of devices and other systems. Having local experience with digital forensics, however, strikes the TAG Cyber analyst team as being a good predictor of how well the organization can handle digital review, data analysis, and investigative support. What platforms and tools is the MDR solution provider familiar with in the context of modern digital forensic investigation? The desired level of experience with digital forensics across the MDR team should be complemented with an understanding and familiarity with best-in-class tools for supporting investigations. MDR teams might not use these tools directly in their detection and response engagements, but we believe that prior or on-going experience supporting investigation using the best commercial tools is a reasonable requirement for a good MDR team. What is the MDR vendor’s methodology for weaving digital forensic capabilities into their day-to-day detection and response support? This question does focus on the synergy between digital forensics and MDR support. In particular, it asks the MDR vendor how investigative experience and expertise can be woven into the detection and response activities in support of the enterprise customer. This synergy can be strategic, offering framework guidance on how to design a data analysis program, or it can be tactical, offering more specific step-by-step assistance in dealing with a given task.
Ad

Recommended

A case for Managed Detection and Response
A case for Managed Detection and ResponseA case for Managed Detection and Response
A case for Managed Detection and Response
Digital Transformation EXPO Event Series
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyCritical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You Buy
Fidelis Cybersecurity
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
Sirius
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
Security operation center
Security operation centerSecurity operation center
Security operation center
MuthuKumaran267
 
Security architecture - Perform a gap analysis
Security architecture - Perform a gap analysisSecurity architecture - Perform a gap analysis
Security architecture - Perform a gap analysis
Carlo Dapino
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM
AlienVault
 
EDR vs SIEM - The fight is on
EDR vs SIEM - The fight is onEDR vs SIEM - The fight is on
EDR vs SIEM - The fight is on
Justin Henderson
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
Priyanka Aash
 
SIEM and SOC
SIEM and SOCSIEM and SOC
SIEM and SOC
Abolfazl Naderi
 
IBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewIBM InfoSphere Guardium overview
IBM InfoSphere Guardium overview
nazeer325
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
Ahmed Ayman
 
Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5
Mukesh Chinta
 
Security Information and Event Managemen
Security Information and Event ManagemenSecurity Information and Event Managemen
Security Information and Event Managemen
S Periyakaruppan CISM,ISO31000,C-EH,ITILF
 
ISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and ChallengesISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and Challenges
Certification Europe
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
S.E. CTS CERT-GOV-MD
 
Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditing
Piyush Jain
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Priyanka Aash
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
Ben Rothke
 
QRadar Architecture.pdf
QRadar Architecture.pdfQRadar Architecture.pdf
QRadar Architecture.pdf
PencilData
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
Steve Lodin
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations Center
Komand
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
k33a
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
Digit Oktavianto
 
12 Best Privacy Frameworks
12 Best Privacy Frameworks12 Best Privacy Frameworks
12 Best Privacy Frameworks
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Comodo SOC service provider
Comodo SOC service providerComodo SOC service provider
Comodo SOC service provider
paulharry03
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
Kaspersky
 
Ad

More Related Content

What's hot (20)

EDR vs SIEM - The fight is on
EDR vs SIEM - The fight is onEDR vs SIEM - The fight is on
EDR vs SIEM - The fight is on
Justin Henderson
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
Priyanka Aash
 
SIEM and SOC
SIEM and SOCSIEM and SOC
SIEM and SOC
Abolfazl Naderi
 
IBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewIBM InfoSphere Guardium overview
IBM InfoSphere Guardium overview
nazeer325
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
Ahmed Ayman
 
Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5
Mukesh Chinta
 
Security Information and Event Managemen
Security Information and Event ManagemenSecurity Information and Event Managemen
Security Information and Event Managemen
S Periyakaruppan CISM,ISO31000,C-EH,ITILF
 
ISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and ChallengesISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and Challenges
Certification Europe
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
S.E. CTS CERT-GOV-MD
 
Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditing
Piyush Jain
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Priyanka Aash
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
Ben Rothke
 
QRadar Architecture.pdf
QRadar Architecture.pdfQRadar Architecture.pdf
QRadar Architecture.pdf
PencilData
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
Steve Lodin
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations Center
Komand
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
k33a
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
Digit Oktavianto
 
12 Best Privacy Frameworks
12 Best Privacy Frameworks12 Best Privacy Frameworks
12 Best Privacy Frameworks
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
EDR vs SIEM - The fight is on
EDR vs SIEM - The fight is onEDR vs SIEM - The fight is on
EDR vs SIEM - The fight is on
Justin Henderson
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
Priyanka Aash
 
SIEM and SOC
SIEM and SOCSIEM and SOC
SIEM and SOC
Abolfazl Naderi
 
IBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewIBM InfoSphere Guardium overview
IBM InfoSphere Guardium overview
nazeer325
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
Ahmed Ayman
 
Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5
Mukesh Chinta
 
Security Information and Event Managemen
Security Information and Event ManagemenSecurity Information and Event Managemen
Security Information and Event Managemen
S Periyakaruppan CISM,ISO31000,C-EH,ITILF
 
ISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and ChallengesISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and Challenges
Certification Europe
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
S.E. CTS CERT-GOV-MD
 
Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditing
Piyush Jain
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Priyanka Aash
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
Ben Rothke
 
QRadar Architecture.pdf
QRadar Architecture.pdfQRadar Architecture.pdf
QRadar Architecture.pdf
PencilData
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
Steve Lodin
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations Center
Komand
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
k33a
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
Digit Oktavianto
 
12 Best Privacy Frameworks
12 Best Privacy Frameworks12 Best Privacy Frameworks
12 Best Privacy Frameworks
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 

Similar to Managed Detection and Response (MDR) Whitepaper (20)

Comodo SOC service provider
Comodo SOC service providerComodo SOC service provider
Comodo SOC service provider
paulharry03
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
Kaspersky
 
What are the key cybersecurity KPIs that businesses.pptx
What are the key cybersecurity KPIs that businesses.pptxWhat are the key cybersecurity KPIs that businesses.pptx
What are the key cybersecurity KPIs that businesses.pptx
Simublade
 
4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdf4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdf
Jose R
 
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf
 
Service2Media: Webinar Security & Management (17 March 2014) by Derk Tegeler
Service2Media: Webinar Security & Management (17 March 2014) by Derk Tegeler Service2Media: Webinar Security & Management (17 March 2014) by Derk Tegeler
Service2Media: Webinar Security & Management (17 March 2014) by Derk Tegeler
Service2Media
 
Information Security
Information SecurityInformation Security
Information Security
divyeshkharade
 
PTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIAPTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIA
George Delikouras
 
Assessing and Managing IT Security Risks
Assessing and Managing IT Security RisksAssessing and Managing IT Security Risks
Assessing and Managing IT Security Risks
Chris Ross
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019
Ulf Mattsson
 
Evolving Threats Call For Integrated Endpoint Security Solutions With Holisti...
Evolving Threats Call For Integrated Endpoint Security Solutions With Holisti...Evolving Threats Call For Integrated Endpoint Security Solutions With Holisti...
Evolving Threats Call For Integrated Endpoint Security Solutions With Holisti...
John D. Haden
 
Wp evolving-threats-endpoint-security
Wp evolving-threats-endpoint-securityWp evolving-threats-endpoint-security
Wp evolving-threats-endpoint-security
Ai K
 
Future Trends in SOC Services What Indian Businesses Need to Know.pdf
Future Trends in SOC Services What Indian Businesses Need to Know.pdfFuture Trends in SOC Services What Indian Businesses Need to Know.pdf
Future Trends in SOC Services What Indian Businesses Need to Know.pdf
manoharparakh
 
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
Ulf Mattsson
 
Risk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedRisk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs Provided
Tiffany Graham
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016
Karl Kispert
 
Softchoice Security Consolidation Survey Results
Softchoice Security Consolidation Survey ResultsSoftchoice Security Consolidation Survey Results
Softchoice Security Consolidation Survey Results
Softchoice Corporation
 
Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix LLC
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
Anil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
Anil
 
Comodo SOC service provider
Comodo SOC service providerComodo SOC service provider
Comodo SOC service provider
paulharry03
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
Kaspersky
 
What are the key cybersecurity KPIs that businesses.pptx
What are the key cybersecurity KPIs that businesses.pptxWhat are the key cybersecurity KPIs that businesses.pptx
What are the key cybersecurity KPIs that businesses.pptx
Simublade
 
4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdf4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdf
Jose R
 
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf
 
Service2Media: Webinar Security & Management (17 March 2014) by Derk Tegeler
Service2Media: Webinar Security & Management (17 March 2014) by Derk Tegeler Service2Media: Webinar Security & Management (17 March 2014) by Derk Tegeler
Service2Media: Webinar Security & Management (17 March 2014) by Derk Tegeler
Service2Media
 
Information Security
Information SecurityInformation Security
Information Security
divyeshkharade
 
PTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIAPTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIA
George Delikouras
 
Assessing and Managing IT Security Risks
Assessing and Managing IT Security RisksAssessing and Managing IT Security Risks
Assessing and Managing IT Security Risks
Chris Ross
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019
Ulf Mattsson
 
Evolving Threats Call For Integrated Endpoint Security Solutions With Holisti...
Evolving Threats Call For Integrated Endpoint Security Solutions With Holisti...Evolving Threats Call For Integrated Endpoint Security Solutions With Holisti...
Evolving Threats Call For Integrated Endpoint Security Solutions With Holisti...
John D. Haden
 
Wp evolving-threats-endpoint-security
Wp evolving-threats-endpoint-securityWp evolving-threats-endpoint-security
Wp evolving-threats-endpoint-security
Ai K
 
Future Trends in SOC Services What Indian Businesses Need to Know.pdf
Future Trends in SOC Services What Indian Businesses Need to Know.pdfFuture Trends in SOC Services What Indian Businesses Need to Know.pdf
Future Trends in SOC Services What Indian Businesses Need to Know.pdf
manoharparakh
 
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
Ulf Mattsson
 
Risk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedRisk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs Provided
Tiffany Graham
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016
Karl Kispert
 
Softchoice Security Consolidation Survey Results
Softchoice Security Consolidation Survey ResultsSoftchoice Security Consolidation Survey Results
Softchoice Security Consolidation Survey Results
Softchoice Corporation
 
Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix LLC
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
Anil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
Anil
 
Ad

More from Marc St-Pierre (20)

Opentext Incident Response (IR) Service Overview.pdf
Opentext Incident Response (IR) Service Overview.pdfOpentext Incident Response (IR) Service Overview.pdf
Opentext Incident Response (IR) Service Overview.pdf
Marc St-Pierre
 
Digital Forensics & Incident Response (DFIR) Service Overview.pdf
Digital Forensics & Incident Response (DFIR) Service Overview.pdfDigital Forensics & Incident Response (DFIR) Service Overview.pdf
Digital Forensics & Incident Response (DFIR) Service Overview.pdf
Marc St-Pierre
 
OpenText MxDR Advanced EDR Agent with Autonomous, Next-Gen Protection
OpenText MxDR Advanced EDR Agent with Autonomous, Next-Gen ProtectionOpenText MxDR Advanced EDR Agent with Autonomous, Next-Gen Protection
OpenText MxDR Advanced EDR Agent with Autonomous, Next-Gen Protection
Marc St-Pierre
 
OpenText AI project security and compliance services
OpenText AI project security and compliance servicesOpenText AI project security and compliance services
OpenText AI project security and compliance services
Marc St-Pierre
 
Data Protection Services Service Overview.pdf
Data Protection Services Service Overview.pdfData Protection Services Service Overview.pdf
Data Protection Services Service Overview.pdf
Marc St-Pierre
 
OpenText Vulnerability Assessment & Penetration Testing
OpenText Vulnerability Assessment & Penetration TestingOpenText Vulnerability Assessment & Penetration Testing
OpenText Vulnerability Assessment & Penetration Testing
Marc St-Pierre
 
Opentext Managed XDR paves the way for CyberResilience
Opentext Managed XDR paves the way for CyberResilienceOpentext Managed XDR paves the way for CyberResilience
Opentext Managed XDR paves the way for CyberResilience
Marc St-Pierre
 
OpenText Security Health Check Service
OpenText Security Health Check ServiceOpenText Security Health Check Service
OpenText Security Health Check Service
Marc St-Pierre
 
OpenText Cybersecurity Tabletop Exercise
OpenText Cybersecurity Tabletop ExerciseOpenText Cybersecurity Tabletop Exercise
OpenText Cybersecurity Tabletop Exercise
Marc St-Pierre
 
OpenText Cyber Resilience Fastrak
OpenText Cyber Resilience FastrakOpenText Cyber Resilience Fastrak
OpenText Cyber Resilience Fastrak
Marc St-Pierre
 
OpenText Cyber Resilience Program
OpenText Cyber Resilience ProgramOpenText Cyber Resilience Program
OpenText Cyber Resilience Program
Marc St-Pierre
 
MITRE ATT&CK framework and Managed XDR Position Paper
MITRE ATT&CK framework and Managed XDR Position PaperMITRE ATT&CK framework and Managed XDR Position Paper
MITRE ATT&CK framework and Managed XDR Position Paper
Marc St-Pierre
 
OpenText AI & Analytics Services and Solutions Catalog
OpenText AI & Analytics Services and Solutions CatalogOpenText AI & Analytics Services and Solutions Catalog
OpenText AI & Analytics Services and Solutions Catalog
Marc St-Pierre
 
OpenText Threat Hunting Service
OpenText Threat Hunting ServiceOpenText Threat Hunting Service
OpenText Threat Hunting Service
Marc St-Pierre
 
The Incident Response Decision Tree
The Incident Response Decision TreeThe Incident Response Decision Tree
The Incident Response Decision Tree
Marc St-Pierre
 
US Medical University trust OpenText to guard against cyber threats-en.pdf
US Medical University trust OpenText to guard against cyber threats-en.pdfUS Medical University trust OpenText to guard against cyber threats-en.pdf
US Medical University trust OpenText to guard against cyber threats-en.pdf
Marc St-Pierre
 
OpenText Managed Extended Detection and Response (MxDR)
OpenText Managed Extended Detection and Response (MxDR)OpenText Managed Extended Detection and Response (MxDR)
OpenText Managed Extended Detection and Response (MxDR)
Marc St-Pierre
 
Opentext Translation and Localization Services
Opentext Translation and Localization ServicesOpentext Translation and Localization Services
Opentext Translation and Localization Services
Marc St-Pierre
 
Digital Ethical Risk Assessment
Digital Ethical Risk AssessmentDigital Ethical Risk Assessment
Digital Ethical Risk Assessment
Marc St-Pierre
 
OpenText Translation & Localization Services
OpenText Translation & Localization ServicesOpenText Translation & Localization Services
OpenText Translation & Localization Services
Marc St-Pierre
 
Opentext Incident Response (IR) Service Overview.pdf
Opentext Incident Response (IR) Service Overview.pdfOpentext Incident Response (IR) Service Overview.pdf
Opentext Incident Response (IR) Service Overview.pdf
Marc St-Pierre
 
Digital Forensics & Incident Response (DFIR) Service Overview.pdf
Digital Forensics & Incident Response (DFIR) Service Overview.pdfDigital Forensics & Incident Response (DFIR) Service Overview.pdf
Digital Forensics & Incident Response (DFIR) Service Overview.pdf
Marc St-Pierre
 
OpenText MxDR Advanced EDR Agent with Autonomous, Next-Gen Protection
OpenText MxDR Advanced EDR Agent with Autonomous, Next-Gen ProtectionOpenText MxDR Advanced EDR Agent with Autonomous, Next-Gen Protection
OpenText MxDR Advanced EDR Agent with Autonomous, Next-Gen Protection
Marc St-Pierre
 
OpenText AI project security and compliance services
OpenText AI project security and compliance servicesOpenText AI project security and compliance services
OpenText AI project security and compliance services
Marc St-Pierre
 
Data Protection Services Service Overview.pdf
Data Protection Services Service Overview.pdfData Protection Services Service Overview.pdf
Data Protection Services Service Overview.pdf
Marc St-Pierre
 
OpenText Vulnerability Assessment & Penetration Testing
OpenText Vulnerability Assessment & Penetration TestingOpenText Vulnerability Assessment & Penetration Testing
OpenText Vulnerability Assessment & Penetration Testing
Marc St-Pierre
 
Opentext Managed XDR paves the way for CyberResilience
Opentext Managed XDR paves the way for CyberResilienceOpentext Managed XDR paves the way for CyberResilience
Opentext Managed XDR paves the way for CyberResilience
Marc St-Pierre
 
OpenText Security Health Check Service
OpenText Security Health Check ServiceOpenText Security Health Check Service
OpenText Security Health Check Service
Marc St-Pierre
 
OpenText Cybersecurity Tabletop Exercise
OpenText Cybersecurity Tabletop ExerciseOpenText Cybersecurity Tabletop Exercise
OpenText Cybersecurity Tabletop Exercise
Marc St-Pierre
 
OpenText Cyber Resilience Fastrak
OpenText Cyber Resilience FastrakOpenText Cyber Resilience Fastrak
OpenText Cyber Resilience Fastrak
Marc St-Pierre
 
OpenText Cyber Resilience Program
OpenText Cyber Resilience ProgramOpenText Cyber Resilience Program
OpenText Cyber Resilience Program
Marc St-Pierre
 
MITRE ATT&CK framework and Managed XDR Position Paper
MITRE ATT&CK framework and Managed XDR Position PaperMITRE ATT&CK framework and Managed XDR Position Paper
MITRE ATT&CK framework and Managed XDR Position Paper
Marc St-Pierre
 
OpenText AI & Analytics Services and Solutions Catalog
OpenText AI & Analytics Services and Solutions CatalogOpenText AI & Analytics Services and Solutions Catalog
OpenText AI & Analytics Services and Solutions Catalog
Marc St-Pierre
 
OpenText Threat Hunting Service
OpenText Threat Hunting ServiceOpenText Threat Hunting Service
OpenText Threat Hunting Service
Marc St-Pierre
 
The Incident Response Decision Tree
The Incident Response Decision TreeThe Incident Response Decision Tree
The Incident Response Decision Tree
Marc St-Pierre
 
US Medical University trust OpenText to guard against cyber threats-en.pdf
US Medical University trust OpenText to guard against cyber threats-en.pdfUS Medical University trust OpenText to guard against cyber threats-en.pdf
US Medical University trust OpenText to guard against cyber threats-en.pdf
Marc St-Pierre
 
OpenText Managed Extended Detection and Response (MxDR)
OpenText Managed Extended Detection and Response (MxDR)OpenText Managed Extended Detection and Response (MxDR)
OpenText Managed Extended Detection and Response (MxDR)
Marc St-Pierre
 
Opentext Translation and Localization Services
Opentext Translation and Localization ServicesOpentext Translation and Localization Services
Opentext Translation and Localization Services
Marc St-Pierre
 
Digital Ethical Risk Assessment
Digital Ethical Risk AssessmentDigital Ethical Risk Assessment
Digital Ethical Risk Assessment
Marc St-Pierre
 
OpenText Translation & Localization Services
OpenText Translation & Localization ServicesOpenText Translation & Localization Services
OpenText Translation & Localization Services
Marc St-Pierre
 
Ad

Recently uploaded (20)

Best IPTV Service Providers (Updates 2025).pdf
Best IPTV Service Providers (Updates 2025).pdfBest IPTV Service Providers (Updates 2025).pdf
Best IPTV Service Providers (Updates 2025).pdf
Kimberly Burns
 
Dishwasher Maintenance Hacks: Simple Tips for Optimal Performance
Dishwasher Maintenance Hacks: Simple Tips for Optimal PerformanceDishwasher Maintenance Hacks: Simple Tips for Optimal Performance
Dishwasher Maintenance Hacks: Simple Tips for Optimal Performance
JosefEshet
 
Voices of Progress: How Empower Atlanta Magazine is Shaping the City’s Future
Voices of Progress: How Empower Atlanta Magazine is Shaping the City’s FutureVoices of Progress: How Empower Atlanta Magazine is Shaping the City’s Future
Voices of Progress: How Empower Atlanta Magazine is Shaping the City’s Future
jamesvince9898
 
Designer Mehndi Outfits For Brides In India
Designer Mehndi Outfits For Brides In IndiaDesigner Mehndi Outfits For Brides In India
Designer Mehndi Outfits For Brides In India
priynkajain92
 
Flutter App Development Company in Delhi.ppt
Flutter App Development Company in Delhi.pptFlutter App Development Company in Delhi.ppt
Flutter App Development Company in Delhi.ppt
India Internets
 
Corporate Headshots Temecula California USA
Corporate Headshots Temecula California USACorporate Headshots Temecula California USA
Corporate Headshots Temecula California USA
Bashe + Still Photography
 
Key Features of a Gen-Z-Friendly WordPress Website
Key Features of a Gen-Z-Friendly WordPress WebsiteKey Features of a Gen-Z-Friendly WordPress Website
Key Features of a Gen-Z-Friendly WordPress Website
World Web Technology Pvt Ltd
 
Hidden Dust Zones Where Spring Allergens Love to Hide.pdf
Hidden Dust Zones Where Spring Allergens Love to Hide.pdfHidden Dust Zones Where Spring Allergens Love to Hide.pdf
Hidden Dust Zones Where Spring Allergens Love to Hide.pdf
London Domestic Cleaners
 
Lovely Foundation: Improving Lives, Fighting Poverty in India
Lovely Foundation: Improving Lives, Fighting Poverty in IndiaLovely Foundation: Improving Lives, Fighting Poverty in India
Lovely Foundation: Improving Lives, Fighting Poverty in India
Lovely Foundation
 
Best 14 IPTV reseller services to look for in 2025.pdf
Best 14 IPTV reseller services to look for in 2025.pdfBest 14 IPTV reseller services to look for in 2025.pdf
Best 14 IPTV reseller services to look for in 2025.pdf
tahmidtazbidishmam
 
ChennaiCourierServices at Sembakkaam Chennai
ChennaiCourierServices at Sembakkaam ChennaiChennaiCourierServices at Sembakkaam Chennai
ChennaiCourierServices at Sembakkaam Chennai
Chennai Courier Services
 
India Call from US- Calling Services .ppt
India Call from US- Calling Services .pptIndia Call from US- Calling Services .ppt
India Call from US- Calling Services .ppt
Best International calling app on the market
 
Top rated digital marketing agency -digital dhaani.pptx
Top rated digital marketing agency -digital dhaani.pptxTop rated digital marketing agency -digital dhaani.pptx
Top rated digital marketing agency -digital dhaani.pptx
dhaanijindalofficial
 
Top 10 IPTV service providers in 2025 USA UK & Europe (1).pdf
Top 10 IPTV service providers in 2025 USA UK & Europe (1).pdfTop 10 IPTV service providers in 2025 USA UK & Europe (1).pdf
Top 10 IPTV service providers in 2025 USA UK & Europe (1).pdf
Evelyn Richardson
 
Utox Pigment Suppliers In India, Bansal Trading Company
Utox Pigment Suppliers In India, Bansal Trading CompanyUtox Pigment Suppliers In India, Bansal Trading Company
Utox Pigment Suppliers In India, Bansal Trading Company
Bansal Trading
 
The Smart Way to Hire Mobile App Developers
The Smart Way to Hire Mobile App DevelopersThe Smart Way to Hire Mobile App Developers
The Smart Way to Hire Mobile App Developers
The Tech Clouds
 
Shopify Virtual Assistant: Boost Your Store
Shopify Virtual Assistant: Boost Your StoreShopify Virtual Assistant: Boost Your Store
Shopify Virtual Assistant: Boost Your Store
OnestopDA
 
LPU_Security_Services_Presentation.pptx.
LPU_Security_Services_Presentation.pptx.LPU_Security_Services_Presentation.pptx.
LPU_Security_Services_Presentation.pptx.
jinny kaur
 
Best IPTV Provider 2025_ Top-Rated Streaming Services.pdf
Best IPTV Provider 2025_ Top-Rated Streaming Services.pdfBest IPTV Provider 2025_ Top-Rated Streaming Services.pdf
Best IPTV Provider 2025_ Top-Rated Streaming Services.pdf
Donald M. Lott
 
The best Web Application Development Company for Tailor-Made Solutions
The best Web Application Development Company for Tailor-Made SolutionsThe best Web Application Development Company for Tailor-Made Solutions
The best Web Application Development Company for Tailor-Made Solutions
bhoomidmit
 
Best IPTV Service Providers (Updates 2025).pdf
Best IPTV Service Providers (Updates 2025).pdfBest IPTV Service Providers (Updates 2025).pdf
Best IPTV Service Providers (Updates 2025).pdf
Kimberly Burns
 
Dishwasher Maintenance Hacks: Simple Tips for Optimal Performance
Dishwasher Maintenance Hacks: Simple Tips for Optimal PerformanceDishwasher Maintenance Hacks: Simple Tips for Optimal Performance
Dishwasher Maintenance Hacks: Simple Tips for Optimal Performance
JosefEshet
 
Voices of Progress: How Empower Atlanta Magazine is Shaping the City’s Future
Voices of Progress: How Empower Atlanta Magazine is Shaping the City’s FutureVoices of Progress: How Empower Atlanta Magazine is Shaping the City’s Future
Voices of Progress: How Empower Atlanta Magazine is Shaping the City’s Future
jamesvince9898
 
Designer Mehndi Outfits For Brides In India
Designer Mehndi Outfits For Brides In IndiaDesigner Mehndi Outfits For Brides In India
Designer Mehndi Outfits For Brides In India
priynkajain92
 
Flutter App Development Company in Delhi.ppt
Flutter App Development Company in Delhi.pptFlutter App Development Company in Delhi.ppt
Flutter App Development Company in Delhi.ppt
India Internets
 
Corporate Headshots Temecula California USA
Corporate Headshots Temecula California USACorporate Headshots Temecula California USA
Corporate Headshots Temecula California USA
Bashe + Still Photography
 
Key Features of a Gen-Z-Friendly WordPress Website
Key Features of a Gen-Z-Friendly WordPress WebsiteKey Features of a Gen-Z-Friendly WordPress Website
Key Features of a Gen-Z-Friendly WordPress Website
World Web Technology Pvt Ltd
 
Hidden Dust Zones Where Spring Allergens Love to Hide.pdf
Hidden Dust Zones Where Spring Allergens Love to Hide.pdfHidden Dust Zones Where Spring Allergens Love to Hide.pdf
Hidden Dust Zones Where Spring Allergens Love to Hide.pdf
London Domestic Cleaners
 
Lovely Foundation: Improving Lives, Fighting Poverty in India
Lovely Foundation: Improving Lives, Fighting Poverty in IndiaLovely Foundation: Improving Lives, Fighting Poverty in India
Lovely Foundation: Improving Lives, Fighting Poverty in India
Lovely Foundation
 
Best 14 IPTV reseller services to look for in 2025.pdf
Best 14 IPTV reseller services to look for in 2025.pdfBest 14 IPTV reseller services to look for in 2025.pdf
Best 14 IPTV reseller services to look for in 2025.pdf
tahmidtazbidishmam
 
ChennaiCourierServices at Sembakkaam Chennai
ChennaiCourierServices at Sembakkaam ChennaiChennaiCourierServices at Sembakkaam Chennai
ChennaiCourierServices at Sembakkaam Chennai
Chennai Courier Services
 
India Call from US- Calling Services .ppt
India Call from US- Calling Services .pptIndia Call from US- Calling Services .ppt
India Call from US- Calling Services .ppt
Best International calling app on the market
 
Top rated digital marketing agency -digital dhaani.pptx
Top rated digital marketing agency -digital dhaani.pptxTop rated digital marketing agency -digital dhaani.pptx
Top rated digital marketing agency -digital dhaani.pptx
dhaanijindalofficial
 
Top 10 IPTV service providers in 2025 USA UK & Europe (1).pdf
Top 10 IPTV service providers in 2025 USA UK & Europe (1).pdfTop 10 IPTV service providers in 2025 USA UK & Europe (1).pdf
Top 10 IPTV service providers in 2025 USA UK & Europe (1).pdf
Evelyn Richardson
 
Utox Pigment Suppliers In India, Bansal Trading Company
Utox Pigment Suppliers In India, Bansal Trading CompanyUtox Pigment Suppliers In India, Bansal Trading Company
Utox Pigment Suppliers In India, Bansal Trading Company
Bansal Trading
 
The Smart Way to Hire Mobile App Developers
The Smart Way to Hire Mobile App DevelopersThe Smart Way to Hire Mobile App Developers
The Smart Way to Hire Mobile App Developers
The Tech Clouds
 
Shopify Virtual Assistant: Boost Your Store
Shopify Virtual Assistant: Boost Your StoreShopify Virtual Assistant: Boost Your Store
Shopify Virtual Assistant: Boost Your Store
OnestopDA
 
LPU_Security_Services_Presentation.pptx.
LPU_Security_Services_Presentation.pptx.LPU_Security_Services_Presentation.pptx.
LPU_Security_Services_Presentation.pptx.
jinny kaur
 
Best IPTV Provider 2025_ Top-Rated Streaming Services.pdf
Best IPTV Provider 2025_ Top-Rated Streaming Services.pdfBest IPTV Provider 2025_ Top-Rated Streaming Services.pdf
Best IPTV Provider 2025_ Top-Rated Streaming Services.pdf
Donald M. Lott
 
The best Web Application Development Company for Tailor-Made Solutions
The best Web Application Development Company for Tailor-Made SolutionsThe best Web Application Development Company for Tailor-Made Solutions
The best Web Application Development Company for Tailor-Made Solutions
bhoomidmit
 

Managed Detection and Response (MDR) Whitepaper

  • 1. White paper Your Guide to OpenText™ and Filogix® Collaborative Document Solutions Maintaining 66 ABC™ Part 1 Active® Compliance The biggest challenges of Life Sciences companies today are maintaining a robust product pipeline and reducing time to market while complying with an increasing and evolving multitude of Federal and international regulations. Managed Detection and Response (MDR): Investigative Capability as a Key Selection Factor Dr. Edward G. Amoroso Chief Executive Officer, TAG Cyber Distinguished Research Professor, NYU Managed detection and response (MDR) solutions benefit from investigative capabilities, particularly as derived and evolved from the digital forensic community. Buyers should thus include investigative experience as a selection factor when reviewing MDR offerings.
  • 2. Copyright © 2021 Open Text. All Rights Reserved. Trademarks owned by Open Text. Managed Detection and Response (MDR): Investigative Capability as a Key Selection Factor Introduction The emergence of managed security service (MSS) offerings in the late 1990’s was driven primarily by the need for enterprise teams to have experts remotely manage their firewall and review the log records being generated. As offerings from managed security service providers (MSSPs) evolved, and as perimeter-based firewalls became less important, the emphasis of most MSS solutions shifted from device management toward the analysis of collected logs. In this report, we outline how this shift has resulted in increased emphasis by practitioners on new managed detection and response (MDR) commercial offerings. As will be outlined below, such MDR solutions combine data collection, correlative processing, incident response, and data analysis support for the enterprise buyer. They also help to address the security skills gap by augmenting the enterprise team with outsourced experts. We also focus in this report on a key selection factor that buyers are advised to consider in their selection of an MDR partner. This key factor, investigative capability, involves the MDR vendor’s ability to perform analytic tasks to make sense of the data from managed infrastructure. The case is made here that investigative capabilities, including how such expertise has evolved within the vendor team, is a primary predictor of MDR success. Baseline MDR Capabilities The best way to differentiate traditional MSS from evolved MDR is to visualize where these respective offerings reside in the defensive lifecycle model included in the NIST Cyber Security Framework (CSF) . Most observers view any shift along this model as being either a shift-left toward more preventive focus, or a shift-right toward more detection and response focus. Figure 1 below depicts this shift landscape. Figure 1. Landscape Shift Options: Left and Right One of the main reasons MDR solutions have been so successful is that advanced cyber threats have been so difficult to prevent, especially when they are initiated by capable actors such as nation-state military groups. Security teams have had to place their primary focus on addressing on-going incidents, responding to live attacks, or responding to completed incidents with the necessary remediation and recovery actions. The result has been a definitive shift right in the cyber security industry, with major emphasis on detection and response. In addition to MDR, buyers now have access to solutions for network detection and response (NDR), endpoint detection and response (EDR), and even extended (wildcard) detection and response (XDR). Each of these offerings focuses its attention on dealing with on-going or previous incidents. Identify Protect Detect Respond Recover MDR Servce Emphasis Shift Right Shift Left Focus on Preventing Cyber Attacks Focus on Dealing with Cyber Attacks 1 https://www.nist.gov/cyberframework
  • 3. Copyright © 2021 Open Text. All Rights Reserved. Trademarks owned by Open Text. Managed Detection and Response (MDR): Investigative Capability as a Key Selection Factor Investigation as a Key MDR Component As might be evident in this shift, MDR solutions are heavily oriented toward investigation of incidents versus the earlier focus in previous generations of managed security on prevention and mitigation. This emphasis suggests that the selection process for an MDR vendor should include sufficient review of the local capability for supporting investigation work, based on collected data before, during, and after an incident. One area where such investigative capability has been particularly highlighted is digital forensics. For many years, enterprise teams, law enforcement, and other stakeholders have used digital forensic methods to investigate the characteristics and data on targeted devices, systems, and software (including stored and ephemeral data). The resulting best practices offer excellent insight into the types of methods that should be included in any MDR offer. Elements of Digital Forensic Investigation When law enforcement and other forensic examiners are working a digital investigation, they must engage either explicitly or implicitly with a four-step lifecycle model that includes many discrete tasks. Each task in this model – which is represented below as a de facto guide, rather than a formal standard – is designed to help uncover insights from artifacts, and most are now heavily reliant on technology support for proper execution. Figure 2. Elements of Cyber Investigation Step 1: Preservation This involves freezing any activity that might damage or change important digital evidence. This type of activity applies to MDR offerings, where collected logs, telemetry and other ephemeral data must be stored securely — without the possibility of tampering or damage. Step 2: Collection This involves obtaining the digital evidence that will be required for the investigation. MDR solutions have analogous collection capability with the capture of remote logs, audit records, alerts, alarms, and other telemetry from the managed infrastructure. Step 3: Examination This involves technical and systematic review and search of evidence relevant to the investigation. Every MDR must include similar examination capability, usually performed using a combination of automated and manual procedures in the MDR SOC. Step 4: Analysis This important task involves the correlative and logical review of digital evidence to draw conclusions. Increasingly, MDR solutions use intelligent algorithms to perform the analysis task. Such solutions typically combine the best elements of signature, behavioral, and artificial intelligence-based processing. Step 5: Reporting This final step involves documenting findings in a manner useful to all participants in the investigation. Every MDR now includes the requirement to support reporting requirements, often with the nuance that summary analyses be consumable by both cyber experts and business executives. This analysis of digital forensics methods suggests that any selected MDR platform and supporting vendor should be rooted deeply in proper digital investigative capability. As outlined above, MDR solutions focus on detection and response – both of which are essential aspects of the five-step process for digital forensic investigation. It therefore stands to reason that an MDR vendor must have deep understanding in this area. Preservation Collection Examination Analysis Reporting Progress in Digital Forensic Investigation Several academic works (including https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.258.7882&rep=rep1&type=pdf) use this basic model to describe digital forensic examination.
  • 4. Copyright © 2021 Open Text. All Rights Reserved. Trademarks owned by Open Text. Managed Detection and Response (MDR): Investigative Capability as a Key Selection Factor Questions to Ask Your MDR Vendor The TAG Cyber analyst team recommends that buyers considering MDR options should adjust their conventional source selection process to include increased emphasis on investigative expertise and experience amongst the MDR principals. To that end, we have created a series of simple questions that might be asked of the MDR solution provider to help gauge this level of investigative capability which we believe helps to predict the success of an MDR engagement: About TAG Cyber TAG Cyber is a trusted cyber security research analyst firm, providing unbiased industry insights and recommendations to security solution providers and Fortune 100 enterprises. Founded in 2016 by Dr. Edward Amoroso, former SVP/CSO of AT&T, the company bucks the trend of pay-for-play research by offering in-depth research, market analysis, consulting, and personalized content based on hundreds of engagements with clients and non-clients alike—all from a former practitioner perspective. Copyright © 2021 TAG Cyber LLC. This report may not be reproduced, distributed, or shared without TAG Cyber’s written permission. The material in this report is comprised of the opinions of the TAG Cyber analysts and is not to be interpreted as consisting of factual assertions. All warranties regarding the correctness, usefulness, accuracy, or completeness of this report are disclaimed herein. To what degree does the MDR vendor possess direct forensic investigative experience with modern digital scenarios? Obviously, digital forensics and MDR are different activities, and we fully understand that contracts for MDR will likely not include work items for forensic analysis of devices and other systems. Having local experience with digital forensics, however, strikes the TAG Cyber analyst team as being a good predictor of how well the organization can handle digital review, data analysis, and investigative support. What platforms and tools is the MDR solution provider familiar with in the context of modern digital forensic investigation? The desired level of experience with digital forensics across the MDR team should be complemented with an understanding and familiarity with best-in-class tools for supporting investigations. MDR teams might not use these tools directly in their detection and response engagements, but we believe that prior or on-going experience supporting investigation using the best commercial tools is a reasonable requirement for a good MDR team. What is the MDR vendor’s methodology for weaving digital forensic capabilities into their day-to-day detection and response support? This question does focus on the synergy between digital forensics and MDR support. In particular, it asks the MDR vendor how investigative experience and expertise can be woven into the detection and response activities in support of the enterprise customer. This synergy can be strategic, offering framework guidance on how to design a data analysis program, or it can be tactical, offering more specific step-by-step assistance in dealing with a given task.