MANAGED SECURITY SERVICES (MSS)
THE CYBER SECURITY INITIATIVE.
Cybercrime is becoming an important factor for CIOs and IT professionals, but also
for CFOs, compliance officers and business owners. The current cyber security
threat landscape is getting more and more complex and the decision of buying and
implementing solutions to defend against cybercrime can be quite challenging.
In many cases security requirements have become part of compliance requirements, such as the Payment Card Industry Data Security Standard (PCI DSS), the Health Insurance Portability and Accountability Act (HIPAA), and others. Additionally, the cost of cybercrime to businesses is on the rise with the majority of this cost coming from web attacks and malicious code.
Motivations can vary, but cyber security readiness is becoming a must for most organizations regardless of their size or vertical.
ABOVE SECURITY’S
MANAGED SECURITY
SERVICE OFFERING
HELPS ORGANIZATIONS
• Detect and prevent cyber attacks
• Manage network and applications vulnerabilities • Comply with regulations • Work with security specialists • Get the best protection
possible at a fraction of the cost
Costs to
Business
from Cyber
Crime
$35,514
$4,781
$124,083
$143,209
$100,300
Phishing, Social Engi-neering
Virus, Worms, Trojans, Botent, Malware
Web Attacks
Malicious Code Malicious Insiders
THE CASE FOR MANAGED SECURITY SERVICES
The threat landscape is an ever-changing one. Hackers are continuously coming up
with new tactics and exploring new vulnerabilities in today’s fluid IT environments.
While on-premise Security Information and Event Management (SIEM) systems
provide a certain level of protection through log collection and management, they
require significant in-house expertise and continuous training and education. Staffing
can also be challenging, as monitoring critical IT assets on a 24/7 basis requires a
high level of specialized staff.
1 Year 3 Years 5 Years
$1,600,000 $1,200,000 $800,000 $400,000 $0 In-House Cyber Security Cost Above Security Cost $544,300 $144,000 $1,040,750 $1,593,000 $648,000 $396,000
Outsourcing your security can be a tough decision to make, but for many organizations it makes business sense. Here are a few reasons why you should consider it:
• Staying up to date on the latest security threats can be mission impossible if you don’t have dedicated staff for it. Monitoring and protecting your IT assets from cyber attacks is the core expertise offered by Managed Security Service Providers (MSSPs).
• MSSP security expert teams will vet all the alerts produced by the various devices that you may have in your infrastructure to the handful of events that your team needs to deal with, thus reducing cost while increasing efficiency.
• The initial and continuous infrastructure and staffing investment in a security solution can be daunting to some businesses. But even if you can afford that, outsourcing your security services can slash your investment by a significant margin depending on the size of your infrastructure. That should allow you to get the best protection possible and still have the budget to invest in your core business.
MONITORING 1 YEAR 3 YEARS 5 YEARS
Recruitment fees for specialized resources $22,500 $22,500 $22,500
2 full-time employees $150,000 $450,000 $750,000
Staff management (15% annual salary of the manager) $15,000 $45,000 $75,000 Specialized training ($3,000/year/employee) $6,000 $12,000 $18,000
Subtotal (HR) $193,500 $529,500 $865,500
3 IDS/IPS sensors and management console $154,000 $154,000 $154,000
IDS/IPS annual maintenance $30,800 $115,500 $231,000
Vulnerability scanner (software and server) $3,500 $10,500 $17,500
Log aggregation (SIEM appliance) $125,000 $125,000 $125,000
SIEM deployment (10% minimum) $12,500 $12,500 $12,500
SIEM annual maintenance $25,000 $93,750 $187,500
Total (HR & Hardware) $544,300 $1,040,750 $1,593,000
Implementation fees (3 sensors) $18,000 $18,000 $18,000
3 IDS/IPS sensors (3,500$/sensor/month) $126,000 $378,000 $630,000
Annual maintenance $0 $0 $0
Vulnerability scanner $0 $0 $0
Log aggregation $0 $0 $0
Total (Above Security) $144,000 $396,000 $648,000
Calculations for 2 employees providing support from
9 to 5 with 24/7 pager $400,300 $644,750 $945,000
Calculation for 5 employees providing 24/7
monitoring** $678,550 $1,439,000 $2,243,250
Savings vs. 24/7 Operations In-house
HUMAN RESOURCES
HARDWARE**
Outsourced (executed by Above Security)
* The details of these calculations can be provided upon request.
Minimum Savings
CYBER SECURITY MONITORING COSTS
FOR A MEDIUM-SIZED BUSINESS
• COMPLIANCE
As an independent service provider, an MSSP can oversee change control procedures to make sure that compliance with internal and external rules and regulations is maintained at all times.
• CONSTANT UPDATES
An MSSP can also help maintain all security devices up to date with the latest frame ware updates, thus reducing your exposure to possible vulnerabilities in your network.
• INDUSTRY EXPERIENCE
MSSPs are set up to manage large infrastructures of many clients. Choosing a MSSP can provide a future-proof solution as they can match your business growth requirements seamlessly.
• SECURITY EXPERTISE
By selecting to work with an MSSP, your team will have a specialized security team extension that has well documented procedures to deal with security threats. This will help your IT staff respond to security events in the most efficient manner.
ARKANGEL –
STANDARD FEATURES OF ABOVE SECURITY
MANAGED SECURITY SERVICE (MSS) INCLUDE:
THREAT MONITORING – 24x7 monitoring, management and notification
of internal and external threats to your organization’s network environment
insuring optimal protection from cyber attacks at all time.
INTRUSION DETECTION & PREVENTION SYSTEMS (IDS/IPS) – Networks
are monitored for malicious activity and policy violations, triggered alerts
are analyzed in real time, security incident reports are prepared and security
incidents are escalated according to the conditions established in the
escalation procedure.
EVENT CORRELATION – Information from a variety of sources, e.g. security
logs, vulnerability scans, and IDS alerts, is evaluated to recognize event
patterns that may have a bearing on the organization’s security posture.
LOG MANAGEMENT – Security-related log data is captured and analyzed
in order to identify security incidents, fraudulent activity, and operational
problems.
INCIDENT RESPONSE MANAGEMENT – As soon as a security alert is
detected, a certified security analyst investigates the alert based on his or
her expertise and understanding of the customer’s infrastructure. If the alert
is determined to be a threat to the customer’s network, it will be escalated
according to the parameters established in conjunction with the customer.
VULNERABILITY ASSESSMENTS – Vulnerabilities and weaknesses in
the network are identified and managed. A variety of network devices, e.g.
servers, appliances, applications and workstations, can be scanned for
vulnerabilities.
REPORTING – Regularly provided reports are a valuable method to provide
Sales Offices
Canada (World Headquarters) Mexico
Switzerland
United Arab Emirates United States
Security Operations Centers
Montreal, CanadaSierre, Switzerland Winnipeg, Canada Mexico City, Mexico
Telephone. +1-450-430-8166
Toll Free. +1-866-430-8166
Email. [email protected]
Web. www.abovesecurity.com
ABOUT ABOVE SECURITY
Founded in 1999, Above Security – A Hitachi Group Company is a Global IT Security Service Provider who builds and delivers customized services for monitoring and protecting the most critical and sensitive IT assets in our customers’ infrastructures 24/7. With a relentless focus on risk management, and continuous improvement of our technology and incident response processes, our clients count on us to provide the right solutions for their businesses - quickly, effectively and with expertise beyond the industry standards. Our mission is to make the Internet a safer place for all, to harness the full potential of connecting people and businesses together to build trust relationships that can be the catalyst of worry-free collaboration and limitless innovation. In 2015, Above Security was acquired by Hitachi Systems Ltd. and now operates under the name “Above Security – A Hitachi Group Company.”
