CYBERSECURITY MANAGED DETECTION & RESPONSE: SHOULD YOUR BUSINESSES CONSIDER OUTSOURCED MANAGED DETECTION & RESPONSE (MDR) SERVICES? - April 13 ...
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
CYBERSECURITY MANAGED DETECTION & RESPONSE: SHOULD YOUR BUSINESSES CONSIDER OUTSOURCED MANAGED DETECTION & RESPONSE (MDR) SERVICES? April 13, 2021
With You Today
Paul Truitt Steve Combs
Managing Director Director
Cyber Security Infrastructure Solutions Group
BDO Digital BDO Digital
2 www.bdo.com/digital
Agenda State of Cybersecurity What is MDR/EDR/XDR? The Impact of Cyber Threats Security Operations Center What tools might you own? BDO Digital’s Approach 3
State of Cyber Security 4
The Current Cyber Landscape
Cyber threats are real and will continue to impact organizations
88% or organizations experienced spear phishing attempts in 2019 (Proofpoint)
95% of cybersecurity breaches are caused by human error (Cybint)
There is a hacking attack every 39 seconds (University of Maryland)
The global average cost of a data breach is $3.9M across SMBs, and $116M if publicly traded. (Compliance
Week)
Since COVID-19 the US FBI reported a 300% increase in reported cybercrimes (CNBC)
9.7 Million healthcare records were compromised in September 2020 alone (HIPAA Journal)
Unfilled cybersecurity jobs worldwide is projected to be 3.5 million in 2021 (Cybersecurity Ventures)
The average time to identify and contain a data breach in 2020 was 280 days (Security Intelligence)
5
Poll Question Does your company provide security awareness training that you recall taking in the past year? 1. Yes 2. No 3. No idea what you're talking about 6
How Do Breaches Occur?
MALWARE AND VULNERABILITIES ARE NOT THE FAST AND EFFECTIVE PHISHING ATTACKS GIVE
ONLY THING TO WORRY ABOUT YOU LITTLE TIME TO REACT
11% 33% 80% 50%
increase in security of breaches included of reported security of those who open and
breaches since 20181 phishing or social incidents are phishing click attachments do so
engineering2 attacks3 within the first hour4
1. Ponemon Institute 3. CSO Online
2. Verizon Data Breach Investigation Report 4. Verizon Data Breach Investigation Report
7
Poll Opportunity How have you been impacted by phishing? 1. I have received a phishing email and reported it to my company 2. I have caught a large mouth bass recently 3. My company has been a victim of a phishing attack 8
COVID-19 and Cybersecurity
COVID-19 Related Cyber-Attacks Key Cybersecurity Questions to
Consider
Increase in attacks using fake e-mails and
fake websites Do you know what to do?
Rise of ransomware attacks worldwide Do you know how to do it?
Increased number of business financial Do you have the people to do it?
e-mail compromises
9
What’s the Impact to Your Organization?
Potentially Potentially Regulatory Direct monetary Loss of trust if your
compromised compromised obligations to losses if financial address is used to
PII/ePHI financial data, report/disclose the account information send out malicious
future plans, etc. data breach and is disclosed emails
potentially fines for
failure to do so
COVID-19 IS DOING ENOUGH DAMAGE, PROTECT YOUR BUSINESS FROM MORE.
10Protection Requires a Broad Approach
Identity and access Threat Information Cloud
management protection protection security
11When threats change daily, how to you protect your organization? 12
Hire Help– but how and what solution?
EDR: Enterprise Detection MDR: Managed Detection XDR: Extended Detection
and Response software and Response and Response
MSSP: Managed Security SIEM: Security Information
Services Provider & Event Management
13Poll Question Do you currently outsource cyber services? 1. MDR 2. SIEM/SOC 3. Penetration testing 4. Other 5. No Please set this one to allow to select one or more. 14
What is a SOC? Centralized Security Monitoring Security Incident Investigators Threat Notification & Alerting Security Orchestration, Automation & Response (SOAR) Automated Incident response Case/Ticket Management Logging and Auditing for Compliance Analytics and AI Cyber Intelligent Threat Hunting 15
SOC Overview
Keys:
People
Process
Tools
16Outsourced MDR Service 17
Managed Detection and Response (MDR)
It is often a challenge for clients to achieve an optimum BDO Managed Cyber security solutions
level of cyber readiness using internal resources only. Managed Azure Sentinel
BDO’s managed detection and response services provides
clients with a coordinated operational and technical Managed EDR - Palo Alto Networks Cortex XDR /
approach to safeguard the confidentiality, integrity, Defender ATP
availability and security of their data and systems. BY SIEM-as-a-service incl. content (alerts, forensics)
optimizing the use of technologies, expertise and Managed phishing prevention, detection and response
experience 24/7 security teams, we seek out malicious
Managed DNS prevention and monitoring
activity and anomalous behavior to detect, identify,
classify, act upon, and constantly enhance the defensive BDO SOC services
capabilities. 24/7 Monitoring & Detection Services
Response guidance/management in case of incident
Service portal
Threat Hunting Services
Content development
18Managed Detection and Response (MDR)
EDR/XDR SIEM/SOC as a Services
Sophisticated end point 24/7/365 Monitoring,
protection, hunting, detection and response
protection, response, services.
etc.
BDO
MDR
DNS Monitoring Email Protection
Real-time threat Anti-Phishing, Business
monitoring and Email Compromise,
blocking. Malware, etc.
19What makes a good MDR Provider?
They are an expert in evaluating, investigating, and taking action on
security threats against endpoint technology.
If they say they are product agnostic they are likely NOT a good
provider.
An expert in a few specific EDR technologies which will be
integrated into an automation platform.
Their SOC team will be highly trained, certified and knowledgeable
in security investigation (ask for what training they take and
certifications).
The team investigating and responding at 3am should be equally
skilled as the team at 3pm.
20Complete Cyber Solution Existing cyber service offerings all wrapped
with managed services.
Managed SIEM – Custom content, dashboards
and client visualizations developed in Microsoft
Sentinel.
A well run MDR service
brings multiple cyber
services into a single Incident MDR Vulnerability Management – managed scanning,
asset identification, and issue/vulnerability
managed offering Response tracking.
proving a holistic
approach to reduce Annual Assessment – strategic opportunity to
overall cyber risk and CISO Managed manage the overall cyber maturity through
BDO’s assessment services.
significantly improve Services SIEM
the time to respond to
CISO Services – provide strategic direction on
a cyber incident. new projects and assist with internal support
Annual for external audits.
Vuln Mgt
Assessment
Incident Response – retainer-based service to
guarantee response time for an incident as
well as provide annual tabletop testing service.
21Sentinel Based Managed Detection and Response Architecture
Azure Sentinel and
O365 Defender ATP Lighthouse
Automation
SOAR Platform
Customer Tenant Security Operations
Customer Tenant Client Dashboard
Center
On-prem
FW, Network, Server MSSP Platform
22Fully Leverage Microsoft Solutions 23
Poll Do you feel you fully utilize your existing Microsoft M365 packages? 1. Yes 2. No 3. Not sure 24
Organizations pay for duplicate tools
Observations
Tools are not inter-connected
Lacks full inter operability with Windows
and/or other applications
25Potential Money Saving Opportunities 26
Microsoft Suite Review 27
Microsoft EMS Solutions 28
Microsoft Security Operations 29
Ways to Engage
CONTACTS
Contact BDO Digital and Seyfarth Shaw:
www.bdo.com/digital/contact PAUL TRUITT
Managing Director
Cyber Security, BDO Digital
ptruitt@bdo.com
Real-world client example:
www.bdo.com/digital/services/governance-risk- STEVE COMBS
compliance/privacy-cybersecurity Director
Infrastructure Solutions
Insights Group, BDO
www.bdo.com/digital/insights scombs@bdo.com
30Thank you 31
BDO Digital, LLC is a Delaware limited liability company, and a wholly-owned subsidiary of BDO USA, LLP. BDO USA, LLP. BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK company limited by guarantee, and forms part of the international BDO network of independent member firms. BDO is the brand name for the BDO network and for each of the BDO Member Firms. For more information on BDO Digital, LLC please visit: www.bdo.com/digital. www.bdo.com This document contains information that is proprietary and confidential to BDO USA, LLP, the disclosure of which could provide substantial benefit to competitors offering similar services. Thus, this document may not be disclosed, used, or duplicated for any purposes other than to permit you to evaluate BDO to determine whether to engage BDO. If no contract is awarded to BDO, this document and any copies must be returned to BDO or destroyed. Material discussed is meant to provide general information and should not be acted on without professional advice tailored to your needs. © 2021 BDO USA, LLP. All rights reserved. www.bdo.com
You can also read
