Cyberbreachesaregrowinginbothfrequencyandseverity.Despitethevastamountsbeingspentontoday’sstateoftheartcybersecuritysolutions-databreachesarehappeningatanincreasingratewithover600detectedandreportedintheU.S.alonebyAugust2016,andgreaterseveritywithover20millionexposedrecords,a20%increaseoverrecord-breakingyears2014and2015,accordingtotheITRC.Mostorganizationsareunabletoproperlydealwithcyberthreatsbecause:theyaretooslowtoidentifythemandtooslowtostopthemfrominflictingdamageoncetheorganizationisbreached.Thechallengeismostcybersecuritysolutionsrequirehumanintervention–smarthumansthatarespecificallytrainedinhowtouseanarrayofcomplicatedtoolstoidentifyathreatandthenfigureouthowtostopit.Theproblem,asthe2016VerizonDataBreachReportexposes,isthat95%ofattacksexfiltrateand/orcorruptdatawithinafewhoursofabreach.Thisisnotenoughtimeforeventhesmartesthumanstoreact.Worseyet,analystsat451Researchestimatethatfewerthan4%ofenterprisesandgovernmentorganizationshavededicatedsecuritystaffinasecurityoperationscenter(SoC)tomonitoralltheseproductsforpossiblebreaches.SmallandmediumsizedorganizationsarethemostimpactedbythesesecuritythreatsandareincreasinglyaskingtheirManagedSecurityServiceProviders(MSSPs)andserviceproviderpartnerstohelpsupporttheirsecuritychallenges.NolongerareMSSPsdriventoadvocatefortheneedtoinvestinsecuritysoftwareandservices;recenthighprofilebreachesatYahoo,EddieBauer,Oracle’sMICROSsystem,AnthemandtheIRShavedoneallthatisnecessarytofuelthedemand.Themissionfortoday’sMSSPistoprovidesecurityofferingsthatcanloweracustomer’ssecurityriskatanacceptablepricepoint.1Infact,accordingtoarecentKaseyaLtd.

S o n i c w a l l . c o m S e c e o n . c o m

ZeroTrustSecurity-withanImmediateROIMSSPCaseStudySeceon’szerotrustmodel,combinedwiththeSonicWallnext-generationfirewall(NGFW)securityservicesprovidesapowerfulbreachdetectionandmitigationsolution.Thecombinedsolutionenablesabreakthroughinreducingoperationcost,whichallowsforextremelyprofitableMSSPserviceofferings.

08Fall

MSPGlobalPricingSurvey2,whichpolledownersandoperatorsfromnearly400MSSPs,overaquarterofallrespondentsidentified"heightenedsecurityrisk"asthenumberoneITproblemorserviceMSPsexpecttheirclientstofacein2016.

ThecombinationofSeceonOTMandSonicWallNGFW,breachescanbeshutdownastheyoccur,notweeksormonthsafterthedataisstolen.It'stheidealsolutiontobeusedbyMSSPswhoareonlyprofitableiftheycandealwiththreatsquicklyanddistributetheirstaffcostsacross10sto100sofcustomers.Considerthefollowingexample

• Agivencustomer’smanagedfirewallgeneratesevents,forNorth-Southtraffic,butdemandsdeeperhumananalysisforcomprehensivethreatdetectionandanalysis

• EventsforEast-Westtrafficareusuallyunderstoodbylookingattheserverlogsandnetworkflows,whichalsodemanddeeperhumananalysisandmanytimesrequirealotmoretimeevenwithagoodautomation

• Thevolumeofeventscanstackuptomorethanevenadedicated,trainedstaffcanhandle,whichnoMSSPcanmanageorafford.

• Oursurveyindicatesatleast3relevantthreatsoccurdailyinaF5000mid-sizecompany.Eachincidenttroubleshootingrequiresweedingthroughthefirewallandserverlogsandmanytimesevenlookingintonetworktrafficorpacketstodeterminetheexactanalysisofthreat.

Flows/LogsTroubleshooting ActivityTypeFlow/LogInstances AnalystsComments

Next-generationfirewall(NGFW)(SonicWall)generatesevents/logsaroundaninstanceofaninfecteddeviceattemptingtoconnecttoabadwebsite.

North-SouthActivity

444 NGFWisresettingconnectionsfromthedeviceovertime.Watchthisdeviceforothernon-criticalflaggedmessages

DeviceisalsoperformingIPSweeps East-WestActivity

135 Fewseparateinstancesacrosstheinternalnetwork

DeviceisalsoperformingIPPortscans

East-WestActivity

92 Fewseparateinstancesacrosstheinternalnetwork

Deviceneedstobeidentified InternalActivity

1 Whatdeviceisit?Whoorwhatgroupitbelongsto?

TotalActivity 672 instancestoinvestigate

• CostsofJuniorandSeniorSOCAnalystsareapproximatelyasfollows:Jr.SOCAnalyst

Sr.SOCAnalyst Costs

$75,000 $250,000.00SOCAnalystBurdenedrateperyear

$1,442.31 $4,807.69 costperweek$36.06 $120.19 cost/hour$0.60 $2.00 cost/minute

Thecostoftroubleshootingjustoneincidentbyajunioranalystis$600overthecourseof2-3days,thereportofwhichmustthenbereviewedandanalyzedbyamoresenioranalystoverthecourseofanother1-2days.Overtime,thecostintimeandresourcesisapproximately$1800/day,addingupto$450K/year!

Minutesperinstanceinvestigation 1.5Totalminutesofeffortperincident 1006.5Cost/minuteor$/minute $0.60Totalcosttocorrelateoneincident $603.90Typicalincidentsperbusinessdayinvestigatedatamid-sizedF5000(AsperPonemon/VerizonReports) 3Totalcostperbusinessday $1,811.70Totalcostperyear $452,925.00

Automatingthisprocesswouldsavemostofthiscostandmostimportantly,thevariablecostofdatabreaches.Costofdatabreachesmostlydependsontheindustryandthevalueorcriticalityoftheinformationbeingbreached;forexample,forhealthcareindustrytheapproximatecostoflosingonepatient’sPHIrecordis$355.Soafirmthatdealswith100,000patientsinthisindustryisatriskof$35Mifadatabreachhappensstealingallofthesepatients’records.

Seceon+SonicWallZeroTrustapproachisacomprehensivereal-timepreventionmethod,aswellasdetectionandresponseforbothNorth-SouthandEast-Westtraffic.UsingSonicWallnextgenerationfirewallsweofferperimeter-baseddefensesformonitoringNorth-Southtrafficandblockingunauthorizedaccess.Simultaneously,usingSeceon’sOTMforthreatdetectionandelimination,Seceonisabletomonitor,detectandtakeactionforEast-Westtrafficthatwouldnormallygoundetectedintraditionalsecuritydesigns.SeceonintegrateseasilywithSonicWallNGFWandanysourceofEast-Westtraffic,includingrouters,switches,servers,POS.directoriesandapplicationstoprovideasingle,comprehensiveviewofallfacetsofacustomer’senvironment,includingprioritizedthreatalertsandspecificactionstocontainthethreat.Thissolutionnotonlydetectsthreatsinminutesitprovidescompleteanalysisanditautomatesremediationstepstoaclickofabutton.Theaveragetimespentperthreatcanbeafew

minutespercustomerperincidenttodetectandstoptheproblem.UsingourExample:3threatspercustomerperday–Timespent:5minutesperthreat=yieldsacostof$8perdayThisallowsanMSSPtoofferasuperiorserviceandchargeapremiumwhilekeepingcoststooperatedowntoafewdollarspercustomerperday.ReferenceArchitectureConsiderthefollowingreferencearchitectureonhowmostManagedSecurityServiceProviders(MSSPs)candeploythecombinedsolutionofSonicWallNGFWandOTM.

VisibilityThefirststepinautomatingincidentanalysisandresponseistoprovidevisibilityintoalltrafficandthencorrelateanyabnormalitieswithanomaliesinbehavior.Seceon,theonlythreatdetectionandManagementCompanytovisualize,detect,andeliminatecyberthreatsinreal-time,offersitsOpenThreatManagement(OTM)platformforautomatedthreatdetectionandelimination.SeceonOTMcorrelatesalloftheseeventsfromSonicWall

MSSPReferenceArchitecturewithSonicWallandSeceonOTM

NGFW,networkflowsandserverlogstogether,usingdynamicthreatmodelsthatleveragemachinelearningtoderivethreatsthatarepostedinpriorityorder,and/orsentbyemailnotification.Moreover,byleveragingmachinelearning,policiesandthreatmodelsupdateautomatically,continuously“learning”andrequiringnointerventionforupdates.Thesesamelearningscanbeappliedacrossmultiplecustomerenvironments,ensuringthecommunicationofvaluablethreatinformationtoalloftheMSSP’scustomers.

OTMenablesMSSPtomaintainacomprehensiveviewofallcustomersthroughasinglepaneofglass--seeingeachcustomer’sthreatstatusinonescreenwhileallowingprotectedportalaccesstoeachindividualcustomerenvironment.Real-timedetectionWhenitcomestoeffectivebreachdetectionandresponse,wealsoknowtimeisoftheessence.Recentindustrydatashowsthatcredentialsarecompromisedinminutesandmostofanorganization’scriticaldataorintellectualpropertyislostwithinthefirsthour.Specifically,accordingtoVerizon’s2016DataBreachInvestigationReport3,81.9percentoforganizationssurveyedreportedthatacompromisetookonlyminutestoinfiltratecompanysystemswith67.8percentofrespondentsshowingthatassociateddatawas“breached”withindaysoftheinitialcompromise.Therefore,anythreatdetectionsolutionthatcannotdetectandremediatethreatsinnearreal-timeisnotmuchuse.ValuableassetscouldalreadybestolenandsoldontheDarkWebbeforeanorganizationknowstheyareevenmissing!Thecostoflosingtheseassetscanmeanmorethanlossofdata.ThePoneman2016report4

concludesthatonanaverageeachdatabreachcosts$4Mforthe383organizationsthatparticipatedin2016databreachcoststudy.Thecostsareexactedintermsoffinancialloss,reputationalimpact,exposureofpersonalinformationandpotentialcustomerreimbursement.AveragedatabreachcostpercapitaishighestisUSA($221)andGermany($213).Thisisacrossalloftheindustries,butcertainindustrieslikehealthcareandfinancialshavemuchhighercostperdatabreachpercapita.Real-timethreatdetectionandeliminationcanbethedifferenceinstemmingsignificantlossesinspiteoftheinevitablebreach.

Seceon Servers

Seceon Corp. Ne...

Public

Seceon IndiaSeceon D

MZ

Web Services

Unknow

nD

ata Center Ser... Em

ail ServersSeceon VPN

-PPTPAm

it

Sece

on Lab

Seceon DM

ZD

ata Center Ser...

SeceonOTMandSonicWallNGFWsolutionsprovidetheabilitytostopthreatsinreal-timeiby:

• ThreatsdetectedbytheSonicWallNGFWareforwardtotheSeceonOTMforanalysisandwithcombinedenricheddatafromothersources,SeceonOTMcreatesFWpolicies

• PushingpoliciestotheSonicWallNGFWtoblockcommunicationfromaddressesoutsidethenetwork,suchasthoseinvolvedwithDDoS,Bruteforce,APTsandMalwareCNCs.

• Pushingthepoliciestoisolateanysystems(endpointsorservers)thatinsidershaveusedtocapturehighvaluedata,sothattheycannotexfiltrateitoutoverthenetwork.Aswellaspreventingmalwareinfectedfromdoingharmtootherdevices

• Disablingofcredentialsincaseofcompromisedcredentials(databreach),orinsiderswhoareattemptingtoaccessofflimitssystems.

• Preventinglateralpropagationofthreats,suchasransomware,botnets,etc.• Helpingorganizationsseeandstopthreatsastheybecomeactiveinminutes,notin

weeks,whichistoday’snorm

Multi-TenancySupporttoempowerMSSPpartnerswithaSOC-in-a-boxsolution.Poweredbyadvanceddatacollectionandanalysis,machinelearningandpatent-pendingpredictiveandbehavioralanalytics,Seceon’sOTMprovidescustomerswithaproverbial“SOC-in-a-Box™,”automatinghumanandtimeintensiveanalysisanddecision-makingandsignificantlyspeedingthetimetodetectionandremediation.Anticipatingattackers’behaviorchoices,thesolutionenablesMSSPstoseeandstopthethreatsastheyhappen,preventingrisk,damageorlossofvaluableinformation.Immediatelyupondeployment,Seceon’ssolutionbeginstosurfaceaconciselistofthreatsinplainlanguage.Itusesbehavioralanalyticsgeneratedbyanextensivesetofdynamicthreatmodels,aidedbymachinelearningtechniquestodetectbothknownandunknownzero-dayattacks.Seceon’sOTMispurpose-builttobeoperationallyefficientandinstallationfriendly,allowingeasy-to-scaleandeffectivedeploymentwithminimaltraining.Seceon’sOTMprovidesMSSPswithasinglescreenforviewingmultipletenantswitheachtenantorcustomeronlyabletoseeitsownassets.WithOTMdeployedinamulti-tenancyenvironment,allcustomerscanbenefitfromtheplatform’smachinelearningcapabilities.Anynewthreatsarecaptured,reportedandfedbackintothesystem’sthreatmodels,ensuringthecontinuoussharingofthreatintelligenceacrossallcustomers.

o SingleviewforMSSPformultipletenantswitheachcustomerseeingonlyitsownassets.o Easytoapplylearnedsecuritylessonsfromonecustomertoanother

ImmediateROITodayThreatsaretypicallyfoundusingSIEMsolutions.Typically,mostsecuritysolutionslikeSIEMplatformscangeneratemanyalertsthatcanbeoverwhelmingforteamofsecurityanalyststoprocess.SeceonOTMnotonlyprocessesthemthroughtheirfeed,butalsocorrelatesthemwithotherfeedsandsurfacestherealhandfulofalertsthatneedattention.Theresultsofcombiningfeedstoaneventsavesthesecurityanalystfromcombingthroughhundredsofalertsfromdifferentsystemsandhandcorrelatingthosethatcanbefoundtoberelated.Thesecurityanalystonlyneedstoreviewmajororcriticalalertstodecideuponthecourseofaction–and/orfollowthesystemsrecommendedremediationstepsimprovingtheiroperationalefficiencyandloweringoperationalcosts.OTMhelpsMSSPsbyimprovingtheefficiencyofseniorsecurityanalysts,whoareveryhardtofindandwhosetimeisacostlyMSSPresourcethatneedstobespentwiselyoncybersecurityissuesthatreallymatterratherthanonmanymanualtasksthatcanbetakencareofbyautomation.AlsotheSIEMplatformstypicallyrequireahigherinitialinvestmentsincemostSIEMsrequireaperpetuallicensewithhigherupfrontcost.MostSIEMScan’tbesharedacrossmultiplecustomerswithoutcominglingtheirinformation.ThereforeSIEMsolutionsdonotlendthemselvestoallowingasingleoperatortoeasilymonitortensto100sofcustomersfromasinglescreen.SeceonOTMispricedonanumberofprotecteddevicesSAASmodelallowinga‘Payasyougo’modelidealforMSSPslookingtoofferamonthlyservicetoend-customerorganizationsofanysize.Astheexampleaboveshows-itimmediatelyprovidescostsavingsthroughoperationalefficiencyvs.SIEMsotherthreatdetectiontoolsonthemarket.Thejoint

Seceon-SonicWallNGFWsolutionhelpsMSSPstoeasilyscalethesecurityserviceswithlowinitialinvestmentthatcanbeincreasedincrementallywithgrowthintheircustomerbase.Seceon’szerotrustmodel,combinedwiththeefficacyofSonicWallNGFWsecurityservices,breachdetectionandmitigationiscontrolledinaswift,costeffectivemanner.Theendresultisasafernetworkforyourcompanyassets,personnel,andfinancialsuccess.AboutSeceon:SeceonanditsOTMAdvancedThreatDetectionandRemediationPlatformistheindustry’smosthighlyawardedplatformduring2016.Itsnovelapproachatfocusingondetectingandstoppingthreatsautomaticallybeforedataiscompromisedhasredefinedtheworkoftoday’sanalysts-freeingthemfromthedifficultworkofdetectingthreatsanddecidinghowtostopthemandallowingthemtofocusonhowpreventthemfromhappeninginthefirstplace.TheOTMsolutionwithitrecentlyaddedMSSPmultitenantcapabilitieshasfinallymadeitoperationallyprofitableforMSSPstomovebeyondonlyofferingmanagedfirewallservicesandoffercustomersofanysizeanabilitytoaddadvancedthreatdetectionandremediationservice–solvingtoday’smostvexingproblemhowtomakethreatanalysisandremediationataskthattakesminutestoperformwhenanincidentarisesbyminimallytrainedstaff.AboutSonicWall:Over25years,SonicWallhasbeentheindustry’strustedsecuritypartner,protectingmillionsofnetworksworldwide.Fromnetworksecuritytoaccesssecuritytoemailsecurity,wehavecontinuouslyevolvedourproductportfoliotofitinquicklyandseamlessly,enablingorganizationstoinnovate,accelerateandgrow.Ourcustomersknowittakesstrongsecuritytosayyes.Wearethetrustedpartnerthatallowsthemtosayyestothefuturewithoutfear.SonicWallsecuritysolutionsarethepreferredchoicefordistributedenterprise,government,education,retail,healthcareandfinancialdeployments.SonicWallproductshavebeenhailedbyindustrypublicationssuchasNetworkWorld,InfoWorld,PCMagazineandSCMagazineforeasy-to-use,high-efficacyandhigh-performanceappliancesandservices.In2016,SonicWallearnedthehighestratingof“Recommended”inthelatestversionoftheNSSLabsNext-GenerationFirewallSecurityValueMapforthefourthyearinarow,andwasratedasoneofthetopproductsforsecurityeffectiveness.SonicWall.Yourpartnerincybersecurity.

References:1.Techspective,CyberSecurityThreatDetection-TheCaseforAutomation,September2016http://techspective.net/2016/09/21/cyber-security-threat-detection-case-automation/2.KaseyaLtd.MSPGlobalPricingSurveyhttps://www.channele2e.com/2017/01/09/msp-global-pricing-survey-kaseya-2017-findings/3.Verizon’s2016DataBreachInvestigationReporthttp://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/4.ThePoneman2016CostofCyberCrimereporthttp://www.ponemon.org/library/2016-cost-of-cyber-crime-study-the-risk-of-business-innovationiThestatementscontainedinthiscasestudyregardingtheperformanceofSeceonproductsandservicesandSonicWallproductsandservicesareattributableonlytoeachcompany,respectively,andshouldnotbedeemedtobethestatementsorrepresentationsoftheothercompany.