AlienVault, profile picture
Uploaded byAlienVault
PPTX, PDF3,774 views

AlienVault MSSP Overview - A Different Approach to Security for MSSP's

The document provides an overview of AlienVault's Managed Security Service Provider (MSSP) program, highlighting market challenges faced by MSSPs in delivering effective security solutions. It emphasizes the need for unified security management and integrated threat detection to address issues like poor correlation and limited log access. AlienVault's approach aims to offer comprehensive support and training to MSSPs, facilitating better security operations for organizations of all sizes.

Embed presentation

Downloaded 218 times
AlienVault – MSSP Program Overview AUGUST 13, 2014 A DIFFERENT APPROACH TO SECURITY FOR MSSP’S partners@alienvault.com
AGENDA • Market Overview • “The 5 areas customers consider when selecting an MSSP” • Where most MSSPs struggle to offer real value • Overview of the AlienVault USM Platform • Differentiation through Delivery "Threat Detection That Works” • AlienVault MSSP Program Details
Market Realities WHAT WE KNOW ABOUT ORGANIZATIONS • Lack the in-house capabilities required to keep pace with changing business demands, compliance mandates, and emerging threats for strategic implementation of new IT security solutions. • Don’t have the capabilities to effectively monitor and manage the security infrastructure to ensure optimal utilization of current assets. • Have in-house IT staffs that spend too much time on day- to-day operational security issues versus new strategic projects. • Depend on IT security tools and processes that provide a reactive, rather than proactive, approach to mitigating risk and minimizing data loss and downtime. … Which has led to organizations moving to
Those who look for a platform that is already integrated – or “Unified (Integrated) Security Two Types of MSSPs Those who try to buy/build and integrate it all on their own…
Observations of MSSPs in the Market CHALLENGES ON DELIVERING VALUE Operationalizing the Offering - Many MSSPs don’t have the experience needed to avoid the costly mistakes and end up managing the system far more than they spend on the value they bring to their customers. Attempting to tie disparate systems together is a failed strategy. Basic (i.e. “Weak”) Correlation - Correlation of events and Incident-specific reports are required to offer true security visibility; however most MSSPs don’t deploy solutions that allow customers to get anything more than very basic reporting/correlation Deployment of SIEM technology to provide in-house alerting and log analysis: - MSSPs typically lack the needed insight into the customer IT and business environment; thus, they are challenged in determining whether events involving
Let’s “double-click’ on these challenges High Fidelity vs. False Positives - “Custom” correlation is the only way to achieve any true value/threat visiblity from a SIEM platform. The task of base-lining an environment and creating these alerts/alarms is daunting enough in a single environment – How can an MSSP deliver this across many environments? Poor Change Management - Strong correlation is based on “known” baselines and an intimate understanding of a customers environment. MSSPs by virtue of what they do – are an after thought to change management by the organizations who work with MSSPs. Every change to that environment impacts the fidelity of correlation. Poor correlation = poor threat detection. Poor Log Storage - Logs are only valuable to your customers if they can access them. Storing logs for a sufficient period of time or in a location that the customer cannot be access makes the services less valuable. CORRELATION
Delivering Confidence, Simplicity & ValueWHAT YOU CAN OFFER YOUR CUSTOMERS Managed security operations and response - Provide first line incident detection and triage - Escalate to customer as needed for remediation response Reporting of vulnerabilities and threats - Identify known malicious entities probing their systems - Detect latest attack payloads - Identify compromised systems - Leverage time-tested security controls with minimal deployment overhead - Identify potentially insecure behaviors - Identify unpatched software, known to vulnerable … A single security technology stack makes this possible – AT SCALE
POWER OF THE OPEN THREAT EXCHANGE (OTX) TO DETECT THREATS Crowd-sourced threat data from 8,000+ sites across 140 countries 500,000+ IPs validated daily Free Threat Services • Reputation Alert Monitor • Threat Finder • Interactive Threat Map
Award-Winning Solution Used by 10,000+ for Threat Detection, Incident Response and Compliance Management
What Is Valuable? Identify Ways to Compromise Start Looking for Threats Look For Strange Activity Piece It All Together Understand the Threats Unified Security Management Platform
Asset Discovery  Active & Passive Network Scanning  Asset Inventory  Host-based Software Inventory Asset Discovery Identify Ways to Compromise Start Looking for Threats Look For Strange Activity Piece It All Together Understand the Threats Unified Security Management Platform
Asset Discovery Vulnerability Assessment Start Looking for Threats Look For Strange Activity Piece It All Together Understand the Threats Unified Security Management Platform Asset Discovery  Active & Passive Network Scanning  Asset Inventory  Host-based Software Inventory Vulnerability Assessment  Network Vulnerability Testing  Remediation Verification
Asset Discovery Vulnerability Assessment Threat Detection Look For Strange Activity Piece It All Together Understand the Threats Unified Security Management Platform Asset Discovery  Active & Passive Network Scanning  Asset Inventory  Host-based Software Inventory Vulnerability Assessment  Network Vulnerability Testing  Remediation Verification Threat Detection  Network & Host IDS  Wireless IDS  File Integrity Monitoring
Asset Discovery Vulnerability Assessment Threat Detection Behavioral Monitoring Piece It All Together Understand the Threats Unified Security Management Platform Asset Discovery  Active & Passive Network Scanning  Asset Inventory  Host-based Software Inventory Vulnerability Assessment  Network Vulnerability Testing  Remediation Verification Threat Detection  Network & Host IDS  Wireless IDS  File Integrity Monitoring Behavioral Monitoring  Log Collection  NetFlow Analysis  Service Availability Monitoring
Asset Discovery Vulnerability Assessment Threat Detection Behavioral Monitoring Security Intelligence Understand the Threats Unified Security Management Platform Asset Discovery  Active & Passive Network Scanning  Asset Inventory  Host-based Software Inventory Vulnerability Assessment  Network Vulnerability Testing  Remediation Verification Threat Detection  Network & Host IDS  Wireless IDS  File Integrity Monitoring Behavioral Monitoring  Log Collection  NetFlow Analysis  Service Availability Monitoring Security Intelligence  SIEM Event Correlation  Incident Response
Asset Discovery  Active & Passive Network Scanning  Asset Inventory  Host-based Software Inventory Vulnerability Assessment  Network Vulnerability Testing  Remediation Verification Threat Detection  Network & Host IDS  Wireless IDS  File Integrity Monitoring Behavioral Monitoring  Log Collection  NetFlow Analysis  Service Availability Monitoring Security Intelligence  SIEM Event Correlation  Incident Response Asset Discovery Vulnerability Assessment Threat Detection Behavioral Monitoring Security Intelligence AV Labs Threat Intelligence Contextual Threat Intelligence
Threat Intelligence Powered by Open Collaboration OTX + AlienVault Labs
MSSP “GETTING STARTED” PACKAGES Public Training + Deployment Assistance Private Training + Deployment Assistance Packages include… • AlienVault product training for one (1) engineer at a public AlienVault training center • Three (3) days of remote support by a Certified AlienVault Deployment Architect • AlienVault product training for up to 8 people at your facility • Three (3) days of remote support by a Certified AlienVault Deployment Architect Become a certified AlienVault MSSP partner
MSSP Partner of AlienVault SMALL SAMPLING OF PARTNERS Today we have 100+ MSSPs around the world… some supporting less than 5 customers…some supporting 100’s of customers • Breaches/Infection rates have no correlation to company size so smaller MSSPs have the same challenges that larger MSSPs do. The problem they solve is just as significant. • Larger companies do have larger budgets so when serving the small business and mid-market; efficiency at scale is important. We offer entry points for any size MSSP. The largest to the newly formed.
Thank You PARTNERS@ALIENVAULT.COM Questions or Assistance?

More Related Content

PPT
A Guide to Managed Security Services
byGraham Mann
 
PDF
Its Not You Its Me MSSP Couples Counseling
byAtif Ghauri
 
PDF
Cybersecurity Roadmap Development for Executives
byKrist Davood - Principal - CIO
 
PDF
Cyber Threat Intelligence
byseadeloitte
 
PDF
DTS Solution - Building a SOC (Security Operations Center)
byShah Sheikh
 
PDF
From SIEM to SOC: Crossing the Cybersecurity Chasm
byPriyanka Aash
 
PDF
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
byPriyanka Aash
 
PPTX
Security Operation Center - Design & Build
bySameer Paradia
 
A Guide to Managed Security Services
byGraham Mann
 
Its Not You Its Me MSSP Couples Counseling
byAtif Ghauri
 
Cybersecurity Roadmap Development for Executives
byKrist Davood - Principal - CIO
 
Cyber Threat Intelligence
byseadeloitte
 
DTS Solution - Building a SOC (Security Operations Center)
byShah Sheikh
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
byPriyanka Aash
 
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
byPriyanka Aash
 
Security Operation Center - Design & Build
bySameer Paradia
 

What's hot

PDF
A case for Managed Detection and Response
byDigital Transformation EXPO Event Series
 
PDF
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
byCrowdStrike
 
PPTX
Threat hunting - Every day is hunting season
byBen Boyd
 
PPTX
Threat hunting for Beginners
bySKMohamedKasim
 
PDF
Threat Modeling Using STRIDE
byGirindro Pringgo Digdo
 
PPTX
Cyber Threat Intelligence
byPrachi Mishra
 
PPTX
PowerShell for Practical Purple Teaming
byNikhil Mittal
 
PDF
Cyber Threat hunting workshop
byArpan Raval
 
PDF
SIEM and Threat Hunting
byn|u - The Open Security Community
 
PDF
Threat Hunting
bySplunk
 
PDF
Cybersecurity roadmap : Global healthcare security architecture
byPriyanka Aash
 
PDF
Building a Cyber Security Operations Center for SCADA/ICS Environments
byShah Sheikh
 
PDF
Cyber Threat Intelligence
bymohamed nasri
 
PPTX
An introduction to SOC (Security Operation Center)
byAhmad Haghighi
 
PDF
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
bySounil Yu
 
PPTX
SOC Architecture Workshop - Part 1
byPriyanka Aash
 
PPTX
Rothke rsa 2012 building a security operations center (soc)
byBen Rothke
 
PPTX
DEVSECOPS.pptx
byMohammadSaif904342
 
PDF
Threat Intelligence
byDeepak Kumar (D3)
 
PDF
Splunk-Presentation
byPrasadThorat23
 
A case for Managed Detection and Response
byDigital Transformation EXPO Event Series
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
byCrowdStrike
 
Threat hunting - Every day is hunting season
byBen Boyd
 
Threat hunting for Beginners
bySKMohamedKasim
 
Threat Modeling Using STRIDE
byGirindro Pringgo Digdo
 
Cyber Threat Intelligence
byPrachi Mishra
 
PowerShell for Practical Purple Teaming
byNikhil Mittal
 
Cyber Threat hunting workshop
byArpan Raval
 
SIEM and Threat Hunting
byn|u - The Open Security Community
 
Threat Hunting
bySplunk
 
Cybersecurity roadmap : Global healthcare security architecture
byPriyanka Aash
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
byShah Sheikh
 
Cyber Threat Intelligence
bymohamed nasri
 
An introduction to SOC (Security Operation Center)
byAhmad Haghighi
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
bySounil Yu
 
SOC Architecture Workshop - Part 1
byPriyanka Aash
 
Rothke rsa 2012 building a security operations center (soc)
byBen Rothke
 
DEVSECOPS.pptx
byMohammadSaif904342
 
Threat Intelligence
byDeepak Kumar (D3)
 
Splunk-Presentation
byPrasadThorat23
 

Viewers also liked

PDF
To MSSP or not to MSSP IISF 2015
byPaul Hogan
 
PDF
Infosec 2014 - Considerations when choosing an MSSP
byHuntsman Security
 
PPT
Outsourcing Security Management
byNick Krym
 
PPT
Extend Your Market Reach with IBM Security QRadar for MSPs
byIBM Security
 
PPTX
Latest presentation
byAdetunji Adeoje
 
PPTX
C&W Product Portfolio
byCWBusiness
 
PDF
Citrix Day 2012: ShareFile
byDigicomp Academy AG
 
PPTX
Otx introduction sw
byAlienVault
 
PDF
Three Considerations To Amplify Your Detection and Response Program
byMorphick
 
PPTX
Gamification of your Global Information Security Operations Center - RSA 2015
byMorphick
 
PDF
Forrester Emerging MSSP Wave
byEnvision Technology Advisors
 
PDF
Rapid7 NERC-CIP Compliance Guide
byRapid7
 
PDF
Le gouvernement électronique au Togo : Etat des lieux et prospectives
byEASY EGOV
 
PDF
Webinar: Data warehouse na nuvem da AWS
byAmazon Web Services LATAM
 
PDF
Why You Should Be Selling Business Continuity Services (5 MSP Tips to Get Sta...
byDavid Castro
 
PPTX
Dizzion Channel Partner Training blow sales objections out of the water
byDizzion, Inc.
 
PDF
MSP Sales Best Practice | How to Close Sales Leads
byDavid Castro
 
PDF
MSP Sales Tactic | Using Kaseya to Perform an IT Network Assessment to Win Ne...
byDavid Castro
 
PPTX
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
byAlert Logic
 
PPT
Security Outsourcing - Couples Counseling - Atif Ghauri
byAtif Ghauri
 
To MSSP or not to MSSP IISF 2015
byPaul Hogan
 
Infosec 2014 - Considerations when choosing an MSSP
byHuntsman Security
 
Outsourcing Security Management
byNick Krym
 
Extend Your Market Reach with IBM Security QRadar for MSPs
byIBM Security
 
Latest presentation
byAdetunji Adeoje
 
C&W Product Portfolio
byCWBusiness
 
Citrix Day 2012: ShareFile
byDigicomp Academy AG
 
Otx introduction sw
byAlienVault
 
Three Considerations To Amplify Your Detection and Response Program
byMorphick
 
Gamification of your Global Information Security Operations Center - RSA 2015
byMorphick
 
Forrester Emerging MSSP Wave
byEnvision Technology Advisors
 
Rapid7 NERC-CIP Compliance Guide
byRapid7
 
Le gouvernement électronique au Togo : Etat des lieux et prospectives
byEASY EGOV
 
Webinar: Data warehouse na nuvem da AWS
byAmazon Web Services LATAM
 
Why You Should Be Selling Business Continuity Services (5 MSP Tips to Get Sta...
byDavid Castro
 
Dizzion Channel Partner Training blow sales objections out of the water
byDizzion, Inc.
 
MSP Sales Best Practice | How to Close Sales Leads
byDavid Castro
 
MSP Sales Tactic | Using Kaseya to Perform an IT Network Assessment to Win Ne...
byDavid Castro
 
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
byAlert Logic
 
Security Outsourcing - Couples Counseling - Atif Ghauri
byAtif Ghauri
 

Similar to AlienVault MSSP Overview - A Different Approach to Security for MSSP's

PPTX
AlienVault Partner Update: So Many Security Products to Sell to My Customers…...
byAlienVault
 
PPTX
How to Simplify Audit Compliance with Unified Security Management
byAlienVault
 
PPTX
Security Operations Center (SOC) Essentials for the SME
byAlienVault
 
PPTX
Improve Situational Awareness for Federal Government with AlienVault USM
byAlienVault
 
PPTX
Six Steps to SIEM Success
byAlienVault
 
PDF
Incident Response Whitepaper - AlienVault
byJermund Ottermo
 
PPTX
How to Solve Your Top IT Security Reporting Challenges with AlienVault
byAlienVault
 
PPTX
Vulnerability Management: What You Need to Know to Prioritize Risk
byAlienVault
 
PPTX
Security Digital Connect
byGrafic.guru
 
PPTX
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
byAlienVault
 
PPT
Why Use Westech Solutions
byJhugueno
 
PPT
Why Use Wes Tech Solutions
bydoughold
 
PDF
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
byinfoLock Technologies
 
PDF
Axxera Security Solutions
byakshayvreddy
 
PPTX
Simplify PCI DSS Compliance with AlienVault USM
byAlienVault
 
PPT
Mindshare company presentation rev 9.0
byM INTERGRAPH SYSTEMS PRIVATE LIMITED
 
PPTX
Planning your 2015 Threat Detection Strategy with a Broken Crystal Ball
byAlienVault
 
PDF
BlueVoyant: 7 Experts Share Key Questions To Ask When Evaluating Providers
byMighty Guides, Inc.
 
PDF
Endpoint Security & Why It Matters!
byNet at Work
 
PDF
Securing Your Business: A Comprehensive Guide to Managed Security Services
byNeelHope
 
AlienVault Partner Update: So Many Security Products to Sell to My Customers…...
byAlienVault
 
How to Simplify Audit Compliance with Unified Security Management
byAlienVault
 
Security Operations Center (SOC) Essentials for the SME
byAlienVault
 
Improve Situational Awareness for Federal Government with AlienVault USM
byAlienVault
 
Six Steps to SIEM Success
byAlienVault
 
Incident Response Whitepaper - AlienVault
byJermund Ottermo
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
byAlienVault
 
Vulnerability Management: What You Need to Know to Prioritize Risk
byAlienVault
 
Security Digital Connect
byGrafic.guru
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
byAlienVault
 
Why Use Westech Solutions
byJhugueno
 
Why Use Wes Tech Solutions
bydoughold
 
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
byinfoLock Technologies
 
Axxera Security Solutions
byakshayvreddy
 
Simplify PCI DSS Compliance with AlienVault USM
byAlienVault
 
Mindshare company presentation rev 9.0
byM INTERGRAPH SYSTEMS PRIVATE LIMITED
 
Planning your 2015 Threat Detection Strategy with a Broken Crystal Ball
byAlienVault
 
BlueVoyant: 7 Experts Share Key Questions To Ask When Evaluating Providers
byMighty Guides, Inc.
 
Endpoint Security & Why It Matters!
byNet at Work
 
Securing Your Business: A Comprehensive Guide to Managed Security Services
byNeelHope
 

More from AlienVault

PPTX
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
byAlienVault
 
PDF
Malware Invaders - Is Your OS at Risk?
byAlienVault
 
PDF
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
byAlienVault
 
PDF
Insider Threat Detection Recommendations
byAlienVault
 
PPTX
Alienvault threat alerts in spiceworks
byAlienVault
 
PDF
Open Source IDS Tools: A Beginner's Guide
byAlienVault
 
PPTX
Malware detection how to spot infections early with alien vault usm
byAlienVault
 
PDF
Security operations center 5 security controls
byAlienVault
 
PDF
PCI DSS Implementation: A Five Step Guide
byAlienVault
 
PPTX
Improve threat detection with hids and alien vault usm
byAlienVault
 
PDF
The State of Incident Response - INFOGRAPHIC
byAlienVault
 
PPTX
Incident response live demo slides final
byAlienVault
 
PPTX
Improve Security Visibility with AlienVault USM Correlation Directives
byAlienVault
 
PPTX
How Malware Works
byAlienVault
 
PPTX
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
byAlienVault
 
PPTX
AWS Security Best Practices for Effective Threat Detection & Response
byAlienVault
 
PPTX
Improve Threat Detection with OSSEC and AlienVault USM
byAlienVault
 
PPTX
Best Practices for Configuring Your OSSIM Installation
byAlienVault
 
PPTX
IDS for Security Analysts: How to Get Actionable Insights from your IDS
byAlienVault
 
PPTX
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
byAlienVault
 
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
byAlienVault
 
Malware Invaders - Is Your OS at Risk?
byAlienVault
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
byAlienVault
 
Insider Threat Detection Recommendations
byAlienVault
 
Alienvault threat alerts in spiceworks
byAlienVault
 
Open Source IDS Tools: A Beginner's Guide
byAlienVault
 
Malware detection how to spot infections early with alien vault usm
byAlienVault
 
Security operations center 5 security controls
byAlienVault
 
PCI DSS Implementation: A Five Step Guide
byAlienVault
 
Improve threat detection with hids and alien vault usm
byAlienVault
 
The State of Incident Response - INFOGRAPHIC
byAlienVault
 
Incident response live demo slides final
byAlienVault
 
Improve Security Visibility with AlienVault USM Correlation Directives
byAlienVault
 
How Malware Works
byAlienVault
 
New OSSIM v5.0 - Get Security Visibility Faster & Easier Than Ever
byAlienVault
 
AWS Security Best Practices for Effective Threat Detection & Response
byAlienVault
 
Improve Threat Detection with OSSEC and AlienVault USM
byAlienVault
 
Best Practices for Configuring Your OSSIM Installation
byAlienVault
 
IDS for Security Analysts: How to Get Actionable Insights from your IDS
byAlienVault
 
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
byAlienVault
 

Recently uploaded

PDF
Router-DHCP-Printer-SharingRouter-DHCP-Printer-Sharing
byarbendi2160
 
PDF
5G Explained! A High Level Overview [Introduction]
byLuciano Motta
 
PDF
Introduction to Linux and Basic Commands
byiDev Semarang
 
PPTX
Advance Computer Architecture Lecture 4.pptx
byBottshikanBottshikan
 
PDF
CISO_2027_Playbook: Sovereign AI Resilience & Quantum-Proof Identity
bySaraDavis91
 
PPTX
Mastering SQL Server Replication: Types, Setup & Troubleshooting
byGeoPITS Global Pvt Ltd
 
PDF
Enterprise Data Services_ A Development Guide with Use Cases, Trends and Impl...
by2601harsh23
 
PPTX
Achieve enterprise automation with SAP BTP solutions and SAP Signavio
bydarrellkiwi
 
PDF
10 Best AI Tools for Fashion Brands in 2026
bymockitseo
 
PDF
Kubernetes Cloud Native Indonesia Meetup - January 2026
byPrasta Maha
 
PDF
Computer Science Conferences 2026 | Research by SAI Conference
byHealth Conference 2026
 
PDF
How to Design Premium Health (Public Health) PPT Using AI? Top Strategies
byPublic Health Concern Nepal
 
PPTX
6G and Non-Terrestrial Networks (NTN) Testing.pptx
byXRComm
 
PPT
Database Management Systems: Basics, History, Data Models, etc.
byParithi Thamizh
 
PDF
Deploying Windows Clients & Managing Identities
byVICTOR MAESTRE RAMIREZ
 
PDF
Ethical AI applied to publishing: Presenting wâsikan kisewâtisiwin, an AI too...
byBookNet Canada
 
PPTX
apidays Australia 2025 | Building AI RAG Applications with No Code.pptx
byapidays
 
PDF
Teaching Robots how to Read 1/2: AI Center & Classic Document Understanding (...
byanabulhac
 
PPTX
AI Meets DBA Transforming Database Administration with Intelligence
byGeoPITS Global Pvt Ltd
 
PDF
Azure DevOps Managed Services: Driving Speed, Security, and Business Growth
byjohncarterjn
 
Router-DHCP-Printer-SharingRouter-DHCP-Printer-Sharing
byarbendi2160
 
5G Explained! A High Level Overview [Introduction]
byLuciano Motta
 
Introduction to Linux and Basic Commands
byiDev Semarang
 
Advance Computer Architecture Lecture 4.pptx
byBottshikanBottshikan
 
CISO_2027_Playbook: Sovereign AI Resilience & Quantum-Proof Identity
bySaraDavis91
 
Mastering SQL Server Replication: Types, Setup & Troubleshooting
byGeoPITS Global Pvt Ltd
 
Enterprise Data Services_ A Development Guide with Use Cases, Trends and Impl...
by2601harsh23
 
Achieve enterprise automation with SAP BTP solutions and SAP Signavio
bydarrellkiwi
 
10 Best AI Tools for Fashion Brands in 2026
bymockitseo
 
Kubernetes Cloud Native Indonesia Meetup - January 2026
byPrasta Maha
 
Computer Science Conferences 2026 | Research by SAI Conference
byHealth Conference 2026
 
How to Design Premium Health (Public Health) PPT Using AI? Top Strategies
byPublic Health Concern Nepal
 
6G and Non-Terrestrial Networks (NTN) Testing.pptx
byXRComm
 
Database Management Systems: Basics, History, Data Models, etc.
byParithi Thamizh
 
Deploying Windows Clients & Managing Identities
byVICTOR MAESTRE RAMIREZ
 
Ethical AI applied to publishing: Presenting wâsikan kisewâtisiwin, an AI too...
byBookNet Canada
 
apidays Australia 2025 | Building AI RAG Applications with No Code.pptx
byapidays
 
Teaching Robots how to Read 1/2: AI Center & Classic Document Understanding (...
byanabulhac
 
AI Meets DBA Transforming Database Administration with Intelligence
byGeoPITS Global Pvt Ltd
 
Azure DevOps Managed Services: Driving Speed, Security, and Business Growth
byjohncarterjn
 

AlienVault MSSP Overview - A Different Approach to Security for MSSP's

  • 1.
    AlienVault – MSSPProgram Overview AUGUST 13, 2014 A DIFFERENT APPROACH TO SECURITY FOR MSSP’S partners@alienvault.com
  • 2.
    AGENDA • Market Overview •“The 5 areas customers consider when selecting an MSSP” • Where most MSSPs struggle to offer real value • Overview of the AlienVault USM Platform • Differentiation through Delivery "Threat Detection That Works” • AlienVault MSSP Program Details
  • 3.
    Market Realities WHAT WEKNOW ABOUT ORGANIZATIONS • Lack the in-house capabilities required to keep pace with changing business demands, compliance mandates, and emerging threats for strategic implementation of new IT security solutions. • Don’t have the capabilities to effectively monitor and manage the security infrastructure to ensure optimal utilization of current assets. • Have in-house IT staffs that spend too much time on day- to-day operational security issues versus new strategic projects. • Depend on IT security tools and processes that provide a reactive, rather than proactive, approach to mitigating risk and minimizing data loss and downtime. … Which has led to organizations moving to
  • 4.
    Those who lookfor a platform that is already integrated – or “Unified (Integrated) Security Two Types of MSSPs Those who try to buy/build and integrate it all on their own…
  • 5.
    Observations of MSSPsin the Market CHALLENGES ON DELIVERING VALUE Operationalizing the Offering - Many MSSPs don’t have the experience needed to avoid the costly mistakes and end up managing the system far more than they spend on the value they bring to their customers. Attempting to tie disparate systems together is a failed strategy. Basic (i.e. “Weak”) Correlation - Correlation of events and Incident-specific reports are required to offer true security visibility; however most MSSPs don’t deploy solutions that allow customers to get anything more than very basic reporting/correlation Deployment of SIEM technology to provide in-house alerting and log analysis: - MSSPs typically lack the needed insight into the customer IT and business environment; thus, they are challenged in determining whether events involving
  • 6.
    Let’s “double-click’ onthese challenges High Fidelity vs. False Positives - “Custom” correlation is the only way to achieve any true value/threat visiblity from a SIEM platform. The task of base-lining an environment and creating these alerts/alarms is daunting enough in a single environment – How can an MSSP deliver this across many environments? Poor Change Management - Strong correlation is based on “known” baselines and an intimate understanding of a customers environment. MSSPs by virtue of what they do – are an after thought to change management by the organizations who work with MSSPs. Every change to that environment impacts the fidelity of correlation. Poor correlation = poor threat detection. Poor Log Storage - Logs are only valuable to your customers if they can access them. Storing logs for a sufficient period of time or in a location that the customer cannot be access makes the services less valuable. CORRELATION
  • 7.
    Delivering Confidence, Simplicity& ValueWHAT YOU CAN OFFER YOUR CUSTOMERS Managed security operations and response - Provide first line incident detection and triage - Escalate to customer as needed for remediation response Reporting of vulnerabilities and threats - Identify known malicious entities probing their systems - Detect latest attack payloads - Identify compromised systems - Leverage time-tested security controls with minimal deployment overhead - Identify potentially insecure behaviors - Identify unpatched software, known to vulnerable … A single security technology stack makes this possible – AT SCALE
  • 8.
    POWER OF THEOPEN THREAT EXCHANGE (OTX) TO DETECT THREATS Crowd-sourced threat data from 8,000+ sites across 140 countries 500,000+ IPs validated daily Free Threat Services • Reputation Alert Monitor • Threat Finder • Interactive Threat Map
  • 9.
    Award-Winning Solution Usedby 10,000+ for Threat Detection, Incident Response and Compliance Management
  • 10.
    What Is Valuable? Identify Ways to Compromise StartLooking for Threats Look For Strange Activity Piece It All Together Understand the Threats Unified Security Management Platform
  • 11.
    Asset Discovery  Active& Passive Network Scanning  Asset Inventory  Host-based Software Inventory Asset Discovery Identify Ways to Compromise Start Looking for Threats Look For Strange Activity Piece It All Together Understand the Threats Unified Security Management Platform
  • 12.
    Asset Discovery Vulnerability Assessment Start Looking for Threats LookFor Strange Activity Piece It All Together Understand the Threats Unified Security Management Platform Asset Discovery  Active & Passive Network Scanning  Asset Inventory  Host-based Software Inventory Vulnerability Assessment  Network Vulnerability Testing  Remediation Verification
  • 13.
    Asset Discovery Vulnerability Assessment Threat Detection Look For Strange Activity Piece ItAll Together Understand the Threats Unified Security Management Platform Asset Discovery  Active & Passive Network Scanning  Asset Inventory  Host-based Software Inventory Vulnerability Assessment  Network Vulnerability Testing  Remediation Verification Threat Detection  Network & Host IDS  Wireless IDS  File Integrity Monitoring
  • 14.
    Asset Discovery Vulnerability Assessment Threat Detection Behavioral Monitoring Piece It All Together Understandthe Threats Unified Security Management Platform Asset Discovery  Active & Passive Network Scanning  Asset Inventory  Host-based Software Inventory Vulnerability Assessment  Network Vulnerability Testing  Remediation Verification Threat Detection  Network & Host IDS  Wireless IDS  File Integrity Monitoring Behavioral Monitoring  Log Collection  NetFlow Analysis  Service Availability Monitoring
  • 15.
    Asset Discovery Vulnerability Assessment Threat Detection Behavioral Monitoring Security Intelligence Understand the Threats Unified SecurityManagement Platform Asset Discovery  Active & Passive Network Scanning  Asset Inventory  Host-based Software Inventory Vulnerability Assessment  Network Vulnerability Testing  Remediation Verification Threat Detection  Network & Host IDS  Wireless IDS  File Integrity Monitoring Behavioral Monitoring  Log Collection  NetFlow Analysis  Service Availability Monitoring Security Intelligence  SIEM Event Correlation  Incident Response
  • 16.
    Asset Discovery  Active& Passive Network Scanning  Asset Inventory  Host-based Software Inventory Vulnerability Assessment  Network Vulnerability Testing  Remediation Verification Threat Detection  Network & Host IDS  Wireless IDS  File Integrity Monitoring Behavioral Monitoring  Log Collection  NetFlow Analysis  Service Availability Monitoring Security Intelligence  SIEM Event Correlation  Incident Response Asset Discovery Vulnerability Assessment Threat Detection Behavioral Monitoring Security Intelligence AV Labs Threat Intelligence Contextual Threat Intelligence
  • 17.
    Threat Intelligence Poweredby Open Collaboration OTX + AlienVault Labs
  • 18.
    MSSP “GETTING STARTED”PACKAGES Public Training + Deployment Assistance Private Training + Deployment Assistance Packages include… • AlienVault product training for one (1) engineer at a public AlienVault training center • Three (3) days of remote support by a Certified AlienVault Deployment Architect • AlienVault product training for up to 8 people at your facility • Three (3) days of remote support by a Certified AlienVault Deployment Architect Become a certified AlienVault MSSP partner
  • 19.
    MSSP Partner ofAlienVault SMALL SAMPLING OF PARTNERS Today we have 100+ MSSPs around the world… some supporting less than 5 customers…some supporting 100’s of customers • Breaches/Infection rates have no correlation to company size so smaller MSSPs have the same challenges that larger MSSPs do. The problem they solve is just as significant. • Larger companies do have larger budgets so when serving the small business and mid-market; efficiency at scale is important. We offer entry points for any size MSSP. The largest to the newly formed.
  • 20.

Editor's Notes

  • #7 – It is difficult to strike the right balance between correlation rules that catch all possible attacks and correlation rules that produce too many false-positive alerts. Tuning often requires a professional services engagement and on-going expenses. This will continue to plague the MSSPs who choose traditional SIEM or Logging solutions as the complexity of managing all of the moves, adds, edits to the data sources (servers, devices, & applications) that feed them is not something they can solve for. Organizations rely on the data collection, normalization and retention for the purpose of correlation. Without strong (i.e. custom) correlation, detecting and responding to threats is impossible. Custom correlation must be verified every time there is a change on the network if an organization wants to ensure the fidelity of their correlation logic.  For example, it’s not uncommon to see a data source change (OS/firmware update), which will dramatically impact the fidelity of the correlation rules/alarms/logic. This happens when updates are performed to network devices, servers (physical & virtual), anti-virus, applications, etc. Organizations are very dynamic. Correlation must also be dynamics UNLESS you solve for this another way. The “Rules-based” approach – When a correlated security event is presented to the security analyst, it’s reasonable to expect the analyst to limit his or her investigation to the data sources reported by the alert. A “Rules-based” approach supports only a go-forward view of security data, if you get a correlation rule wrong, you can’t adjust the model and re-analyze the data, because events that didn’t match the old rule have already been discarded. Not the desired outcome… AlienVault’s USM solution solves for this through “unifying” your entire security technology stack. We’ll dive into that later in this presentation…
  • #8 AlienVault offers the only unified security management solution to unify the five essential security capabilities you need for complete security visibility. This translates into rapid time to value – faster and easier audits, targeted remediation, and more seamless incident response. The main advantages of USM are simplicity, streamlined installation and use, and the ability to update all the security functions concurrently. These concurrent updates allow AlienVault to do something no other solution on the market can do. AlienVault’s threat intelligence team can write, maintain and verify all the needed correlation delivering the highest levels of security visibility.