CYBERSECURITY SPOTLIGHT
When we talk about Cybersecurity, what we’re really talking about is risk. Any good cybersecurity program must start with risk management, and it is something that needs to happen continuously because threats change over time, as do the risks. When it comes to risk, there are five fundamental steps to managing it.
Fundamental Steps
- Identify Critical Assets
- Identify the value of Critical Assets
- Identify the impact of loss/harm to Assets
- Identify the likelihood of loss or harm to Assets
- Prioritize mitigation activities to be implemented
NIST is the National Institute of Science and Technology and has been around for over fifty years. NIST came up with an actual cybersecurity framework; this framework goes into putting a sound cybersecurity strategy in place.
Cybersecurity Framework
- Identify: This is where it all begins: a Cybersecurity gameplan and strategy are defined, and budget is allocated based on Risk appetite.
- Protect: People, Processes, and Technology, as defined by the Identify process, are put in place to Protect the Critical Assets.
- Detect: People, Processes, and Technology, as defined by the Identify process, are put in place to quickly discover Threats to Critical Assets.
- Respond: People, Processes, and Technology, as defined by the Identify process, are put in place to contain and remove Threats (“Incidents”).
- Recover: People, Processes, and Technology, as defined by the Identify process, are used to return to “business as usual” or back to acceptable levels while the Incident Response process completes.
FreedomFire Communications has revamped the security matrix and aligned service providers into each of the categories listed in the framework. This makes it easier for everyone to understand where to position different services. The goal is to shift away from products and think more about the services and solutions we can provide for you.
IDENTIFY
What goes into identifying our general plan?
- General Cybersecurity Consulting
- Vulnerability Assessments
- Penetration Testing
- Compliance Readiness
- Virtual CSO
- Phishing Simulation
- Awareness Training
- Business Impact Analysis
FreedomFire Communications works with several providers who do a terrific job when it comes to cybersecurity consulting. They all have different specialties, and they all bring different skills to the table.
Next, we move to Vulnerability Assessments. The important thing to remember is that they don’t necessarily mean Penetration Testing. Vulnerability Assessments are more about asking questions and getting feedback.
If you go through a Vulnerability Assessment and a Penetration Test is recommended, FreedomFire Communications works with many providers who can help you with this. When it comes to Penetration Testing, it’s crucial to ask why you are requesting one. A good penetration test is there to uncover new vulnerabilities or validate assumptions about a security program. If you want to buy a cheap penetration test, then essentially all that you are buying is a false sense of security. The reason we are highlighting the providers listed below is that they are top-shelf; what they bring to the table is advanced expertise.
Compliance Readiness is essential. Being ready from a technological perspective is good, but not passing pass compliance criteria hurts your company’s ability to operate.
Why is Virtual CSO important? Some compliance audits you can’t pass unless you have CSO. The idea of a virtual CSO program is that, just like with other MSSP services that are offered, you get economies of scale as a customer. You’re able to leverage any of the providers listed below who offer excellent advisory services in that CSO capacity.
Business Impact Analysis is a very formal approach to risk management; it essentially lives in the identify phase and should be the driver for all security initiatives. It does take time and effort, that’s why FreedomFire Communications partners with many great providers who can bring this to you.
The idea behind a phishing simulation is to help users become more aware of what a phishing email looks like.
To be compliant, you not only have to be technologically sound, but you also need to have training for your employees. So, what are some providers who’ll come and teach your people how to understand security better?
PROTECT
Some of the elements that make up the “protect” segment of the framework include:
- Managed Security Services (Firewall, Web, Email)
- Global DDoS Protection
- Endpoint Protection
- Managed Cloud Firewall
- Web Application Firewall
- Privacy & Data Protection
- Zero Trust & Software-Defined Perimeter
- Microsegmentation
- Mobile Enterprise Management Solutions
- Remote User VPN
- Patch Management
- Secure Access Service Edge
The most common element is managed security services. The whole idea around the Protect segment is that we’re looking at protecting things coming into your organization and looking inside the organization and protecting people and systems from doing bad things.
So how do Third-Party providers breakdown between some of the most popular offerings out there? The whole conversation revolves around what you are trying to achieve and what level of services you are looking for.
When we are talking managed cloud firewalls, we’re thinking about if a customer has a collection of internet circuits they want to aggregate up to a central location within a particular region or if they have existing MPLS networks from a particular provider. Having Managed Cloud Firewalls means it’s all fully managed by the provider, and that the person doesn’t have any equipment on-prem. Web Application Firewalls, on the other hand, are a little more specific. This means we are looking at and inspecting traffic coming into that customer’s environment to make sure the bad guys aren’t trying to come in.
When it comes to DDoS, Imperva is a provider that always comes up because they have an industrial-strength application. So, what other providers does FreedomFire Communications work with when it comes to DDoS?
FreedomFire Communications works with a lot of vendors who offer Endpoint Protection. Endpoint Protection is more than just a firewall. It’s things like artificial intelligence, anti-ransomware, EDR, and MDR.
DETECT
The “Detect” phase of the framework includes:
- Intrusion Detection & Prevention
- Security Log Monitoring (SIEM)
- Advanced Threat Hunting
- SOC (Security Operations Center) as a Service
- Advanced Threat Detection and Awareness
- Machine Learning / AI
- Cloud Security Monitoring
- Log Management
- Threat Analytics
- Managed Security Service (MSS)
- Managed Detect and Respond (MDR)
- Managed Endpoint Detect and Respond (EDR)
FreedomFire Communications works with a full suite of vendors who can help with anything from Advanced Threat Detection to Threat Detection with MSS.
When it comes to Security Log Monitoring (SIEM), you should not be trying to buy these products and deploying them yourselve; you should be buying them as a service. The idea behind SIEM is to be able to detect when something bad happens and how quickly you can contain and respond to it. The limited security staff that most businesses have should spend their time on consuming the information out of these platforms instead of managing them.
What you’re buying as a customer when it comes to SOC (Security Operations Center) as a Service is the advanced people, processes, and technology. Many businesses often buy good technology and forget to think about if they have the right process and people. It takes the right expertise to manage that infrastructure. This is what you get when you purchase SOC as a Service.
RESPOND
So, what goes into the “Respond” segment of the framework?
- Incident Response, Containment, and Eradication
- Active Remediation, MSS & Endpoint Response
- Active SOC Response
- Advanced Global Incident Response
- Active Endpoint Threat Response
FreedomFire Communications likes to help you be in front of an incident. We want you to know we have instant response retainer services and that we also like to help you be prepared for the eventualities that an incident will happen in your environment.
RECOVER
Lastly, when we talk about the “recover” segment of the framework, we want to discuss the following:
- DRaaS
- BUaaS
- Asset Reconstructing and Recovery
- Continuity Planning
It is important to have a conversation about how prepared you are for a ransomware attack. Below you can find a list of providers FreedomFire Communications partners with that can help you when it comes to DRaaS and BUaaS.
To learn more about the options available to you to meet your cybersecurity requirements simply ask us at FreedomFire Communications.