Co-managed Security
This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these messages)
|
The Co-Managed IT security service model entails security monitoring, event correlation, incident response, system tuning, and compliance support across an organization's entire IT environment. Co-Management allows organizations to collaborate with their managed security service providers by blending security expertise of the provider with the contextual knowledge of the customer to optimise security posture.[1]
Outsourcing all IT security affairs can leave clients in the dark in regards to major security breaches or events.[2]
The combined involvement of the client and managed security service providers (MSSP) in relation to SIEM softwares allow for immediate response to security breaches, increased transparency and reduce workload for internal IT security teams.
The cooperative management of SIEM softwares can allow for the sharing of expert knowledge between internal IT security teams and the MSSP.
Co-Managed security services also allow for organizations’ critical data and tools to be remotely managed by a team of certified engineers and security analysts from a 24/7/365 Security Operations Center (SOC). This service approach allows for customer data to remain in-house while the SIEM platform is either on-site or cloud-hosted. The service provider's staff work in conjunction with customer security teams to outline the rules of engagement inside the environment to provide monitoring and response to alerts in real-time. The Security Operation Center also provide the “care and feeding”, and development of a variety of security solutions. The co-managed approach also allows organizations to focus on emerging internal projects and other critical areas of IT.
According to Gartner's How and When to Use Co-managed Security Information and Event Management report, “Co-managed SIEM services enable security and risk management leaders to maximize value from SIEM and enhance security monitoring capabilities, while retaining control and flexibility.” and "Co-management is on the rise and expected to grow five-fold by 2020."
SIEM,[3] IDS/IPS, Compliance Automation, Network Configuration Management Tools, Advanced Threat Intelligence, Network Access Control, Endpoint Threat Detection and Response, Application Security, File Integrity Monitoring, Forensic Investigation, and Vulnerability Scanning and Assessment, are all examples of cyber security solutions that co-managed service providers support.[4]
References
[edit]- ^ Gill, T. Grandon. Cybersecurity Discussion Cases. Informing Science. ISBN 978-1-68110-037-1.
- ^ Dosal, Eric. "3 Advantages of Using Co-Managed SIEM". www.compuquip.com. Retrieved 2020-08-03.
- ^ "Security Information And Event Management (siem)". Gartner. Retrieved 2020-07-05.
- ^ "Co-managed SIEM". www.eventtracker.com. Retrieved 2020-07-05.