Beating the bad guys with managed security services

• IBM's Cost of a Data Breach 2021 report reveals it can take an average of 287 days to find and contain a breach.
• Achieving resilience requires dedicated resources and complex toolsets that can be prohibitively expensive.
• For many companies, the challenge is inherent in how technologies are deployed and configured, criminals leverage multiple attack vectors to exploit gaps in your security controls.
• Security is a cost centre for customers, but a necessary one if you want to protect yourself (environment).
• Gijima leverages IBM Qradar (security information and event management) for its security information and event management platform, adding IBM Resilient (security orchestration, automation, and response) and IBM QRadar Advisor with Watson (artificial intelligence).

Does lightning strike the same place twice? In the cyber crime world, it happens all the time. In early 2019, ransomware infected a major local private enterprise, leading to substantial losses and downtime. It took months to untangle the problem. Working with this customer, Gijima accelerated a cyber security roadmap to introduce next-generation protection technologies. A few months later, another ransomware attack snuck in. This time, thanks to the adoption of next-generation cognitive capability and automation, the incident lasted barely an hour and had zero impact on business operations.

The message from this experience is that modern cyber security technologies improves business resilience.

Cyber criminals don't always win

It's easy to be overwhelmed by stories about cyber crime. Forbes reports that 2020 broke nearly all records around the number, cost and impact of cyber crime events. IBM's Cost of a Data Breach 2021 report reveals it can take an average of 287 days to find and contain a breach.

Yet cyber security technologies have continued to evolve, and companies can make themselves highly resilient against online criminals, explains Lukas van der Merwe, Specialist Sales Executive: Security at Gijima: "Cyber security that functions as intended is largely transparent. What the statistics don't tell us is how often attackers failed because they came up against resilient security. However, achieving resilience requires dedicated resources and complex toolsets that can be prohibitively expensive. As a result, many organisations still depend on perimeter defences and have very little detection and response capability, which is required when criminals successfully exploit the gaps in those defences. The solution to that? Next-generation cognitive technology deployed as part of a managed service, and delivered by seasoned practitioners through established processes. This approach has time and again proven successful."

The mistakes of poor security

To achieve resilience, one needs to have visibility of anomalous activities that may indicate your defences were breached and the tools and processes to rapidly and decisively react to such events to limit the impact.

Most security products are outstanding and capable of combating intrusions. However, cyber criminals invest as much if not more to find ways to circumvent these technologies, even deploying their own breed of cognitive technology. The fact is that no system is impenetrable and no product infallible.

"For many companies, the challenge is inherent in how technologies are deployed and configured," says Van Der Merwe. "Criminals leverage multiple attack vectors to exploit gaps in your security controls. The lack of integration between disparate toolsets and poor configuration of the use cases and controls produce higher occurrence of false positives, which reduces the capacity available in your security team to adequately analyse and respond."

Many organisations find themselves in this situation. They invested in security systems and personnel. Yet they still lack visibility, they don't have the experience and resources to thoroughly integrate security systems, and they likely don't have enough security staff.

To borrow the example of a racing team, it's as if you own the parts for a high performing racing car, but your pit crew is too small to put it together, and you don't have a map of the course you're racing.

The same with cyber security; why put pressure on your internal team to manage your security rather than getting experts who can put everything together for you?

Managed security services fight back

Gijima recommends contracting the services of a managed security service provider (MSSP) to lighten the security burden.

The MSSP is not a software reseller. MSSPs create security service environments by selecting and integrating different services. For example, Gijima leverages IBM Qradar (security information and event management) for its security information and event management platform, adding IBM Resilient (security orchestration, automation, and response) and IBM QRadar Advisor with Watson (artificial intelligence). Such services are adapted to specific customer environments, and the MSSP's professionals monitor and maintain that security. It makes the difference between a breach that lasts for months and one that fizzles in an hour.

"Security is a cost centre for customers, but a necessary one if they want to protect themselves," says Van Der Merwe. "MSSPs make it their business to run customer security. This motivates MSSPs to invest into security, continually improving the technology and skills involved. It's much easier for MSSPs to keep costs lower because of economies of scale. In other words, MSSP customers get the security they need with visibility and costs they can grasp and manage."

While some organisations may choose to invest only in their own technology and capability, MSSPs offer key benefits:

• Investment: Many next-generation technologies are prohibitively expensive when dedicated to one client. MSSPs make the initial investment in infrastructure and deployment, with each client only paying for what they need.
• Skills: MSSPs provide ongoing training and skills transfer, providing exposure to a wide variety of clients across industry verticals and geographies and sharing the load across an extended team.
• Capacity: An MSSP has shared and spare capacity to accommodate spikes in demand as well as consistent growth.
• Experience: MSSPs have visibility of a far broader threat landscape, exposing analysts to hone their skills and gain experience in handling complex cyber security incidents under pressure.
• Currency: MSSPs are competitive by remaining current and maturing continuously.
• Flexibility: Leading MSSPs offer flexible commercial and delivery models, including pay-as-you-use options, more dedicated capacity or a blend of the two. There is a model that fits every customer's requirements.

The Gijima Cyber Defence Centre (CDC) with Advanced Cyber Defence Services reflects these six benefits. Our customers know that if you want reliable security that arrests breaches and reduces business impact, you should partner with an MSSP of Gijima's calibre.

The Gijima process and adoption of basic fundamental security controls, complemented with a cyber security programme are starting to help its clients and customer to prevent security risks and loopholes, thereby ensuring organisations are adequately equipped to deal with the dark world of ransomeware attacks.

Join Gijima on 3 November 2021 and discover what MSSPs can do for your business' security, costs and peace of mind.

Register at https://www.itweb.co.za/microsite/gijimabusinessresilience/webinar