Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

How to Augment Your Organization’s Cybersecurity Team and Find the Right Partner for You

Cybersecurity teams are overloaded on multiple fronts with an ever-increasing pressure to keep up with the threats and vulnerabilities they face from threat actors. However, despite that pressure, the resources a cybersecurity team requires can often be hard to find — whether it’s a specific set of talents, a larger security team to handle responsibilities or just retaining the right personnel and tools. Of course, simply managing the department is a large task in and of itself.

Often, the solution can be to find a partner or outsource some of a cybersecurity department’s responsibilities. But how to find the right partner for you or even determine which tasks and duties are outsourced can be difficult. To better understand this process, we spoke to Mark Whitehead, Global VP of SpiderLabs Consulting at Trustwave.

 

What is your long-term cybersecurity plan?

Before making a decision on whether to seek a partner or how to go about doing so, Whitehead recommends taking a step back and looking at the long-term perspective. “What’s the overall company’s long-term commitment? Most organizations tend to have varying levels of support for how much investment they want to make to a security department.” This should help you set and manage expectations for your own department.

 You should develop your department’s long-term strategy based on this and that’s when you can identify what you can work on in-house and what you can let an external partner handle. A security leader should make these considerations as a problem solved by a function of time and cost. What can you effectively build out in a year’s period? What does your team make-up look like? Do you have the resources and time and buy-in from the rest of the organization?

 “As you look at roadmaps and spend”, Whitehead says, “you’re putting in place people or services and doling out responsibilities.” This process also helps you keep proactive. You’re much better off resource-planning proactively rather than doing so as a reaction to a breach scenario and responding to pressure from the board.

 

Finding the right partner to work with

The vendor and partner marketplace has shifted and most organizations work with partners as part of a hybrid approach rather than an all-or-nothing form of outsourcing cybersecurity responsibilities. When trying to find the right partner, Mark has some suggestions for security leaders.

Be clear about nomenclature

“How vendors talk about their products and features varies”, Mark says, “and that can be confusing for people who are focusing on the end-result only and aren’t getting the details on how a company is achieving the end-result.” Make sure what they say they’re offering is aligned to your own internal taxonomy. You don’t want to find out you’ve been using the same term for different outcomes after the contract has been signed.

Know the relationship you want (and can handle)

Knowing what you want and how you want it is key, according to Mark. Do you need 24/7 support? How many status calls will you have a quarter? A month? Knowing whether the provider can deliver on these expectations and knowing that your organization is capable of working with them in that way is also important.

Don’t wait until a breach happens

“Don’t make the first engagement happen after you’ve already been breached,” Mark added. It’s harder for a partner to work with your organization if your only touchpoint is after a breach occurs. In those cases, the pressure is extremely high, and it often doesn’t end well for the partner or the organization because a lot of time is spent doing preliminary work that could’ve been done in prior calls and engagements.

Consider testing a partner out first

Mark recommends taking the vendors out for a “test-drive” with one of their offerings before fully committing to a larger partnership. Whether it’s a pentest, an external investigation, conducting red or purple team testing, it’s important to know how they work with your organization, if their communication aligns with what you’re looking for in a partner, and if the overall teamwork is conducted well. If you do end up partnering with them, having this knowledge will pay off come crisis mode.

 

Simplification is key

The reason to consider a partner to augment your existing cybersecurity team is to simplify things for your team. Mark has seen cases where an organization is filled to the brim with tools and solutions that have been bought or brought in as a knee-jerk reaction. But without a roadmap or strategy, all these tools are only adding to your complexity and slowing you down against criminal hackers.

Working with a partner will help you build out a strategy and roadmap six or twelve months down the line that will alleviate your organization’s pain points and help it run more efficiently and effectively. It will also help you have a reactive and proactive team allowing you to solve problems and issues as they come while building out a more strategic 12, 18, or 24-month vision.

With no proactivity, you’re falling into a classic CISO trap of just putting out fires and playing whack-a-mole. Instead, invest the time to plan out your department’s strategy for the year and beyond, building out your vision knowing you’ll find yourself working with an external partner. Identifying exactly what your team will need will make your search for the right partner much more efficient and help you find one that will work with your department to bring cybersecurity success to your organization.

 

 


16795_once-future-cover-image
EBOOK

Once and Future Threats: What Security Testing Is and Will Be

To protect organizations from cybersecurity compromises, security testing needs to constantly evolve. This e-book defines some of the most common and lesser known security testing techniques and how they can be used to benefit your organization.

 

Latest Trustwave Blogs

Mining Operations: Critical Cybersecurity Threats & Trends Revealed

Cybersecurity professionals often point out that threat actors do not differentiate when choosing a victim. To an attacker, a hospital is as useful a target as a law firm or even a mining operation....

Read More

Phishing: The Grade A Threat to the Education Sector

Phishing is the most common method for an attacker to gain an initial foothold in an educational organization, according to the just released Trustwave SpiderLabs report 2024 Education Threat...

Read More

Unlocking Cyber Resilience: UK’s NCSC Drafts Code of Practice to Elevate Cybersecurity Governance in UK Businesses

In late January, the UK’s National Cyber Security Centre (NCSC) issued the draft of its Code of Practice on Cybersecurity Governance. The document's goal is to raise the profile of cyber issues with...

Read More