Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Preparing Your Organization For Partnering Or Managing Your Enterprise Security

As organizations look to improve their cybersecurity efficacy and combat new threats and challenges, they may want to partner with a company to help them manage their threat detection and response. To find how to best balance this kind of relationship, we spoke to Chris Schueler, SVP of Managed Security Services at Trustwave.

An enterprise’s biggest challenge when it comes to modern cybersecurity is being able to move quickly enough to protect their organization. We’ve seen that the explosion of cloud-based services have given enterprises a lot of difficulty and added complication when it comes to security, compliance and data protection. Not only do organizations need to protect themselves against hacks and breaches, but they need to ensure they’re preventing leaks, exposures and unprotected databases, which can happen due to misconfigurations and oversight.

However, as Chris notes, an enterprise is also faced with a skill gap unlike before. New skills and new domains of expertise are required for most enterprises, but there’s a shortage of training content and materials, labs, demos and trainers. It’s not just a matter of time and money, the ability to train up your existing team just might not be available in the way you need it.

And organizations can’t depend on tools or products only - a skilled team is needed. “There’s no platform that does threat hunting by itself.” says Chris. “Organizations can’t just buy a commercial off-the-shelf solution that can perform what organizations need by itself - it requires humans.”

To properly protect and defend your organization, you need a team with the right skillset, platform and tools. If your organization lacks the team or required expertise, that’s when managing and partnering needs to be considered.


Making The Decision To Partner

When considering partnering or managing, don’t think of it as a binary choice. “It’s not a commoditized asset that’s binary,” says Chris, “where it either works or doesn’t. It’s about knowing what your organization can bring to the table and how a partner can help you fill in those gaps.”

Chris likens managed detection and response (MDR) to a pyramid - the deeper you get, the wider you go, and the more unknowns you’re dealing with. Having the right partner helps you navigate those unknowns.

However, before you can even consider a partner, you need to know what you’re looking for.


What Outcome Do You Want?

Chris recommends taking an outcome-based approach and working your way backwards. What does your security department need to be able to do - prioritize threat hunting, reactive remediation, reverse engineer malware, remote forensic analysis? It could be some of those things or all of those things. Knowing what you need allows you to understand what your organization can provide, what tools are necessary, and how a partner or service provider can help fill skill, talent, and expertise gaps.

“Managing versus partnering isn’t black and white” Chris says, “every single engagement is a hybrid approach - how much does your department want to lean one way or another?”

Once you know the outcome you want, you can begin the prep work.


Assessing Your Own Organization

You know your organization best, so bringing that into conversations with a potential partner will help you decide whether you have the capacity to deliver 50% or 10% of the work, time, and resources involved in detection and response.

When deciding to have a partner or a manager and understanding how exactly they’ll be working with you, Chris recommends taking stock of a few things adherent to your company:

  • What are your core competencies?
  • Where is your organization running? (State, local, global?)
  • What industry are you in?
  • What compliance(s) do you need to adhere to?

Then you need to know what your security department’s level of maturity is and where it plans to be in the near future. Having a timeline is essential as it will help you find the right partner and one that will work with you as your organization grows.

You should consider how your team’s skillset stacks up to your organization’s needs. Do they have the skills and analytical capabilities to engage in complete detection and response or do they have specific specializations? 

All this initial and prep work to ensure you find the right partner will also avoid a common pitfall that security departments run into - purchasing the wrong tool.


Ensuring You Have The Right Tool At Hand

Every partner or service provider has a set of specialties, skills and expertise, and that’s also true when it comes to tools. A good partner/service provider should be able to adapt their existing toolset to a new client’s customer environment and tailor it to how a client’s network is built, what their cloud/hybrid infrastructure is like, and what their risks and assets are.

If you jump the gun too early and purchase a tool that your department isn’t equipped to handle or work with and then look for a provider, you’re only creating more ambiguity and complication. You’re better off letting them work with tools they’re already familiar with and adapting to your organization instead of adapting to the tool. One is more effective than the other.


Choosing The Right Partner

If Chris could sum up the process for finding a good provider, he says “avoid buzzword bingo.”

Too many providers lean on buzzwords to market their services or products - AI, machine learning, “proprietary systems.” But it hardly provides clarity into how they work, the intelligence they use and their processes. Any partner that offers automation as a benefit is worth additional scrutiny. “If an organization is just using machines, or a system,” Chris says, “then they can’t, for example, look at malware from an analysis standpoint.”

A human team is essential for analyzing new threats, learning from events and compromises, finding patterns, understanding how hashes are applied, reverse engineering malware, threat hunting, finding more attack vectors, and preventing any lateral movement. Currently, there’s no technology that replaces this.

Chris recommends taking a back to basics approach, speaking to the experts of a potential partner (not just sales representatives), asking for a proof of concept, and references. “Make them show the work,” he says. Understanding your partner is just important as understanding your own organization.


Knowing When You Need Help

As your security department matures, it’s inevitable that your attack surface expands and your security needs increase - so you’ll need some help. Whether that’s because of a new tool, required skillsets, or because you now need 24/7 monitoring. The decision isn’t whether or not to take on a partner but in what way - will you provide 50% of what’s needed, 20%, 80%? 

Assessing your own department is the first step towards finding the right partner and one that will be most effective in protecting your company.

Find out how Trustwave’s team of MDR experts can help your organization protect itself against even the most advanced threats. 

Evan Sharenow is the content marketing manager at Trustwave.

Latest Trustwave Blogs

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More

Trustwave SpiderLabs: Ransomware Gangs Dominate 2024 Education Threat Landscape

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber...

Read More

LockBit Takedown: Law Enforcement Disrupts Operations, but Ransomware Threats Likely to Persist

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow...

Read More