Leveraging a well-known cybersecurity framework is typically best practice to creating your overall security strategy. Countless security professionals use NIST, ISO, SANS, COBIT, or PCI DSS as a starting point. Managed security services (MSS) can create a significant opportunity for small to enterprise-sized organizations that need to accelerate their cybersecurity framework adoption.
The NIST Cybersecurity Framework (CSF) is a very popular framework for organizations that wish to categorize security operations and streamline overall operations. For many organizations that dive into the NIST CSF, the organization can cover the basics but lacks the internal resources and advanced security technologies to reach higher levels of maturity within the framework. We see this as a common theme across the majority of organizations that align with security frameworks.
This presents a disadvantage for organizations that seek to build maturity and a long-term vision within their security operations. A security leader can quickly address resource and technology gaps with the help of a managed security services provider (MSS).
In fact, the Department of Homeland Security leverages MSS to support its alignment to the Protect and Detect Functions of the NIST CSF.
A managed security provider offers intrusion detection, intrusion prevention, network analysis and firewall monitoring. All typical services found within a managed security portfolio.
An MSSP can go even further with your security alignment to the NIST Framework by offering 24×7 management and monitoring of security technologies, including end-point, SIEM, anti-virus, and next-generation anti-virus, advanced security analytics, heuristics, and threat intelligence feeds.
An analysis of what skills your staff has and what skills are needed to fill the gaps will lead you to determine the right mix of outsourced security you need.
In the NIST CSF, you should look at the Protect and Detect Functions a little closer and see where a managed security services provider might be able to fill those gaps. Consider the following:
Detect Function – Develop and implement the appropriate actions to identify security incidents in a timely fashion.
- Anomalies and Events: An MSSP can collect and detect any anomalous and/or malicious activities by aggregating and correlating disparate logged information with a Security and Incident Event Management (SIEM) tool. If your internal resources don’t have the time to collect, organize, and analyze these detected events, this would be the first place you would want an MSSP to cover. Consider the following sub-categories within the NIST CSF and how an MSSP could assist your organization:
- A baseline of network operations and expected data flows for users and systems is established and managed
- Detected events analyzed to understand attack targets and methods
- Event data aggregated and correlated from multiple sources and sensors
- Impact of security events is determined and communicated
- Establish security incident alert thresholds and processes
- Security Continuous Monitoring: A team of security experts at an MSSP can continuously monitor your data assets and alert when data leaves the organization. The MSSP is also positioned to let your security team know how well your protective measures are working and where you might need to address some gaps in technology.
- Detection Processes: Like the last sub-category, the managed security provider can validate your detection processes in their entirety.
The NIST CSF categories and sub-categories are almost limitless in scope. There is always room for organizational improvement as you move across the Implementation Tiers.