GuidePoint Security Placed on CRN MSP 500 List for Excellence in Managed IT Services

GuidePoint Security recently made their debut on CRN’s elite 2017 Managed Service Provider 500 (MSP) list in the Managed Security 100 category.

The prestigious annual list is comprised of organizations that have demonstrated excellence in their Managed IT services and North American solution providers with cutting-edge approaches to delivering managed services. Their offerings help companies navigate the complex and ever-changing landscape of IT, improve operational efficiencies, and maximize their return on IT investments.

“GuidePoint’s vSOC Managed Security Services have experienced tremendous growth over the past two years and our inclusion on this list validates that the market is taking notice,” noted Justin Morehouse, GuidePoint Security’s Co-founder and Principal.

“We pride ourselves on our World Class customer satisfaction rating and believe that we are truly advancing the industry through our innovative approach to partnering with our customers to achieve their mission,” Morehouse said.

He cited GuidePoint’s exclusive managed services, Virtual Security Operations Center (vSOC) as one the best examples of the team’s coordinated efforts to level the playing field in terms of providing a customized solution that fits all budgets and organizational sizes, while identifying threats and vulnerabilities and creating a safer cyber environment.

“Managed service providers play an increasingly important role in the day-to-day operations of businesses across North America,” said Robert Faletra, CEO of The Channel Company. “MSPs help organizations streamline their spending, effectively allocate limited resources, and benefit from advanced expertise in the latest technologies. We congratulate the service providers on CRN’s 2017 MSP500 list, who have continually succeeded in meeting their customers’ changing needs and help them get the most out of their IT investments.”

CRN’s MSP 500 list shines a light on the most forward-thinking and innovative of these key organizations.

The list is divided into three categories: the MSP Pioneer 250, recognizing companies with business models weighted toward managed services and largely focused on the SMB market; the MSP Elite 150, recognizing large, data center-focused MSPs with a strong mix of on-premise and off-premise services; and the Managed Security 100, recognizing MSPs focused primarily on off-premise, cloud-based security services.

CRN® is a brand of The Channel Company.

The MSP500 list is featured in the February 2017 issue of CRN and online at www.CRN.com/msp500.

©2017. The Channel Company, LLC. CRN is a registered trademark of The Channel Company, LLC. All rights reserved.

GuidePoint’s Expertise Supports Your Organization’s GSA HACS Contract Needs

Imagine this: Your network is compromised with outbound connections sending data to foreign countries, and your information security team has no idea.

That’s exactly what GuidePoint Security’s analysts and incident responders discovered while actively cyber hunting for a new client in our Virtual Security Operations Center (vSOC).

Our professionals discovered open connections to more than 30 foreign countries, even though the client had no foreign interests or customers. Using Splunk’s Enterprise Security application, our team put its geolocation capabilities to work and created a map to illustrate all the foreign locations that successfully received this data.

When we alerted the client to the connections, we used the map to show the extent of the compromise. The client agreed to implement egress rules on its firewalls to limit destinations for data transfers, as well as country-blocking technologies in its perimeter security appliances to deny connections to foreign countries. By working with GuidePoint, the client narrowed the scope of who has access to its enterprise network and improved its overall security posture.

This real-world example of cyber hunting for data exfiltration is one of the many ways GuidePoint can support your organization with your General Services Administration (GSA) Highly Adaptive Cybersecurity Services (HACS) contract needs.

GSA recently awarded GuidePoint all four HACS Special Items Numbers (SINs), including, 132-45C: Cyber Hunt. The others SINs include: 132-45A: Penetration Testing; 132-45B: Incident Response; and 132-45D: Risk and Vulnerability Assessment.

With these SINs, GuidePoint’s subject matter experts can help your organization with all of your information security needs. As a federal or state/local government client, your organization will have:

  • Access to pool of technically evaluated cybersecurity vendors
  • Rapid ordering and deployment of services
  • Reduction in open market ordering and contract duplication
  • Cybersecurity/acquisition support resources from GSA

For more information about how GuidePoint has helped clients, download the full text of our SINs Use Cases.

For additional information and pricing on our IT professional and cybersecurity services, visit https://www.guidepointsecurity.com/contracts.

The Cyber Hunt Is On: Quickly Find New and Emerging Threats

Free webinar explains how you can respond to intrusions faster

Do your security analysts have limited time and resources? Are they bogged down searching through logs instead of actively hunting for potential intrusions on your network?

In a free webinar, “Active Cyber Hunting Revealed: How vSOC Identifies Threats in Your Environment,” security experts from GuidePoint Security and CrowdStrike will show you how you can more efficiently correlate data and begin your own cyber hunt for potential threats to your environment.

This free, educational webinar begins at  2 p.m. EDT Wednesday, Aug. 24, 2016. Register here now.

During the webinar, participants will learn how CrowdStrike Falcon can be integrated into a Virtual Security Operations Center (vSOC) for endpoint monitoring. By using Falcon Connect API to ingest host data into the vSOC monitoring platform, analysts can correlate endpoint data against SIEM security logs. The combination makes it easier to discover new and emerging threats.

Participants will learn how to do ad-hoc searches and queries, quickly conduct comprehensive investigations, identify insider threat activity, and create dashboards and reports.

Following the presentation, there will be a 15-minute question and answer session. Even if your schedule is full and you can’t tune-in live, go ahead and register now and we’ll send you a recording you can watch later.

Presenters will be Stephen Jones, GuidePoint Security’s director of managed services, and Kris Merritt, senior director of hunting operations for CrowdStrike.

Stephen has more than 10 years of experience in information technology and cybersecurity within the Department of Defense and Intelligence Community. His primary focus has been Information Assurance (IA) and Computer Network Defense (CND).

Kris leads CrowdStrike’s internal and external hunting programs. He has more than 10 years of experience in cybersecurity and network defense, mainly in leadership roles of security operations, incident response, digital forensics, signature development, indicator management, and tactical tool development within large enterprise networks.

“I look forward to presenting alongside Stephen on how CrowdStrike Falcon Host’s continuous endpoint visibility immediately enables SOCs and hunters to detect, analyze, and respond to intrusions at a time scale once only dreamed about,” Kris said. “Operating at this time scale has provided unique insights into malicious behavior where a human actor or even malware is involved.”

“CrowdStrike uses these insights, along with rich visibility on the endpoint, to rapidly refine its approach to the threat, Kris explained. “I’m excited about our partnership with a company like GuidePoint who is eager to use the best technology to provide the best service to their customers.”

For more information about GuidePoint and how security experts like Stephen can help you make the most of vSOC services, visit www.guidepointsecurity.com. For more information about CrowdStrike and to connect with Kris and his team, visit www.crowdstrike.com.

Don’t forget to register for this free, interactive webinar here.

About GuidePoint Security

GuidePoint Security LLC provides innovative and valuable cybersecurity solutions and expertise that enable organizations to successfully achieve their mission. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: http://www.guidepointsecurity.com.

GuidePoint Security’s vSOC and Prelert’s AD Strike Back Against DROWN

In a recent blog article titled, Star Wars X – Attack of the DROWNs: Machine Learning-based Anomaly Detection Detects the DROWN SSLv2 Vulnerability, Prelert announced the ability to detect Decrypting RSA with Obsolete and Weakened eNcryption (DROWN) attacks using machine-based learning through the Prelert Anomaly Detective (AD) tool. The widespread nature of the vulnerabilities related to DROWN means that it is highly likely there are still many vulnerable servers in the wild that could benefit from the watchful eye of Prelert AD operated by the trained network defenders of a managed security service like GuidePoint Security’s Virtual Security Operations Center (vSOC). vSOC leverages the power of Prelert’s AD to enhance the native detection capabilities of our Splunk-centric monitoring platform. The DROWN use case, in addition to many other co-developed use cases, provides vSOC with finely tuned anomaly detection that enables us to quickly identify, validate, and report critical security incidents to our customers. Stay tuned to the GuidePoint vSOC blog for other joint efforts and collaborative projects all focused on the protection of enterprise networks and data through advanced monitoring and hunting techniques.

About GuidePoint Security

GuidePoint Security LLC provides customized, innovative and valuable information security solutions and proven cyber security expertise that enable commercial and federal organizations to successfully achieve their security and business goals. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: www.guidepointsecurity.com.

Security Platform as a Service (SPaaS)

vSOCCan an entire security platform replete with people, processes, and technology be delivered as a service? It sure can.

Introducing: Security Platform as a Service (SPaaS) and GuidePoint Security’s Virtual Security Operations Center (vSOC). SPaaS combined with vSOC is one of the first such offerings to hit the market. SPaaS is the combination of Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS), and the logical next evolution of Security Information and Event Manager as a Service (SIEMaaS). vSOC is proof that the entire security platform from data ingest, security analytics, human validation, reporting and incident response can be delivered quickly and affordably to customers as a holistic security solution.

  • Software
    • Our core vSOC offering is based around Splunk Enterprise. Splunk is a SIEM market leader and an industry standard tool for machine-data analysis in every single industry.
  • Platform
    • vSOC leverages the powerful and dynamically scalable Amazon Web Services (AWS) platform. Amazon’s EC2 virtual instances power the vSOC for customers large and small. AWS commands the cloud market with approximately 27% market share and five times more cloud infrastructure than the next fourteen providers combined.
  • Infrastucture
    • The AWS platform components in conjunction with the shared resources and data comprise the vSOC infrastructure. We achieve economies of scale through the use of this infrastructure to serve many customers simultaneously.
  • SIEM
    • vSOC utilizes the Splunk Enterprise Security app to provide the SIEM-functionality not inherent in the base Splunk Enterprise software. Providing the SIEM is only part of what makes vSOC a SPaaS.

Incorporating all of the above components into a single unified package with the addition of trained cyber security analysts, security engineers and a proprietary blend of threat intelligence sources makes vSOC a unique and well positioned SPaaS in a world with a significant need for such an offering.

Making the SPaaS Intelligent

The vSOC SPaaS, while extremely versatile and powerful out-of-the-box, has been made intelligent with the addition of a threat intelligence platform designed to feed Indicators of Compromise (IoC) into Splunk for near real-time machine-based correlation. By leveraging Structured Threat Information eXpression (STIX) and Trusted Automated eXchange of Indicator Information (TAXII), the vSOC is able to process standardized threat information through open-source, standardized exchange services.

User Behavior Analytics (UBA)

No enterprise security platform is complete without User Behavior Analytics. vSOC addresses UBA through our partnership with Exabeam. Exabeam’s Splunk integration provides a robust platform for risk-based scoring of user activity within the enterprise. Exabeam uses multiple behavior models to dynamically track credentialed activity across the network. Exabeam extends the capabilities of our Splunk platform by adding Stateful User Tracking, Behavioral Analysis and a powerful Risk Engine. By identifying risky user-based activity on a customer network, vSOC can alert the customer to quickly remediate a potential insider threat.

Third-Party Threat Intelligence

vSOC has built an extensible threat intelligence platform integrated into Splunk to ingest indicators and threats from trusted third parties. This threat intelligence data is then used to detect malicious or dangerous activity within customer environments that use Splunk’s machine-based correlation capabilities. Our threat platform is Structured Threat Information eXpression (STIX) and Trusted Automated eXchange of Indicator Information (TAXII) compliant. GuidePoint has established a relationship with the Department of Homeland Security (DHS) that enables vSOC to ingest and distribute Indicators of Compromise (IoC) from the DHS United States Computer Emergency Readiness Team (US-CERT) and the National Cybersecurity and Communications Integration Center (NCCIC).

Why Choose SPaaS?

Outsourcing your security activities to a third-party provider is a cost effective and expedient solution for bringing your organization into compliance with security monitoring. While having top-quality technologies is an important component of the security process, they don’t generate much value to your business without security experts available to manage them. GuidePoint’s vSOC brings years of experience, an astounding depth of technical knowledge and the critical strategic partnerships and investments we’ve made in security technologies and threat intelligence solutions. vSOC’s SPaaS augments your existing security team and infrastructure to transform your organization into a consumer of technologies while empowering your security practitioners to focus on what’s important.

GuidePoint Security and Exabeam at the RSA Conference 

GuidePoint Security and Exabeam will be at RSA Feb. 29-March 4 hosting live demos of GuidePoint’s vSOC and Exabeam’s UBA. To schedule a time to see the demo visit: http://gpsec.me/1KfTkrM.

GuidePoint will also be hosting a reception at the RSA Conference on Feb. 29, 6-9 PM. Click here for more details: http://gpsec.me/rsa2016.

About GuidePoint Security

GuidePoint Security LLC provides customized, innovative and valuable information security solutions and proven cyber security expertise that enable commercial and federal organizations to successfully achieve their security and business goals. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: www.guidepointsecurity.com.

Is it Time to Hire an MSSP for Your Security Operations Center?

Enterprise security cannot be procrastinated. No matter the size of your business or your specific industry, a security breach is not something any company wants to experience.

The 2015 Verizon Data Breach Investigations Report states, “The forecast average loss for a breach of 1,000 records is between $52,000 and $87,000.” Not only does a breach potentially expose or harm your company’s intellectual property, but such an event may also expose information about your employees and customers. It’s time to seriously consider partnering with a Managed Security Service Provider (MSSP) before it’s too late. Using an MSSP is almost always more cost-effective than establishing the same services in-house. It is faster to set up and implement and your organization will benefit from a wider pool of expertise and experience than is accessible when confined to hiring security practitioners from your own geographic backyard.

The Extra Costs of Internal SOC vs MSSP

Cost is always a driving factor, if not the sole deciding factor, when it comes to network security decisions on behalf of your organization. Whether you require tools, personnel or services, security doesn’t contribute to the bottom line; thus, it’s easy to put the issue on the back burner and delay making changes.

What if security didn’t have to be prohibitively expensive? Using an MSSP can be significantly more affordable than the costs associated with building and running a Security Operations Center (SOC) internally.

Costs associated with implementing a SOC in-house:

  • Personnel
    • Recruiting
    • Salaries
    • Benefits
    • Holidays/Leave
    • Retention
  • Furniture & Accommodations
  • Security Appliances
  • Software Licensing
  • Professional Training
    • Vendor-based
    • Security
    • Professional Certifications

By hiring an MSSP to supplement or enhance your security needs, you won’t have many of the above costs. Estimates for using an MSSP range from 20-50% less than building a SOC in-house. If your MSSP is remote or cloud-based, you won’t have the costs associated with furniture and accommodations. You’ll also have access to the personnel employed by the MSSP. This means the benefit of collective experience and expertise for a fraction of the cost of salary. Due to relationships with security vendors, MSSP employees traditionally receive more vendor-based and general security training and professional certifications than what your average budget would pay for.

Shorter Timeframe for Realizing ROI

Any significant investment of capital is going to be tethered to an expectation of return on investment, and the ROI for an in-house built and managed SOC can take years to realize. Hiring and recruiting is expensive and time consuming, as is implementing new technologies.

Steps to ROI on an In-house SOC

  • Select and vet each security solution
  • Acquisition process
  • Vendor equipment processing and delivery
  • Change control board to install and configure the solutions
  • Baseline solutions
  • Test and tune the solutions to ensure optimum functionality

This process can take up to a year (or more). That’s a year your organization will wait to use new solutions or realize measurable ROI, not to mention a year during which your network is left unprotected.

Working with an MSSP for your SOC eliminates extraneous internal processes and dramatically reduces the time from purchase and implementation to true ROI. Additionally, partnering with a cloud-based SOC provider eliminates the testing and vetting of technologies, acquisition delays and the need for change control boards. A few internal configurations will enable the MSSP SOC provider to begin monitoring your environment and showing immediate ROI, with a secure infrastructure already in place and processes and procedures established.

Added Value of MSSP Experience and Expertise

Unlike a traditional in-house SOC analyst, an MSSP SOC analyst has a depth of experience from working with a wide array of customer environments, allowing a broadened technical perspective, knowledge on a greater variety of attack methods and issue resolution,. When it comes to enterprise monitoring, incident detection, reporting and incident response, a staff of security practitioners who perform at a high level consistently is key.

In working as a third-party, an MSSP analyst is not typically subject to internal politics or bias. Being impartial and objective as a security analyst is crucial to ensuring that all incidents are triaged fairly and appropriately. It also ensures that incidents aren’t ignored due to internal pressures from management or other business units. Simply put, the MSSP is hired to monitor and protect your enterprise. Working with a SOC partner eliminates workplace complexities and provides a more thorough and comprehensive service than could be implemented internally.

Ready to Take the Next MSSP Step?

On average, an attacker goes unnoticed for 205 days in an enterprise network. By the time personnel recognize a problem, 69% of the time they’re notified by an outside entity like the police, the government, or the attacker themselves. Security should never be taken lightly, and an MSSP is a cost-effective way to get the security monitoring and services you need to protect your organization today. With an immediate ROI and dependable security expertise, hiring an MSSP to augment and enhance your enterprise SOC is a smart business decision.

GuidePoint Security offers a fully managed Security-Platform-as-a-Service (SPaaS) called the Virtual Security Operations Center (vSOC). We provide the people, process and technology to run a world-class SOC from our cloud-based platform. The dynamic scalability of Amazon Web Services (AWS) along with the unparalleled power of Splunk, coupled with a threat intelligence platform, we’ve created a comprehensive solution for enterprise security. The GuidePoint solution is designed to augment your existing security team, allowing you to shift focus from operating information technologies to consuming IT.

If your organization is interested in learning more about enhancing your Enterprise Security posture, contact us to learn more about GuidePoint’s vSOC today!

About GuidePoint Security

GuidePoint Security LLC provides customized, innovative and valuable information security solutions and proven cyber security expertise that enable commercial and federal organizations to successfully achieve their security and business goals. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: www.guidepointsecurity.com.