Automation Tools Help with Real-Time Incident Response and Protection

Free webinar: Real-world examples of how to keep your environment secure from attacks, accelerate remediation

If you’re an information security professional responsible for incident response, you may feel frustrated and overburdened by all the manual processes needed to keep your environment safe.

You’re not alone.

In a recent Enterprise Strategy Group survey, more than 60 percent of information technology professionals say their organization has taken steps to automate incident response, but 91 percent say those processes are not effective or efficient.

Did you know there are resources and tools available to help facilitate some of these key processes for your organization? GuidePoint Security’s Virtual Security Operations Center (vSOC) analysts and incident responders have real-world experience using these types of tools. One such tool, Carbon Black, helps power GuidePoint’s vSOC enabling analysts and responders to hunt for incidents in real time, visualize the complete attack kill chain, and efficiently defend environments from attacks.

Here are some examples of how they have successfully used Carbon Black to stop incidents and monitor endpoints:

PowerShell Watchlist

Recently, GuidePoint analysts used Carbon Black to create a PowerShell watchlist for an unauthorized user attempt. Once alerted, analysts tracked down a malicious remote address and shut down unauthorized privileges on the host.

Environment audits

In another instance, vSOC analysts used Carbon Black to audit an environment to limit privilege account credentials. The audit alerted analysts to a possible vulnerability that could have allowed unrestricted access to a domain.

PUA/PUP activity

vSOC analysts recently used Carbon Black to create a custom watchlist for PUA/PUP activity. They found an instance that stood out from others and located an unapproved IE toolbar, which was loaded without approval on multiple workstations. The toolbar was isolated as a threat because it had the ability to monitor web-browsing behaviors.

Would you like to know more about these real-world incident response examples and how you can move from playing incident response catch-up to proactively hunting for threats?

Join GuidePoint and Carbon Black for a free, interactive webinar, “Conquering Challenges of Incident Response: Real-Time Hunting and Response,” at 2:30 p.m. Thursday, Nov. 17. The session will last about 45 minutes, with a chance to interact with the presenters, Stephen Jones, GuidePoint’s director of managed services, and Justin Scarpaci, technical solutions lead, Carbon Black.

Register online here.

About the presenters

Stephen Jones has more than 10 years of experience in information technology and cyber security. He specializes in security operations and has extensive experience working within the Department of Defense and the Intelligence Community.

Justin Scarpaci is a technical account manager on the Partner Success team at Carbon Black. In that role, he assists IR/MSSP partners with operationalizing Carbon Black as part of their service offerings. Justin served in the Marine Corps and has worked in multiple security roles for a defense contractor. He has a master’s degree in information security and forensics.

Can’t make the webinar? No worries. Go ahead and register now and we will send you a recording after the live presentation.

About GuidePoint Security

Headquartered in Herndon, Virginia, GuidePoint Security provides innovative and valuable cyber security solutions and expertise that enable organizations to successfully achieve their mission. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification is with the System for Award Management (SAM). Learn more at: http://www.guidepointsecurity.com.

From Cyber Analysts to Cyber Hunters: GuidePoint Security Expert to Speak at Anomali Detect

Are you ready to go from your regular job as a cyber analyst to a full-fledged cyber hunter? Join GuidePoint Security at Anomali Detect Sept. 11-13, 2016, at the Westin Washington, D.C. City Center, for a special presentation, “Cyber Hunters: Operationalizing Threat Intelligence for Cyber Analysts.”

GuidePoint Security is a Gold sponsor for the conference, and Matt Keller, our vice president of federal services, will lead a session about how analysts in Security Operation Centers (SOC) can evolve from a detection and response team to proactive cyber hunters who seek out threats before damage occurs.

Matt’s presentation will be from 3:10-4 p.m. Tuesday, Sept. 13, in room National C. He will talk about how to utilize threat feeds to reduce the amount of time it takes to identify incidents and help you plan for responses within the “Cyber Golden Hour.” He will share insight on how your security team can identify threats in real time, moving from cyber analysts to full-fledged cyber hunters.

We’ll also have a table top display set up during Anomali Detect, so be sure to stop by and view a demonstration on our Virtual Security Operations Center (vSOC). By using the cloud to provide dynamic scalability and cost savings, our vSOC analysts can provide validated security incidents so your team can focus on remediation.

For more information about Anomali Detect, visit https://www.anomali.com/anomali-detect. To register for the conference, click here.

For more information about our vSOC and how we can help protect your organization from insider threats, visit www.guidepointsecurity.com.

About GuidePoint Security

GuidePoint Security LLC provides innovative and valuable cybersecurity solutions and expertise that enable organizations to successfully achieve their mission. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: http://www.guidepointsecurity.com.

GuidePoint Security’s vSOC and Prelert’s AD Strike Back Against DROWN

In a recent blog article titled, Star Wars X – Attack of the DROWNs: Machine Learning-based Anomaly Detection Detects the DROWN SSLv2 Vulnerability, Prelert announced the ability to detect Decrypting RSA with Obsolete and Weakened eNcryption (DROWN) attacks using machine-based learning through the Prelert Anomaly Detective (AD) tool. The widespread nature of the vulnerabilities related to DROWN means that it is highly likely there are still many vulnerable servers in the wild that could benefit from the watchful eye of Prelert AD operated by the trained network defenders of a managed security service like GuidePoint Security’s Virtual Security Operations Center (vSOC). vSOC leverages the power of Prelert’s AD to enhance the native detection capabilities of our Splunk-centric monitoring platform. The DROWN use case, in addition to many other co-developed use cases, provides vSOC with finely tuned anomaly detection that enables us to quickly identify, validate, and report critical security incidents to our customers. Stay tuned to the GuidePoint vSOC blog for other joint efforts and collaborative projects all focused on the protection of enterprise networks and data through advanced monitoring and hunting techniques.

About GuidePoint Security

GuidePoint Security LLC provides customized, innovative and valuable information security solutions and proven cyber security expertise that enable commercial and federal organizations to successfully achieve their security and business goals. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: www.guidepointsecurity.com.

Is it Time to Hire an MSSP for Your Security Operations Center?

Enterprise security cannot be procrastinated. No matter the size of your business or your specific industry, a security breach is not something any company wants to experience.

The 2015 Verizon Data Breach Investigations Report states, “The forecast average loss for a breach of 1,000 records is between $52,000 and $87,000.” Not only does a breach potentially expose or harm your company’s intellectual property, but such an event may also expose information about your employees and customers. It’s time to seriously consider partnering with a Managed Security Service Provider (MSSP) before it’s too late. Using an MSSP is almost always more cost-effective than establishing the same services in-house. It is faster to set up and implement and your organization will benefit from a wider pool of expertise and experience than is accessible when confined to hiring security practitioners from your own geographic backyard.

The Extra Costs of Internal SOC vs MSSP

Cost is always a driving factor, if not the sole deciding factor, when it comes to network security decisions on behalf of your organization. Whether you require tools, personnel or services, security doesn’t contribute to the bottom line; thus, it’s easy to put the issue on the back burner and delay making changes.

What if security didn’t have to be prohibitively expensive? Using an MSSP can be significantly more affordable than the costs associated with building and running a Security Operations Center (SOC) internally.

Costs associated with implementing a SOC in-house:

  • Personnel
    • Recruiting
    • Salaries
    • Benefits
    • Holidays/Leave
    • Retention
  • Furniture & Accommodations
  • Security Appliances
  • Software Licensing
  • Professional Training
    • Vendor-based
    • Security
    • Professional Certifications

By hiring an MSSP to supplement or enhance your security needs, you won’t have many of the above costs. Estimates for using an MSSP range from 20-50% less than building a SOC in-house. If your MSSP is remote or cloud-based, you won’t have the costs associated with furniture and accommodations. You’ll also have access to the personnel employed by the MSSP. This means the benefit of collective experience and expertise for a fraction of the cost of salary. Due to relationships with security vendors, MSSP employees traditionally receive more vendor-based and general security training and professional certifications than what your average budget would pay for.

Shorter Timeframe for Realizing ROI

Any significant investment of capital is going to be tethered to an expectation of return on investment, and the ROI for an in-house built and managed SOC can take years to realize. Hiring and recruiting is expensive and time consuming, as is implementing new technologies.

Steps to ROI on an In-house SOC

  • Select and vet each security solution
  • Acquisition process
  • Vendor equipment processing and delivery
  • Change control board to install and configure the solutions
  • Baseline solutions
  • Test and tune the solutions to ensure optimum functionality

This process can take up to a year (or more). That’s a year your organization will wait to use new solutions or realize measurable ROI, not to mention a year during which your network is left unprotected.

Working with an MSSP for your SOC eliminates extraneous internal processes and dramatically reduces the time from purchase and implementation to true ROI. Additionally, partnering with a cloud-based SOC provider eliminates the testing and vetting of technologies, acquisition delays and the need for change control boards. A few internal configurations will enable the MSSP SOC provider to begin monitoring your environment and showing immediate ROI, with a secure infrastructure already in place and processes and procedures established.

Added Value of MSSP Experience and Expertise

Unlike a traditional in-house SOC analyst, an MSSP SOC analyst has a depth of experience from working with a wide array of customer environments, allowing a broadened technical perspective, knowledge on a greater variety of attack methods and issue resolution,. When it comes to enterprise monitoring, incident detection, reporting and incident response, a staff of security practitioners who perform at a high level consistently is key.

In working as a third-party, an MSSP analyst is not typically subject to internal politics or bias. Being impartial and objective as a security analyst is crucial to ensuring that all incidents are triaged fairly and appropriately. It also ensures that incidents aren’t ignored due to internal pressures from management or other business units. Simply put, the MSSP is hired to monitor and protect your enterprise. Working with a SOC partner eliminates workplace complexities and provides a more thorough and comprehensive service than could be implemented internally.

Ready to Take the Next MSSP Step?

On average, an attacker goes unnoticed for 205 days in an enterprise network. By the time personnel recognize a problem, 69% of the time they’re notified by an outside entity like the police, the government, or the attacker themselves. Security should never be taken lightly, and an MSSP is a cost-effective way to get the security monitoring and services you need to protect your organization today. With an immediate ROI and dependable security expertise, hiring an MSSP to augment and enhance your enterprise SOC is a smart business decision.

GuidePoint Security offers a fully managed Security-Platform-as-a-Service (SPaaS) called the Virtual Security Operations Center (vSOC). We provide the people, process and technology to run a world-class SOC from our cloud-based platform. The dynamic scalability of Amazon Web Services (AWS) along with the unparalleled power of Splunk, coupled with a threat intelligence platform, we’ve created a comprehensive solution for enterprise security. The GuidePoint solution is designed to augment your existing security team, allowing you to shift focus from operating information technologies to consuming IT.

If your organization is interested in learning more about enhancing your Enterprise Security posture, contact us to learn more about GuidePoint’s vSOC today!

About GuidePoint Security

GuidePoint Security LLC provides customized, innovative and valuable information security solutions and proven cyber security expertise that enable commercial and federal organizations to successfully achieve their security and business goals. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: www.guidepointsecurity.com.

GuidePoint Security is on the Move and Expanding Again!

New Headquarters Location Open House and More Offices

GuidePoint Security just expanded its business footprint to include the Lone Star State, our most recent of four new HQ Imageoffice openings. The expansion is our third location in the Central third of the country to go along with our substantial East Coast and Federal operations.

The newest GuidePoint office is located at 6136 Frisco Square Blvd., #400, Frisco, TX, 75034, 30 miles north of Dallas. This brings our location count to a total of nine offices, stretching from the Northeast to the American South-central.

In addition, we also moved our corporate headquarters from Reston to Herndon, Virginia. Our new HQ facility allows us to accommodate our rapidly growing workforce and increasing client base. Our vendor partners, prospects, and clients can now enjoy more conference rooms and our expanded training facilities. The new office address is 2201 Cooperative Way, Suite 225, Herndon, VA, 20171.

Please join us for our HQ Open House on Thursday, October 8, 11:30 a.m. – 3:00 p.m. We will provide food and beverage and a tour of our new Virtual Security Operational Center (vSOC). Please click here to RSVP or contact us at info@guidepointsecurity.com to schedule a time to stop by and visit us at any of our locations.

GuidePoint’s two other office additions are:

  • Louis, Missouri–City Place
    Two City Place Drive, 2nd Floor
    St. Louis, MO 63141
  • Alpharetta, Georgia–North Point
    555 North Point Center East, 4th Floor
    Alpharetta, GA 30022

Click here to see a full list of our locations, in nine different cities.

Founded in 2011, GuidePoint Security has experienced phenomenal growth in the four years of its existence. The organization provides customized, innovative security solutions through cybersecurity expertise, seasoned and certified staff, as well as new and best technology practices. The need for such services has skyrocketed, with more and more data and material breaches, dangerous threats and attacks, as well as increased government rules, regulations, and oversight.

About GuidePoint Security

GuidePoint Security LLC provides customized, innovative and valuable information security solutions and proven cyber security expertise that enable commercial and federal organizations to successfully achieve their security and business goals. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: www.guidepointsecurity.com.