Endpoint Security: Entering the Era of AI and XDR. - CFH #30
Cyber for Hire (Video)
Endpoints are everywhere and come in many forms, and especially in today’s BYOD environment, it’s becoming increasingly difficult to maintain visibility and control over all of them. Unfortunately, rouge endpoints represent an enticing attack vendor for adversaries who are always looking for a way inside your network. But according to an August 2023 Cybersecurity Buyer Intelligence survey of 200 security and IT leaders and executives, security professionals are hopeful that newer, more advanced tools such as AI and XDR could help minimize endpoint compromises going forward. This session...
info_outline
Level Up: How Managed Services Providers Can Exceed Evolving SecOps Expectations - Christopher Fielder - CFH #30
Cyber for Hire (Video)
The days of an MSSP or MSP being a security device babysitter are over. Clients expect more from your SOC, SIEM and SecOps offerings, and evolving attacks will demand more of you. It's time to level up -- but how does one upgrade from basic to top-tier services? According to our featured speaker, there are several key steps: more comprehensive, cross-industry threat data collection; more refined, contextual and meaningful analysis of threat telemetry data; and ample use of threat intelligence, data science and security research. This interview will examine the key challenges and opportunities...
info_outline
Supply Chain Security: How Moving Accountability Upstream Helps & Hurts MSSPs - Dave Sobel - CFH #29
Cyber for Hire (Video)
One of the most significant takeaways of the White House's recently unveiled National Cybersecurity Strategy is the assertion that software developers, OEMs, and technology service providers must bear the brunt of the responsibility -- rather than end-users -- for keeping cyber environments secure. With the looming prospect of further legislation and regulations looming that could impose greater liabilities on software products and services, MSSPs and other cyber services providers must understand where they fit into the overall scheme of things. Are MSSPs an extension of the end-user or are...
info_outline
Sign Language: How to Write Effective Security Services Contracts - CFH #29
Cyber for Hire (Video)
There's a lot that goes into the creation of a managed services contract before the client ever puts their John Hancock on the dotted line. As an MSSP, you want to make sure that expectations, for both sides of the relationship are spelled out clearly and cogently. The language within must address key terms and stipulations related to payments, roles and responsibilities, scope and scale of services, liability, and plenty more. In this segment, we'll discuss some of the most important clauses to include in your MSSP contracts, and how to avoid unfortunate omissions or vagueness that can result...
info_outline
Patrolling the dark web: The challenges and opportunities of outsourced threat intel - Alex Holden - CFH #28
Cyber for Hire (Video)
Our guest for this segment spends his days where others dare not tread: the deep dark web. Here he collects information on cybercriminal activity that could be a precursor to major attack or evidence that one has already occurred. For companies that can't or won't conduct dark-web recon for themselves, outsourcing this threat intelligence service is a valuable option. Still, this kind of contracted services relationship works only if the provider keeps its intel reports relevant, customized and timely. This discussion will cover how to make the most out of such an arrangement, as well as real...
info_outline
Equal Time? Ensuring Each MSSP Client Gets Their Fair Share of Attention - CFH #28
Cyber for Hire (Video)
Every MSSP customer is different in their own way. But they all deserve to remain secure from attacks. And so it's important that managed services providers don't play favorites to the point where certain clients eat up a disproportionate amount of time and resources. MSSPs must ensure that they are fairly and proportionally allocating their account reps, technicians, support specialists, consultants, security analysts, pentesters and a host of other employees across their entire customer base. This segment will examine recommendations on how to better accomplish this objective. Show...
info_outline
Non-compliant Clients: Righting the Ship Before Regulators Pounce - Brian Johnson - CFH #27
Cyber for Hire (Video)
Try as they might to keep their clients in compliance with privacy and security regulations, managed services providers are still at the mercy of the organizations they serve. Unfortunately, companies don't always follow the MSSP's or vCISO's advice on items like responsible data stewardship, privacy policies and breach notification. If an attack does transpire and the company draws the ire of regulators, the security services provider could even end up a scapegoat, or even embroiled in a liability case. This Q&A discussion will look at what resource an MSSP or vCISO service has when their...
info_outline
Beware FUD: Avoiding Fear Tactics when Selling Your Managed Services - CFH #27
Cyber for Hire (Video)
The consequences of a cyberattack can be devastating, and it does make sense for managed security services providers to impress on their current and prospective clients the risks of not investing in prevention and response. However, many cyber thought leaders believe that certain lines should not be crossed. Advice is one thing; fearmongering is another -- and if you pursue the FUD angle too hard, you may simply come off as a predatory opportunist looking to push your services on the customer. This discussion will reveal how to convey your message and market your services in a way that doesn't...
info_outline
M&A Madness: Overcoming MSSP Integration Challenges Following an Acquisition - Jim Broome - CFH #26
Cyber for Hire (Video)
Last year, ChannelE2E listed more than 1,000 merger and acquisition deals involving MSPs, MSSPs and other similar service provider organizations. Typically when any M&A deal occurs, there are bound to be redundancies and overlaps in services, tools and personnel. For MSSPs that find themselves in this situation, it's important to consolidate and integrate the best of their assets across multiple entities, while maintaining operational consistency. This is no small task, but this segment will offer examples and tips to help move in the right direction. Show Notes:
info_outline
Avoiding Security Monitoring Alert Fatigue: When Do You Escalate to Your Client? - CFH #26
Cyber for Hire (Video)
MSSP SOC analysts are often barraged with security alerts that pop up as anomalous activity is detected on clients' networks. Not all of these notifications are worth reporting and acting upon, but it takes only one overlooked incident to result in a full-fledged attack on the customer. This segment will look at the perennially challenging question of when it's the right time to let your clients know that something may be amiss, without inundating them with unnecessary reports. Also, we'll examine how automation can help reduce the burden on strained SOC analysts. Show Notes:
info_outlineOne of the most significant takeaways of the White House's recently unveiled National Cybersecurity Strategy is the assertion that software developers, OEMs, and technology service providers must bear the brunt of the responsibility -- rather than end-users -- for keeping cyber environments secure. With the looming prospect of further legislation and regulations looming that could impose greater liabilities on software products and services, MSSPs and other cyber services providers must understand where they fit into the overall scheme of things. Are MSSPs an extension of the end-user or are they one of the upstream providers who will be held accountable when cyberattacks occur? In what ways will the burdens on MSSPs be reduced or shifted due to federal efforts around coordinated vulnerability disclosure, SBOM use and other supply chain security strategies? This segment will explore these key issues.
Show Notes: https://securityweekly.com/cfh-29