From The Expert Feature Article
May 27, 2013

Cyber Defense as a Service: A Conversation with Verdasys

Verdasys (News - Alert) last week announced a managed service to prevent cyber attacks. MSP Today talked to Michael Parrella, Verdasys' director of operations for managed services, about the managed option.

MSP Today: Why should a company use an outsourced service to deal with cyber attacks?

Parrella: Companies ought to use as many technologies, tools and processes as they possibly can against cyber attack. The best defense is to leverage as much expertise as possible because the enemy has limitless people and resources. Time is of the essence because it is a guarantee that, as quickly as you are figuring if you are under attack and how that attack is happening, the attacker has completed his work and moved on. Autopsy-based cyber defense is no longer a good defense, all by itself. Companies need internal teams that understand threat and the risk to the business, not how to operate cyber defense tools and deploy software. With an outsourced service, you benefit from others who are further along in developing a mature program with people who understand threats, as well as how to prevent risky or non-compliant behaviors before they occur.

For midsize companies that are targeted by cyber attacks, a managed service helps them overcome staff and resource limitations and enables them to get effective detection, prevention and containment capabilities online quickly and efficiently. For large size companies, with dedicated cyber security teams and technologies in place, but who also have thousands or tens of thousands of host systems, a service approach can complement their existing investments, feed critical threat intelligence from endpoints to the team, enable the team to quickly roll out containment controls, and remove the challenges of managing all a cyber security product across all those end points. This enables the team to focus on intelligence collection and forensic investigation.

MSP Today: How is data protected in the cloud?

Parrella: It's not in the cloud. With the managed service, data never actually leaves the premises or is stored as part of the service. We collect only the “meta” data or descriptive data about the events that occur on the protected host systems. We make sure this data is encrypted, hashed and digitally signed before being transferred anywhere.

MSP Today: How do I know if my company needs cyber attack protection? What's the litmus test?

Parrella: If you have computers with data that you care about keeping under your control, if you believe you have data that others will covet, or if you hold other companies’ (partners) or individuals’ data (customers), then you need cyber defense. Securing the supply chain has been the drive for many companies in manufacturing and services with some large manufacturers invoking guidelines and mandates for third party providers who handle their proprietary information. This is a surprise no company wants to receive, so smart companies are getting out ahead of this if they handle proprietary or confidential information on behalf of a customer or partner. We have one Verdasys customer who is handling such data and using it in over 20 different types of applications for one of their customers. They've been able to create an environment that offers a real solution to mitigate existing and emerging threats to data, including APT (News - Alert) and other advanced cyber attacks. It's becoming a viable differentiator for them.

MSP Today: How can I tell if the threat is touching anything important, like our source code?

Parrella: This is exactly the visibility that agents on endpoints provide, both on and off the network. As quickly as the agents can be deployed, we can detect and stop advanced cyber threat as it unfolds in real time to prevent exfiltration of sensitive data. To do this effectively, you need to have visibility within the context of a wide range of system events, at the application, network, data and operating system level, and you need to be able to see different event types, for example, files being moved to unsecure FTP servers or mail servers, or into a cloud like Dropbox (News - Alert), and you need awareness of which data is classified and how.

But visibility is only part of the equation. Once you know something critical is underway, you need to be able and analyze those threats in real-time to determine what should be done about them and then centralize that intelligence and potentially export it to a SIEM tool. Then there is the action to prevent threats by issuing containment controls. You can block a file from exfiltration, automatically encrypt it and so on. And you need to be able to do this across all platforms and environments – on the network, in the cloud, virtual and online/offline. It's heavy lifting most companies don't want to do, which is why they are vulnerable in the first place.

MSP Today: Where does this type of service fit in the landscape of threat protection technologies? How does it work with my other cyber tools?

Parrella: We're complementary with sandboxes, proxies, firewalls, anti-virus and the like because you can use the threat information from these sources at the network level in order to put our controls in place. You can confirm threats, for example, those that may be partially detected, and further illuminate what an attacker is doing and with what applications, files, drives, data and so on. This helps greatly to reduce false positives. Then you can deploy protections if the threat is inside or outside the network and have those protections hit all machines – even if they're off network.