Posts

Press Release:

OPAQ Customer Nyhart Receives 2019 CSO50 Award for Security-as-a-Service Deployment

Employee Benefits Firm Replaced Hardware and Software with Cloud-Delivered Network Security to Achieve Superior Protection, Performance and ROI

 

OPAQ, the network security cloud company, today announced that customer Nyhart, a privately held employee benefits and actuary service company, has been recognized with a prestigious 2019 CSO50 Award from IDG’s CSO for its managed security project. Nyhart was selected for replacing its hardware and software security infrastructure with the OPAQ security-as-a-service platform to achieve Fortune-100 grade protection from threats, higher network performance and lower IT operating and management costs.

The annual CSO50 awards recognize a select group of organizations for security projects that have demonstrated outstanding business value and thought leadership. Nyhart will be honored at a special awards dinner on April 10 during the CSO50 Conference + Awards at the Talking Stick Resort in Scottsdale, Arizona. A full list of the CSO50 Award honorees is posted online at: https://bit.ly/2za5PCv.

“Following a series of acquisitions, we recognized the need for more advanced protection against cyber threats than we were able to implement and manage with our in-house resources, so we set out to find an alternative,” said Dave Sherman, CIO of Nyhart. “The OPAQ Cloud has allowed us to replace a complex set of individual products with a single cloud service. As an added benefit, our locations are now connected over OPAQ’s high-speed, encrypted SD-WAN instead of much slower and more expensive MPLS links.”

Nyhart is headquartered in Indianapolis with offices in Chicago, Atlanta, San Diego, Houston, Denver, Kansas City and St. Louis. The company had been growing rapidly, both organically and through acquisitions, and its small IT department was stretched very thin supporting eight offices, with more planned domestically and internationally. A sprawling patchwork of networks, devices, applications and mobile users had become too complex to manage and protect. Nyhart eliminated an array of hardware and software products with OPAQ’s fully automated and orchestrated cloud platform.

“Like most midsize enterprises, Nyhart has limited security resources and expertise,” said Kenneth Ammon, Chief Strategy Officer of OPAQ. “The OPAQ Cloud enables Nyhart to consume Fortune-100 grade protection as a utility so they can invest in growing their business.”

The OPAQ Cloud protects Nyhart with best-of-breed security that includes fully integrated next-generation firewall, endpoint protection, web application firewall and Cloud SIEM capabilities. OPAQ’s fully encrypted SD-WAN also eliminates trade-offs between protection and performance across all of Nyhart’s distributed locations since more than half of the company’s traffic never touches the Internet.

“This year’s class of CSO50 award winners raise the bar on security innovation,” said Amy Bennett, executive editor, CSO. “While delivering business value and demonstrating thought leadership are the metrics on which they are measured, the greater value is in the peer-to-peer sharing of ideas across a range of industries, across company sizes, for-profit and not-for-profit, public and private. The magic really happens on the stage at the CSO50 conference when these projects are brought to life in presentations and panel discussions. It is an honor to give them the recognition they deserve.”

 

About the CSO50 Awards
The CSO50 Awards recognizes 50 organizations for security projects and initiatives that demonstrate outstanding business value and thought leadership. The CSO50 Awards are scored according to a uniform set of criteria by a panel of judges that includes security leaders and industry experts. The 2019 awards will be presented at the CSO50 Conference + Awards, April 8- 10, 2019, at the Talking Stick Resort, Scottsdale, Arizona.

About CSO
CSO is the premier content and community resource for security decision-makers leading “business risk management” efforts within their organization. For more than a decade, CSO’s award-winning web site (CSOonline.com), executive conferences, strategic marketing services and research have equipped security decision-makers to mitigate both IT and corporate/physical risk for their organizations and provided opportunities for security vendors looking to reach this audience. To assist CSOs in educating their organizations’ employees on corporate and personal security practices, CSO also produces the quarterly newsletter Security Smart. CSO is published by IDG Communications, Inc. Company information is available at www.idg.com.

Press Release:

OPAQ CTO Tom Cross Named an Industry Leader of the Year by SC Media

IT Security Researcher, Entrepreneur and Advocate Recognized for his Contributions with 2018 Reboot Leadership Award

 

OPAQ, the network security cloud company, today announced that its CTO Tom Cross has been recognized as a Reboot Leadership Award 2018 recipient by SC Media, publishers of SC Magazine, in the C-Suite category. The annual awards honor executive and professional leaders for their unique, inventive and inspiring contributions that improve security, shape the industry, provide thought leadership, and otherwise have a positive impact on cybersecurity.

 

Tom is profiled in SC Magazine at: https://www.scmagazine.com/c-suite–tom-cross/article/790181/

 

“It’s an honor to be recognized by SC Media alongside so many great computer security professionals,” said Tom Cross, CTO of OPAQ. “We are constantly seeing the development of new attack techniques and new threats, yet millions of users are able to rely on the Internet every day because of the efforts of talented people throughout this industry, who work hard to confront these challenges.”

 

Tom Cross is currently CTO of OPAQ, which enables service providers to make Fortune 100-grade security accessible to midsize enterprises via the cloud over a fully encrypted SD-WAN. As CTO of Drawbridge Networks, he led the technical team that invented dynamic endpoint micro-segmentation security technology. He was previously Director of Security Research at Lancope and Manager of IBM Internet Security Systems X-Force Advanced Research team. Tom co-founded Industrial Memetics, which developed an early social networking platform called MemeStreams. He also co-founded EFGA (Electronic Frontiers Georgia).

Press Release:

OPAQ Joins Palo Alto Networks MSSP Specialization Partner Program

OPAQ Cloud Platform Makes It Possible for Midsize Companies to Access Palo Alto Networks Next-Generation Firewall-as-a-Service Capabilities from Service Providers

OPAQ, the network security cloud company, today announced it has joined Palo Alto Networks® MSSP Partner Program to enable managed services providers (MSPs) and managed security services providers (MSSPs) to deliver Palo Alto Networks enterprise-grade security as a cloud service to midsize companies.

“The partnership with OPAQ provides our NextWave partners a platform to provide managed security services to midsized companies. As more businesses make the shift to providing managed services, OPAQ provides partners the ability to deliver enterprise-grade security in a cost-efficient, scalable model,” said Nigel Williams, VP Global MSSP Channels for Palo Alto Networks.

According to 451 Research, “OPAQ’s cloud-based network-security-as-a-service platform simplifies traditional approaches to providing security services, delivering a robust set of security capabilities that help reduce complexity and minimize costs.”

As part of the agreement, OPAQ has selected Palo Alto Networks as the exclusive provider of next-generation firewall technology for the OPAQ cloud platform. OPAQ has deployed Palo Alto Networks appliances in its data centers across the US, and will scale up capacity to support growing demand among MSPs and MSSPs and their midsize enterprise customers.

“This alliance enables our channel partners to seamlessly deploy advanced firewall security protection through OPAQ’s fully automated and orchestrated cloud platform,” said Ken Ammon, Chief Strategy Officer for OPAQ. “Palo Alto Networks is a foundational partner for us, as their technology is an integral part of the security stack in the OPAQ Cloud.”

OPAQ’s enterprise-grade security is delivered through a per user subscription model that tightly integrates a fully encrypted SD-WAN and best-of-breed security capabilities powered by Palo Alto Networks and other trusted security technologies as well as OPAQ’s own patented technologies. It enables service providers to deliver robust protection, centrally monitor and manage customer networks, enforce policies, and generate customizable reports for security and compliance through a single interface. Midsize enterprise clients using OPAQ’s security-as-a-service have decreased costs by more than 40 percent and accelerated deployment time by 91%.

Together, OPAQ & Palo Alto Networks are raising the bar for small and medium-sized businesses

Small and medium-sized businesses face a unique set of challenges protecting their networks from attack. Beyond the constraints of budget and the availability of talented people, many of the best security tools & technologies are designed with large enterprises in mind. They are often architected for large footprint deployments and packaged in way that places them out of reach for smaller organizations. This makes small and medium-sized businesses a particularly attractive target for computer criminals, who know they can get access to valuable information in environments that may be struggling to implement effective controls and countermeasures.

Through our partnership, OPAQ & Palo Alto Networks are working hard to address these challenges. We’re proud to have been invited to participate as a Platinum Sponsor of Palo Alto Network’s 2019 Sales Kickoff event this month in Toronto. We’ll be there exhibiting solutions that we think will change the game in a major way.

Enabling a Network of Service Providers

A keystone of our strategy is to engage with security service providers. Small and medium-sized businesses need trusted advisors who understand their business and can help them mature their security programs in the right way. We recognize the essential role that service providers play, and our mission is to enable them with tools that have the right fit for their customers. This is why OPAQ announced in January of this year a pivot to a 100% channel based sales model.

Every technology that we build at OPAQ has been designed from the ground up to meet the needs of service providers. A few examples include our unique policy management interface, which makes it easy to set customer security policies across multiple control technologies from a single place. Our zero-trust endpoint technology, which provides visibility and control deep within client networks without having to go on-site. And, our reporting engine, which is specifically designed to enable service providers to illustrate the value of the work they’re performing on behalf of their clients, and facilitate conversations with clients about specific gaps in their security programs.

The Firewall-as-a-Service Model

The way to make network security technologies more accessible while achieving economies of scale is to provide them from the cloud as a service. Clients who are serious about security should accept no substitutes in terms of the protection capabilities they are deploying. We start with best-of-breed next generation firewalls from Palo Alto Networks. The intrusion prevention capabilities, threat intelligence, and Wildfire 0-day malware and exploit analysis engines that are built into the Palo Alto Networks platform are second to none.

We deploy Palo Alto Networks firewalls in OPAQ’s high performance cloud infrastructure at multiple points of presence throughout the world, and allocate fractions to serve each individual customer. The service can scale down to handle small offices with a handful of employees, it can scale up to facilities with thousands of end-users, and it can grow elastically as each client’s needs change. New customer networks can be rapidly connected with a hardware edge device or virtual appliance from OPAQ, in a variety of standalone as well as high availability configurations. The result is that service providers can quickly deploy security capabilities that their customers know and trust, which are scaled to fit demand.

Zero-Trust Software Defined Network Segmentation

Security professionals increasingly realize that we need to operate networks on a Zero-Trust footing to contain sophisticated threats. Moving network security devices from the edge into the cloud provides flexibility and economies of scale, but it is also important to segment internal networks properly to prevent the propagation of malware within them, and service providers need the ability to do this remotely.

This is where OPAQ’s ground breaking endpoint segmentation software comes into play. OPAQ’s software dynamically controls the firewall policy on each endpoint in real-time, providing service providers with full visibility into east/west traffic within client networks and the ability to control that traffic. Incident responders can use this capability to quickly investigate security incidents on the internal network and take action to remotely quarantine infected hosts. OPAQ’s policy management interface also allows granular internal policies to be defined, based on user and host identities as well as IP address ranges, which are automatically synchronized by the OPAQ platform between endpoint and network firewalls.

OPAQ and Palo Alto Networks are Raising the Bar

OPAQ’s Zero-Trust endpoint technology and Palo Alto Networks’ Next-Generation Firewalls work in concert through the OPAQ platform to enable security service providers to deliver an unprecedented level of protection to their small and medium-sized clients. These advanced security capabilities were previously inaccessible in a cost effective manner, but now they can be deployed rapidly at a scale that is right-sized for these clients, with a platform that is elastic enough to grow with them.

SMS Hijacking: What do Midsize Enterprises Need to Know?

The security world has been buzzing recently about attacks that target text message-based multi-factor authentication (MFA) systems. In mid-July an article in Motherboard detailed the criminal underworld that has formed around the lucrative practice, which can be used to compromise consumers’ online banking accounts, steal bitcoins, and hijack popular social media accounts. On August 1st Reddit announced that an attacker exploited SMS-based MFA to compromise several employee accounts at its cloud and source code hosting providers. This is a security issue that deserves some focus because of the fact that criminals have operationalized the attack techniques involved.

How do these attacks work?

The attacks target multi-factor authentication systems that work by sending a text message to the user with a code in it that they must enter in order to access their account. The attack works by taking over the victim’s phone number, so that the attackers receive the access code instead. The most common techniques for hijacking a mobile phone number are a “SIM-swap” and a “port-out scam.” In a SIM swap, the attacker convinces the phone company to associate the phone number with a different SIM card. On a “port-out” the attacker convinces the phone company to transfer the number to a different phone company. These attacks can be performed by social engineering phone company employees, but may also involve corrupt insiders at the phone company who take a cut of the proceeds from the scam.

In both cases, when the attack takes place, the victim’s phone will lose service, and may receive text messages from the phone company indicating that the SIM or phone number has been moved.

What should enterprises do?

First, consider educating end users about the issue. If they receive unexpected messages indicating that their SIM has been moved and their phone won’t connect to the cellular network, they may be the target of an attack in progress, and they should contact their phone company immediately. In some cases it may be possible to dial 611 to reach the phone company even if service is not active. Some phone companies offer additional security features such as PIN codes and Port Validation that can be enabled at no additional charge.

Second, review the multifactor authentication systems that you have in use. Systems that rely on pushes to a mobile app or a hardware token aren’t vulnerable to this attack, but some MFA systems support multiple modes and allow the end user to decide which authentication mode to use. Consider deactivating modes that rely on text messages and phone calls. However, it is also important to keep perspective. Mobile phone based MFA is better than not having MFA at all. It’s vulnerable, but it’s another hurdle that an attacker would have to cross, and it should be adopted in places where it’s not possible to use more secure systems.

Third, consider your network architecture. Organizations increasingly rely on cloud hosted systems that may be exposed to the entire Internet, whereas in the past internal corporate applications were usually hosted behind firewalls. The ‘de-perimeterized’ network requires more care regarding what services are exposed and how/where they can be accessed.

One strategy that can be effective is to lock down remote administration services in the cloud so they will only accept traffic from the egress IP address of your organization’s firewall. Administrators will then have to access your corporate VPN before they can administer your cloud, where you can enforce strong multi-factor authentication.

A more secure approach is to place internal applications hosted in the cloud within your VPN. OPAQ’s unique Firewall-as-a-Service approach can connect far-flung corporate offices with data centers and clouds without the expensive overhead of deploying individual firewalls to each location or backhauling traffic to and from a corporate headquarters. We can work with you to build a network that enables your organization to efficiently adopt cloud services without losing the security capabilities of your traditional VPN.

What is a Next-Gen Host-Based Firewall and why would anybody care?

Host-Based Firewalls are a simple technology that is generally used to prevent unwanted inbound traffic by port number. They don’t play a significant role in most enterprise security programs because its too much work to manage policies for each individual host. Instead, organizations prefer to enforce policies with network firewall devices that can protect large numbers of hosts from a single location.

New technologies have recently started to change this by providing a way to manage large numbers of individual endpoint firewall policies from a central system. We call these solutions Next-Generation Host-Based Firewalls, although the term Micro-Segmentation is also sometimes applied to this space. There are two primary trends that are driving this change:

Cloud Adoption: Workload mobility combined with the absence of traditional network architecture in cloud environments has meant that in some cases, firewall policies have to be managed on an individual endpoint basis, and there need to be tools that facilitate this.

Sophisticated Targeted Attacks: These days the initial point of infection for an attacker within a network is just a foothold that is used to spread internally in search of vital information to steal or encrypt with ransomware. This fact has driven organizations to pursue a Zero Trust approach to network security, where hosts inside the perimeter are not considered inherently more trustworthy than hosts outside the perimeter. The ultimate Zero Trust model means that every host is capable of defending itself, and tools are needed to orchestrate that defense.

As various Next-Generation Host-Based Firewall solutions have come on the market, the market has begun to define itself around a few key features or characteristics that all of these products share:

Central Policy Management: Obviously a “table stakes” requirement for these solutions is the ability to create a policy for a large number of individual endpoints from a central policy management tool. These policies are managed in one place, but enforced in many places — by each individual endpoint system.

Network Visualization:Crafting a security policy for large numbers of endpoints can be challenging. Next-Generation Host-Based Firewalls typically collect logs of network traffic from each endpoint and can provide the user with the ability to see and explore their network and it’s interrelationships. This can be a powerful tool for investigating security incidents as well as building policies that can contain them.

Abstract Policy Making: Traditional Firewalls enforce policy based on IPs, ports, and protocols. This can be inadequate for dealing with the complex set of interactions that occur on an internal network where workloads and workstations can move around. Typically, Next-Generation Host-Based Firewalls allow policies to be defined based on the identity of a user or of a workload or application, regardless of what system, IP or port is involved. This makes policy definition much simpler by allowing the user to express rules in human terms.

In our view there are three main architectural approaches to building Next-Generation Host-Based Firewalls. In describing these architectures, we use the words “active” and “passive” to refer to the role that the central policy management system takes in making case-by-case enforcement decisions.

Passive: A Passive Next-Generation Host-Based Firewall system is capable of pushing traditional, static firewall policies out to endpoints, but the central policy management system takes no direct role in policy enforcement. When new connections are made or received by each endpoint, the endpoint evaluates them against the policy it has been given and chooses whether to allow or block them.

This architecture has the advantage of imposing minimal latency at connection establishment and being resilient against temporary loss of connectivity between endpoints and the central policy manager.

Active: Instead of pushing static policies out to endpoints, an Active Next-Generation Host-Based Firewall makes enforcement decisions at a central controller. When each new connection is made or received by each endpoint, the endpoint contacts the controller and the controller decides whether or not the endpoint should allow or block, on a case-by-case basis. In this sense the controller is playing an active role in making enforcement decisions.

This architecture has the advantage of being able to adapt policy enforcement decisions immediately to changing circumstances on the network, such as when a host moves to a different network segment, or when a decision has been made to quarantine a compromised host. This adaptability is necessary to enable micro-segmentation in traditional office environments where rapid changes are commonplace. While there is some cost associated with this architecture, the latency and availability impacts are comparable to those imposed by the use of DNS servers.

Hybrid: A hybrid solution combines the best of both architectural approaches, allowing for dynamic policies to be enforced in real time by a central controller, with static backups in place that can make rapid decisions when the controller cannot be reached.

The OPAQ Cloud delivers Active & Hybrid Next-Generation Host-Based Firewalls. We believe that these technologies play a key role in securing the hybrid networks of today, especially as workloads move to the cloud and networks de-perimeterize. They enable enterprises to pursue a true Zero Trust approach to network security — where hosts on the internal network are not inherently trusted. The Zero Trust model is a prerequisite for defense against sophisticated threat actors, and a step toward totally new kinds of enterprise network architectures where perimeter defenses are no longer required.

Gartner Hype Cycles: Why You Should Believe this Hype

Can there be any more security buzz flying around in the market today? With an estimated 1,600 security vendors each espousing their own rhetoric as to why you just can’t survive unless you have their latest doohickey, it’s no wonder that executives are confused about what’s a smart security investment.

Industry analysts are doing what they can to help executives navigate the complexities of the security market. The sheer number of security categories, sub-categories, and sub-sub-categories is simply astounding, and can further complicate things. And just when you think you have a handle on the latest security trends and you’re confident you know exactly what it is you need, a new threat, new trend, or new technology emerges and makes you re-think everything yet again.

451 Research keeps a close eye on the security market, producing a variety of insightful research including Impact Reports, which feature different companies and independent perspectives on the strengths, weaknesses, opportunities, and threats (SWOT) of those companies. In fact, you can see an Impact Report on OPAQ here.

Gartner also produces a variety of research reports. Some of the most popular reports are the Gartner Hype Cycles, which can be useful as visual guides in helping executives assess different types of security technologies. Two Gartner Hype Cycles that were released earlier this month were the Hype Cycle for Threat-Facing Technologies and Hype Cycle for Enterprise Networking and Communications (these reports are accessible only to Gartner subscribers). The former Hype Cycle features security technologies that aim to “prevent and protect IT systems and applications from attack, enabling fast and effective response.” The latter Hype Cycle features technologies that can help executives to “evolve their networks to support functional and strategic business requirements” and “support digital business initiatives and new business models while also providing flexible, resilient, and scalable connectivity.”

As different as these two Hype Cycles are, there is a common thread – Firewall-as-a-Service is a category represented in both, which features the need for tight integration of networking and security, as well as for automation and orchestration. It’s the first time that Firewall-as-a-Service (FWaaS) is represented in the Hype Cycle for Enterprise Networking and Communications. In both Hype Cycles, it’s defined as “a multifunction security gateway delivered as a cloud-based service or hybrid solution. The promise of FWaaS is to provide simpler and more flexible architecture by leveraging centralized policy management, multiple enterprise firewall features and traffic tunneling to partially or fully move security inspections to a cloud infrastructure.”

With a benefit rating of “High” the business impact of FWaaS “offers a significantly different architecture for branches or even single-site organizations. It also offers greater visibility through centralized policy, increased flexibility and potentially reduced cost by using a fully or partially hosted security workload.” OPAQ is referenced in both Gartner Hype Cycles as a sample vendor providing FWaaS, with serious enterprise-grade Next-Generation Firewall protection powered by Palo Alto Networks.

The as-a-service business model in security is not going away – it’s more than hype; it’s a mainstay. Integrating networking and security into a single cloud service that is simple to deploy and maintain eliminates cost, complexity, and much of the feature-focused security noise that plagues executives pondering smart security investments.

Why Gartner Named OPAQ a 2018 Cool Vendor

On June 1, after an in-depth evaluation, leading technology research firm Gartner named OPAQ one of only three Cool Vendors in Security for Midsize Enterprises (MSE) for 2018.

According to the report, “These vendors offer a compelling combination of innovation and midsize enterprise suitability. Midsize enterprise IT leaders responsible for security and risk management should familiarize themselves with these impactful approaches to improving security posture with finite resources.”

What makes a hot company a cool vendor? Gartner’s definition of a Cool Vendor is a small company offering a technology or service that is:

Innovative — Enables users to do things they couldn’t do before

Impactful — Has or will have a business impact, not just technology for its own sake

Intriguing — Has caught Gartner’s interest during the past six months

Gartner analysts stated: “Security-as-a-service vendor OPAQ is cool because it can provide MSE IT leaders with a caliber of managed network visibility and control — at a predictable operating expenditure price — that is typically out of their reach. MSEs that lack staff expertise to manage and monitor multiple network security appliances and consoles can benefit from the OPAQ Cloud.”

Gartner released the Cool Vendors report just prior to the start of its 2018 Security and Risk Management Summit. Several of us from OPAQ attended the event, which drew an increasingly larger audience of midsize enterprises who value Gartner’s insights on the technology landscape and emerging trends.

We were delighted to see OPAQ referenced in analyst sessions and in presentations. Moreover, we were excited to hear that OPAQ was being discussed by executive attendees to analysts during their one-on-one analyst meetings.

There is no doubt that the security-as-a-service solution OPAQ delivers will be a mainstay in a market that is embracing simplified, cost-effective enterprise-grade security from the cloud.

We’re extremely proud of this recognition from one of the most highly respected analyst firms.

MSSP Metrics: Key Risk Indicators (KRIs)

Key risk indicators (KRIs) are used to measure future adverse impacts of events and activities. They are widely used in areas such as healthcare, operations, and disaster risk management. KRIs use existing system and security sensor data to calculate residual risk due to IT operations.

The inputs are similar to a combination of SIEM, GRC, and threat intelligence systems; the output is continuous, objective, actionable metrics. With easy-to-understand and security-posture relevant metrics, technology leaders can design measurable goals and communicate the status and health of security operations to business leaders for decision making purposes.

A platform that supplies KRIs approaches risk measurement differently from traditional systems:

  • Observed Behaviors Across the Enterprise. The platform collects information on actual events observed in the enterprise – not theoretical “possibilities” based on predictive analytics. The concept of false positives does not exist because only real, live events reported by sensors are observed and go into the calculation of a risk indicator.
  • Residual Risk. Even with all cyber defenses in optimal configuration, risk factors ebb and flow throughout enterprise systems. The platform collects evidence and calculates risk factors, tracking and reporting on residual risk. This is the risk that really matters, and not, for example, theoretical risk due to “intelligence” of activity on the internet.
  • Normalization, Quantification, and Context. The platform applies machine learning and advanced statistical analysis to determine what is normal, what is important, and provides context around both of those in the form of calculations or reports.
  • Continuous, Objective. Audit results tell a story of compliance around a point in time. Manually compiled reports are unreliable. KRIs measure risk and activities in real-time directly from sensor outputs, offering a continuous and consistent view of activities independent of interpretations, audit schedules or quarterly reports.

KRIs can “roll up” the stream – which is more like a fire-hose – of sensor data into easy-to-understand metrics:

Vulnerabilities

What vulnerabilities are you susceptible to, and what steps do you need to take to resolve those issues?

The key here is not to bludgeon or overwhelm your customers with problems. There might be dozens of new vulnerabilities being discovered on a daily basis, but only one or two of them are actually relevant to the customer’s critical IT environment. (On the other hand, if all of them really are noteworthy, then you have bigger issues to deal with.)

Threat Intelligence

What threats in the wild are you susceptible to, and what steps do you need to take to resolve those issues?

Your approach to threat intelligence should be very similar to how you approach vulnerabilities. Customers should be able to easily answer questions such as:

  • Is there any evidence that I have been breached by one of the well-known threats?
  • Does my MSSP regularly conduct threat-hunting missions in my environment? How many of these missions have occurred in the past week or month?
  • Is my MSSP finding evidence of data breaches or attacks against my industry peers?

New Threats

What are the most recent threats to appear in the cyber security landscape?

One extremely important IT security metric is the number of new threats that the customer has faced recently. If this figure is steadily increasing or has seen a rapid spike from normal levels, it is a strong indication that the customer is on the receiving end of a targeted attack, or will be in the near future.

New threats are often more dangerous because clients and MSSPs likely do not have a prescription ready to handle them.

Defense Effectiveness

Are attempts to shut down a threat or eliminate a vulnerability effective?

When you try to patch a security flaw, you need to know that you have resolved the problem and that it will not continue to resurface every few days or weeks. Just like treating an illness, successfully handling cyber security issues means that you identify the root cause of the matter, instead of just addressing the symptoms, then remove it.

Severity and Velocity

Is your environment getting better or worse in terms of the pace and intensity of threats?

Of course, any company above a certain size will be the target of probes and attempted attacks from malicious actors, and many of them will already have fallen victim to a breach. However, an increase in the leading indicators of attack activity, such as the pace or severity of events, is a clear sign of a targeted attack or client industry-wide focused campaign.

Metrics that show severity and velocity will allow you to easily pinpoint the concentration of this kind of attack, allowing you to react quickly.

Surface Area

Is there a dramatic increase or decrease in the number of hosts showing activity on your network? Are there any major critical or high events against my critical monitored assets?

A significant spike in the number of hosts showing defense activity, such as a tenfold increase from 100 to 1,000, could indicate that attackers are broadening their scope. Of course, it could also be due to a benign event, such as the acquisition of a new company and the merger of the two networks. Whatever the reason, such an anomaly needs to be identified and examined by security experts.

Another consideration for surface area is the location of your critical assets. You would expect that parts of the network such as the DMZ are more susceptible to would-be attackers trying to expose issues and create holes. These events are definitely important, but far more important would be something like a sudden increase in the number of high and critical events against your customer’s financial data. In this case, you should look into the problem immediately and find out what’s going on.

Architectural Maturity

Are your tools working to identify, detect, protect, respond and recover as you need them to?

MSSPs might fill out an OWASP Cyber Defense Matrix on their clients, to keep track of how well each customer’s security architecture is performing and compliance framework is being covered. This will give you a clear picture of where you are, what you are missing and how you will resolve it along the way.

Why FourV and OPAQ Joined Forces

I’m pleased to be writing this post as a member of OPAQ Networks, following the announcement today that FourV Systems has become part of the OPAQ family. Our two companies share a common focus — empowering MSPs and MSSPs with security automation to help them gain greater visibility and control while substantially simplifying the management of their customers’ network and security architecture.

FourV’s patented GreySpark solution provides continuous security metrics, compliance monitoring and reporting. And the OPAQ security-as-a-service platform integrates comprehensive enterprise-grade security capabilities with a private software-defined network backbone. Together, we’re delivering the single most effective and efficient tool that MSPs and MSSPs can use to:

  • Identify what security controls should be prioritized;
  • Manage and enforce best-of-breed network security controls; and
  • Demonstrate and communicate the value of security services to technical and non-technical decision makers

Beyond this natural technology “fit”, several other factors convinced FourV’s management that we could achieve goals more quickly as part of OPAQ.

OPAQ’s platform is built to address a market that we at FourV also believed is both underserved and critically important – the midsize enterprise. These companies often find challenges in applying the personnel and financial resources needed to acquire, deploy, and manage the type of security infrastructure required to properly fend off today’s advanced threats. OPAQ’s cloud platform levels the playing field, packaging their best-of-breed security platform in a way that is accessible for midsize enterprises while also making it simple for service providers to manage.

OPAQ’s leadership team and support teams are also extremely experienced in our space. Glenn Hazard and Ken Ammon certainly ‘get it’ when it comes to the intersection of business and technology needs of service providers and the midsize enterprises they support.

The FourV solution serves as a complementary addition to the OPAQ cloud platform. An assessment of the security operations performance and compliance maturity is often the first step MSPs and MSSPs need to take with their clients in order to provide trusted recommendations to reduce risk and exposure. We could not be happier that we are now a part of an organization whose platform enables those MSPs and MSSPs to meet the needs of their clients by giving them the ability to instantly deploy and manage enterprise grade security.

Want to learn more? See how simple it is to get started with OPAQ.