SlideShare uma empresa Scribd logo

Evolving Security 5 Reasons to Outsource Network Security Management in Today's Threat Environment

XO Communications
XO Communications

This white paper describes the reasons why companies outsource network security management in today’s threat environment. It includes an assessment of the overall threat landscape, and reviews five key benefits of outsourcing.

Tecnologia
1 de 12
Baixar para ler offline
EVOLVING SECURITY 5 REASONS TO OUTSOURCE NETWORK SECURITY MANAGEMENT IN TODAY’S THREAT ENVIRONMENT xo.com
Evolving Security 5 Reasons to Outsource Network Security Management in Today’s Threat Environment Contents Introduction 3 Network Security is More Complex Than Ever 4 Costs from Attacks are Increasing 5 The Need for a Collaborative Approach 5 1. Greater centralization of network security controls and policies 6 2. Deeper and broader coverage 7 3. Experience and competence 7 4. Increased responsiveness 8 5. Cost savings (operational and opportunity) 8 The Cost Implications of Network Security Attacks 9 Conclusion 10 About XO Communications 11 About XO Hosted Security 11 About StillSecure 11 2 Solutions you want. Support you need.
XO Communications Introduction This white paper describes the reasons why companies outsource security management in today’s threat environment. It includes an assessment of the overall threat landscape, and reviews five key benefits of outsourcing. Expanding use of Web 2.0 and Internet-based business applications creates new chal- lenges for businesses that need to keep malicious security breaches from entering their company networks. Next-generation security threats, including Advanced Persistent Threats, are menacing and increasingly difficult to detect. A single data breach could have Many businesses no longer potentially devastating direct and indirect consequences such as fines, penalties or law- suits arising from a company’s failure to protect its private and personal customer informa- possess the in-house expertise tion according to industry standards. Security breaches also can result in huge financial or the resources to monitor, losses and lost revenue as a result of operational downtime, customer turnover, and dam- detect or mitigate today’s age to credibility and reputation. sophisticated security threats Many businesses no longer possess the in-house expertise or the resources to moni- from entering their networks. tor, detect or mitigate today’s sophisticated security threats from entering their networks. Outsourcing network security management to a ‘Security-as-a-Service’ or cloud-based delivery provider has become an attractive option for enterprises that need company-wide visibility of their Internet security gateways, Unified Threat Management, 24x7x365 moni- toring and management, and a stronger knowledge base of security best practices across a broad range of industries. Besides centralizing security controls and policies across the network, the cloud-delivery model of a ‘Security-as-a-Service” eliminates the need to buy and manage premise-based security devices at individual locations. Security-as-a-Service offerings that provide “clean pipes” capabilities help prevent unwanted or malicious traf- fic from entering the network through the Internet or data “pipe”, and permit legitimate or “clean” data traffic to get delivered across the network more efficiently. 3
Evolving Security Network Security is More Complex Than Ever News stories about high-profile brands being compromised by network security breaches are widespread. Because of the growing security threats, information security officers at U.S. businesses are more concerned than ever about security risks. In a survey of more than 2,000 small-to-medium business and enterprise security decision makers, the majority Sobering reports of network of respondents listed data security (88%) and managing vulnerabilities and threats (84%) security threats are a constant among their top priorities.1 reminder that the threat landscape has changed and Sobering reports of network security threats are a constant reminder that the threat land- scape has changed and become very complex. One security threat report predicted that become very complex. cumulative, unique malware samples will have surpassed 75 million by year-end 2011. 2 What’s behind this surge in malware? A key factor is that hackers can more easily acquire software that they need to inflict dam- age. For example, exploits can be bought and sold on the black market for a few hundred dollars. The code for malware and worms is readily available over the internet for dupli- cation and manipulation. The code for the Stuxnet worm, one of the most sophisticated worms ever discovered, was effectively open sourced with point-and-click accessibility. As malware advances, it’s easier than ever for criminals to use it to inflict harm. In addition, there are new avenues that hackers can use to gain access to an enterprise network—particularly from social media, virtualized servers, cloud computing applications, wireless networking and smart phone applications. 1 Forrester Research, Inc., Security Futures: Selected Results from Forrsights Security Survey Q3 2010, presen- tation, September 23, 2010, slide 10. 2 McAfee Labs, McAfee Threats Report: Third Quarter 2011, page 6 4 Solutions you want. Support you need.
XO Communications Costs From Attacks are Increasing Attacks Grow in Number and Sophistication Costs associated with corporate network attacks are severe and growing. According to one security industry study, the cost of a data breach rose for five One cyber-security watch consecutive years from 2006 through 2010.3 Clean up costs that resulted from survey of 600 organizations damaging data breaches among the surveyed companies increased to $7.2 million found that: and cost an average of $214 per compromised record.4 In another security threat report that surveyed 50 corporations, malicious code, Denial of Service, and web- • 81% of respondents’ organi- based attacks were cited as the most costly types of threats for businesses.5 zations experienced a secu- rity event between the survey Unfortunately, IT budgets are struggling to keep up with the rise in costs to period of August 2009 and clean up after security breaches. While a sluggish economic recovery has put July 2010, compared to 60% downward pressure on security budgets, new and evolving technologies provide the year before corporate spies, cyber warriors, and other hackers with new avenues with which • Of the companies that expe- to exploit network vulnerabilities. As a result, Chief Security Officers (CSOs) and rienced an attack, 28% of Chief Information Security Officers (CISOs) face the nearly impossible challenge respondents saw an increase of having to strengthen network defenses within significant budgetary constraints. in the number of attacks • Cyber attacks from foreign entities doubled to 10% from The Need for a Collaborative Approach 2009 to 2010 6 As information security risks soar, it’s become harder for security professionals to dedicate the time and resources to everyday monitoring, management and responses that are necessary to combat the increased risks. As a result, many companies are selecting service providers to help them improve preparedness in the most cost-efficient manner, thereby freeing up in-house staff for other activi- ties, such as strategic planning and management. Why do enterprises hire a third party to manage network security? One survey of 1,400 small-to-medium business and enterprise security decision makers identi- fied the top motives. Respondents indicated said that it was important to them to improve the quality of protection, gain 24x7 coverage, reduce cost, gain greater competency or specialized skills, and to reduce complexity.7 3 Ponemon Institute LLC, 2010 Annual Study: U.S. Cost of a Data Breach, April 10, 2010; Overall Trends, page 5. 4 Ponemon Institute LLC, 2010 Annual Study: U.S. Cost of a Data Breach, April 10, 2010, Overall Trends, page 5. 5 Ponemon Institute, LLC, Second Annu al Cost of Cyber Crime Study: Benchmark Study of U.S. Companies, August 2, 2011, Page 2. 6 Software Engineering Institute CERT Program at Carnegie Mellon, Press release, “2011 Cybersecurity Watch Survey: Organizations Need More Skilled Cyber Professionals to Stay Secure” January 31, 2011, pages 1-2; survey by CSO, the U.S. Secret Service, the Software Engineering Institute CERT Program at Carnegie Mellon University, and Deloitte. 7 Forrester Research, Inc., Security Futures: Selected Results from Forrsights Security Survey Q3 2010, presentation, September 23, 2010, slide 10. 5
Evolving Security “ Many organizations don’t have the tools and in-house expertise to detect these ” threats, so attacks and security breaches go unnoticed.8 - Gartner Research, Inc. Undeniably more businesses value the benefits of outsourcing their security management to a service provider to deploy a more layered defense strategy across the entire network. Outsourcing helps companies simplify their infrastructure and costs, and also frees up their time to devote to core security functions such as strategic planning, governance and risk management, and regulatory compliance reporting responsibilities. The biggest benefits of outsourcing are greater centralization of network security controls and policies, deeper and broader coverage of security threat intelligence from experienced network security professionals, increased responsiveness, and considerable cost savings. Following is a more detailed look at these five core benefits. Benefits of outsourcing 1. Greater centralization of network security controls and policies Businesses with multiple locations, flat IT management structures, and fragmented approaches to security make easy targets for hackers. Enterprises that lack a cohesive security strategy and uniform, top-down security implementation open up vulnerabilities, often at network endpoints. When company-wide security policies and rules aren’t con- sistently updated on a centralized network firewall, problems can arise that can jeopardize the security of the entire network. In addition, if companies with Managed Security at the customer premise of an individual location fail to update the premise-based firewall at that location, it could open the door for hackers to gain access, which compromises the net- work. Security leaders who recognize these vulnerabilities increasingly turn to the Security- as-a-Service model, which centralizes and standardizes network security controls and policies across the organization. By definition, Security-as-a-Service models are typically delivered virtually using a cloud-based delivery model and may be referred to as network- based services. Beyond the benefits of centralization, the virtualized, cloud-based delivery model eliminates the need to buy and manage premise-based, security devices and appli- ances, and manage software updates at each location. 8 Gartner Research, Inc., Network Security Monitoring Tools for ‘Lean Forward’ Security Programs. February 1, 2011. 6 Solutions you want. Support you need.
XO Communications 2. Deeper and broader coverage By outsourcing network security management, businesses are able to significantly improve network security with proactive, 24x7x365 monitoring and alerting —without having to recruit, train, and manage additional internal IT staff. Many security service providers offer SSAE 16- audited Security Operations Centers that are staffed with professional analysts who have access to hundreds of security feeds, including those from the U.S. Computer Emergency Readiness Team (CERT), the FBI, and major software providers such as Microsoft®. When threats are identified, analysts are able to block attack pathways and send appropriate notifications. Since security analysts are monitoring around the clock, threats are addressed strategically—before or as they happen, in real time, and not just during business hours. 3. Experience and competence Businesses that choose to hire a third party to manage their Businesses that choose to hire a third party to manage their network security benefit from network security benefit from an immediate boost in quality as well as quantity of coverage. That’s largely because Security-as-a-Service providers focus exclusively on the detection, prevention and neu- an immediate boost in quality tralization of network threats. In-house security and IT staff, tasked with a wide range of as well as quantity of coverage. responsibilities, typically cannot focus purely on information security. Many in-house secu- rity teams don’t have the same depth of knowledge that comes with specialization or the same degree of expertise in network analysis as a Security-as-a-Service provider. In a Global State of Information Security Survey of more than 12,800 executives in busi- nesses of 135 countries, 59% of respondents said that having an increased reliance on managed security services was important; and 43% said that economic realities caused them to reduce the number of security personnel.9 9 “Respected but still restrained: Findings from the 2011 Global State of Information Security Survey, by PriceWaterhouseCoopers, CIO magazine and CSO magazine, published September 15, 2011, page 17. 7
Evolving Security 4. Increased responsiveness With a singular focus on network threats, network security service providers offer a level of readiness that gives clients a considerable edge in terms of preparedness and overall miti- gation of risk. With daily access to hundreds of industry security alert feeds, Security-as- a-Service providers have an up-to-the-minute awareness of existing and potential threats, often far sooner than an in-house security team. Outsourcing network 5. Cost savings (operational and opportunity) security management can Outsourcing network security management can be an ideal solution for many enterprises, be an ideal solution for given today’s rising security threat environment and stagnant security budgets. Some many organizations, given businesses whose industry compliance regulations are so complex that they require highly specialized in-house expertise and certified professional security professionals may prefer today’s rising security threat to keep network security in-house. Yet for many other businesses, the Security-as-a- environment and stagnant Service model lowers operational and capital expenses by reducing the need to hire, train security budgets. and manage additional security staff, as well as the costs associated with location-based customer support, security appliances and software patch updates. There are other savings as well. Blocking unwanted traffic on a company network frees up bandwidth that can be shared with other locations on the network, thereby helping com- panies save on Internet costs. In this way, enterprises can ensure strong network security without degrading the availability or performance of their corporate network. In addition, the outsourced security model eases many information security officers’ con- cerns over control. Chief Information Security Officers (CISOs) and other decision makers realize the distinction between network security execution and control—and that outsourc- ing doesn’t mean that a company relinquishes control of security policies. On the contrary, even with an outsourced network security component, enterprises still set the rules that govern their security policies. In turn, service providers implement the management of these policies based on custom requirements. Leading security service providers collabo- rate closely with their clients to design, implement, and manage network security that’s appropriate for each business. In addition, security policies often need to be adjusted several times a day as new threats develop. A service provider can help the organization put the rules into place and monitor threats accordingly. 8 Solutions you want. Support you need.
XO Communications The Cost Implications of Network Security Attacks The longer it takes to clean up after a network security attack, the greater the financial impact. According to one 2010 study, it took companies an average of 14 days and an average of $247,744 to clean up after an attack.10 A year later, respondents to the 2011 study report that it takes them an average of 18 days and an average of $417,748 to clean up after an attack.11 The study also found that 40% of the external costs to an organization for cyber crime were attributed to information theft, and that 28% were due to business disruption and lost productivity.12 Many IT departments, particularly those whose fund- ing is tied to corporate profits, either cannot currently afford or cannot count on having the resources to pay for dedicated analysts to monitor their systems 24x7. Without expert around-the-clock coverage, these organizations tempt a costly fate. $23,200 18 days 40% Cost of a Network attack The average length of time of the external costs to per day, according to one it took to clean up after an an organization for cyber industry survey. attack in 2011, according crime were attributed to respondents of a bench- to information theft, mark survey, compared according to one industry with 14 days in 2010. research study. 10 Ponemon Institute LLC, Research Report, Second Annual Cost of Cyber Crime Study: Benchmark Study of U.S. Companies, published August 2011, Executive Summary, page 2. 11 Ponemon Institute LLC, Research Report, Second Annual Cost of Cyber Crime Study: Benchmark Study of U.S. Companies, published August 2011, Executive Summary, page 2. 12 Ponemon Institute LLC, Research Report, Second Annual Cost of Cyber Crime Study: Benchmark Study of U.S. Companies, published August 2011, Executive Summary, page 2. 9
Evolving Security Conclusion The benefits of outsourcing: According to Gartner, Inc, a leading information technology research and advisory com- greater centralization, pany, “the cost of mitigating a data breach is likely to be vastly greater than the cost of preventing the breach beforehand—perhaps by a 70-to-1 margin in 2011.” 13 greater depth and breadth of coverage, greater experience High profile attacks against government agencies and large corporations make us all and competence, increased cognizant of the threat potential from hackers and cyber anarchists. These episodes have responsiveness, and greater prompted new and expanding regulatory frameworks that, paradoxically, have increased the strain on in-house security resources. This all comes at a time when economic pres- cost efficiency reduce the sures and uncertainties strain even the most competent information security professionals strain on information security at U.S. enterprises. Fortunately, the benefits of an outsourced Security-as-a-Service model professionals at U.S.-based help resolve these issues with greater centralization; greater depth and breadth of cover- businesses. age; greater experience and competence; increased responsiveness; and greater cost efficiency than traditional, premise-based approaches at individual sites. 13 Gartner Research, Gartner Predicts 2011: Infrastructure Protection is Becoming More Complex, More Difficult and More Business-Critical than Ever, November 16, 2010. 10 Solutions you want. Support you need.
XO Communications About XO Hosted Security XO® Hosted Security is a Security-as-a-Service offering that gives companies more flex- ibility to deploy and manage comprehensive network-based security. The solution provides Hosted Security is a high-speed, unified threat management capabilities and advanced technology, and sup- Security-as-a-Service ports customers 24/7 through a certified security partner, StillSecure. XO Enterprise Cloud offering that gives companies Security includes one or more next-generation network-based firewalls; intrusion detection and prevention, including Distributed Denial of Service (DDoS) protection; secure web and more flexibility to deploy content filtering; and secure remote access to the company network. Since all of the secu- and manage comprehensive rity applications reside in the cloud, organizations with widely distributed operations can network-based security. implement robust security services without having to manage and maintain the equipment and infrastructure at each location. Hosted Security is fully integrated with the award- winning XO MPLS IP-VPN intelligent networking service. For more information, visit www. xo.com/hostedsecurity. About StillSecure StillSecure, a technology partner for Hosted Cloud Security, delivers comprehensive network security that protects organizations from the perimeter to the endpoint. Offering both products and managed security services, StillSecure enables customers to affordably deploy the optimal blend of technologies for locking down their assets and complying with security policies and regulations. StillSecure customers range from mid- market companies to the world’s largest enterprises and agencies in government, financial services, healthcare, education, and technology. For more information visit http://www.stillsecure.com. © Copyright 2012. XO Communications, LLC. All rights reserved. 11 XO, the XO design logo, and all related marks are registered trademarks of XO Communications, LLC.
About XO Communications XO Communications is a leading nationwide provider of advanced broadband communications services and solutions for businesses, enterprises, government, carriers and service providers. Its customers include more than half of the Fortune 500, in addition to leading cable companies, carriers, content providers and mobile network operators. Utilizing its unique combination of high- capacity nationwide and metro networks and broadband wireless capabilities, XO Communications offers customers a broad range of managed voice, data and IP services with proven performance, scalability and value in more than 85 metropolitan markets across the United States. For more information, visit www.xo.com. For XO updates, follow us on: Twitter | Facebook | Linkedin | SlideShare | YouTube | Flickr © Copyright 2012. XO Communications, LLC. All rights reserved. XO, the XO design logo, and all related marks are trademarks of XO Communications, LLC. XONSWP-0412

Recomendados

2016 The Year of the Zettabyte
2016 The Year of the Zettabyte2016 The Year of the Zettabyte
2016 The Year of the ZettabyteXO Communications
 
Dynamic Performance Acceleration - Reducing the Browser Bottleneck
Dynamic Performance Acceleration - Reducing the Browser BottleneckDynamic Performance Acceleration - Reducing the Browser Bottleneck
Dynamic Performance Acceleration - Reducing the Browser BottleneckXO Communications
 
Commendation from the New York Public Service Commission for Excellent Qualit...
Commendation from the New York Public Service Commission for Excellent Qualit...Commendation from the New York Public Service Commission for Excellent Qualit...
Commendation from the New York Public Service Commission for Excellent Qualit...XO Communications
 
SIP for the Enterprise
SIP for the Enterprise SIP for the Enterprise
SIP for the Enterprise XO Communications
 
Key Considerations for MPLS IP-VPN Success
Key Considerations for MPLS IP-VPN SuccessKey Considerations for MPLS IP-VPN Success
Key Considerations for MPLS IP-VPN SuccessXO Communications
 
WAN Cloud Communication Optimization
WAN Cloud Communication OptimizationWAN Cloud Communication Optimization
WAN Cloud Communication OptimizationXO Communications
 
Energize your Unified Communications with SIP
Energize your Unified Communications with SIPEnergize your Unified Communications with SIP
Energize your Unified Communications with SIPXO Communications
 
Forrester Survey sponsored by Juniper: Building for the Next Billion - What t...
Forrester Survey sponsored by Juniper: Building for the Next Billion - What t...Forrester Survey sponsored by Juniper: Building for the Next Billion - What t...
Forrester Survey sponsored by Juniper: Building for the Next Billion - What t...XO Communications
 

Recomendados

2016 The Year of the Zettabyte
2016 The Year of the Zettabyte2016 The Year of the Zettabyte
2016 The Year of the ZettabyteXO Communications
 
Dynamic Performance Acceleration - Reducing the Browser Bottleneck
Dynamic Performance Acceleration - Reducing the Browser BottleneckDynamic Performance Acceleration - Reducing the Browser Bottleneck
Dynamic Performance Acceleration - Reducing the Browser BottleneckXO Communications
 
Commendation from the New York Public Service Commission for Excellent Qualit...
Commendation from the New York Public Service Commission for Excellent Qualit...Commendation from the New York Public Service Commission for Excellent Qualit...
Commendation from the New York Public Service Commission for Excellent Qualit...XO Communications
 
SIP for the Enterprise
SIP for the Enterprise SIP for the Enterprise
SIP for the Enterprise XO Communications
 
Key Considerations for MPLS IP-VPN Success
Key Considerations for MPLS IP-VPN SuccessKey Considerations for MPLS IP-VPN Success
Key Considerations for MPLS IP-VPN SuccessXO Communications
 
WAN Cloud Communication Optimization
WAN Cloud Communication OptimizationWAN Cloud Communication Optimization
WAN Cloud Communication OptimizationXO Communications
 
Energize your Unified Communications with SIP
Energize your Unified Communications with SIPEnergize your Unified Communications with SIP
Energize your Unified Communications with SIPXO Communications
 
Forrester Survey sponsored by Juniper: Building for the Next Billion - What t...
Forrester Survey sponsored by Juniper: Building for the Next Billion - What t...Forrester Survey sponsored by Juniper: Building for the Next Billion - What t...
Forrester Survey sponsored by Juniper: Building for the Next Billion - What t...XO Communications
 
Data Center Interconnects: An Overview
Data Center Interconnects: An OverviewData Center Interconnects: An Overview
Data Center Interconnects: An OverviewXO Communications
 
The Case for Hosted Exchange
The Case for Hosted ExchangeThe Case for Hosted Exchange
The Case for Hosted ExchangeXO Communications
 
Forces Disrupting the Network
Forces Disrupting the Network Forces Disrupting the Network
Forces Disrupting the Network XO Communications
 
From the Network to Multi-Cloud: How to Chart an Integrated Strategy
From the Network to Multi-Cloud: How to Chart an Integrated StrategyFrom the Network to Multi-Cloud: How to Chart an Integrated Strategy
From the Network to Multi-Cloud: How to Chart an Integrated StrategyXO Communications
 
Forces Disrupting the Network
Forces Disrupting the NetworkForces Disrupting the Network
Forces Disrupting the NetworkXO Communications
 
Application Performance Management: Intelligence for an Optimized WAN
Application Performance Management: Intelligence for an Optimized WANApplication Performance Management: Intelligence for an Optimized WAN
Application Performance Management: Intelligence for an Optimized WANXO Communications
 
The ROI of Application Performance Management Build a Business Case for Your ...
The ROI of Application Performance Management Build a Business Case for Your ...The ROI of Application Performance Management Build a Business Case for Your ...
The ROI of Application Performance Management Build a Business Case for Your ...XO Communications
 
A Business Guide to MPLS IP VPN Migration: Five Critical Factors
A Business Guide to MPLS IP VPN Migration: Five Critical FactorsA Business Guide to MPLS IP VPN Migration: Five Critical Factors
A Business Guide to MPLS IP VPN Migration: Five Critical FactorsXO Communications
 
Intro to Voice over Internet Protocol: What does VoIP Mean for My Business?
Intro to Voice over Internet Protocol: What does VoIP Mean for My Business?Intro to Voice over Internet Protocol: What does VoIP Mean for My Business?
Intro to Voice over Internet Protocol: What does VoIP Mean for My Business?XO Communications
 
Avoid Three Common Pitfalls With VoIP Readiness Assessments
Avoid Three Common Pitfalls With VoIP Readiness AssessmentsAvoid Three Common Pitfalls With VoIP Readiness Assessments
Avoid Three Common Pitfalls With VoIP Readiness AssessmentsXO Communications
 
MPLS IP VPNs: Are You Ready to Migrate?
MPLS IP VPNs: Are You Ready to Migrate?MPLS IP VPNs: Are You Ready to Migrate?
MPLS IP VPNs: Are You Ready to Migrate?XO Communications
 
Wan and VPN Solutions
Wan and VPN SolutionsWan and VPN Solutions
Wan and VPN SolutionsXO Communications
 
WAN Services Planning Checklist
WAN Services Planning ChecklistWAN Services Planning Checklist
WAN Services Planning ChecklistXO Communications
 
Cloud Communications: Top 5 Advantages for Your Enterprise
Cloud Communications: Top 5 Advantages for Your EnterpriseCloud Communications: Top 5 Advantages for Your Enterprise
Cloud Communications: Top 5 Advantages for Your EnterpriseXO Communications
 
Implementing SIP Trunking: Keys to Ensuring Interoperability
Implementing SIP Trunking: Keys to Ensuring InteroperabilityImplementing SIP Trunking: Keys to Ensuring Interoperability
Implementing SIP Trunking: Keys to Ensuring InteroperabilityXO Communications
 
Level 3 Global Crossing Merger Not in Public Interest
Level 3 Global Crossing Merger Not in Public InterestLevel 3 Global Crossing Merger Not in Public Interest
Level 3 Global Crossing Merger Not in Public InterestXO Communications
 
The Benefits of Migrating to MPLS
The Benefits of Migrating to MPLSThe Benefits of Migrating to MPLS
The Benefits of Migrating to MPLSXO Communications
 
Meet XO Communications - 2011
Meet XO Communications - 2011Meet XO Communications - 2011
Meet XO Communications - 2011XO Communications
 
Meet XO Communications
Meet XO CommunicationsMeet XO Communications
Meet XO CommunicationsXO Communications
 
Why SIP Makes Sense: Enabling the Evolution to Unified Communications
Why SIP Makes Sense: Enabling the Evolution to Unified CommunicationsWhy SIP Makes Sense: Enabling the Evolution to Unified Communications
Why SIP Makes Sense: Enabling the Evolution to Unified CommunicationsXO Communications
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 

Mais conteúdo relacionado

Mais de XO Communications

Data Center Interconnects: An Overview
Data Center Interconnects: An OverviewData Center Interconnects: An Overview
Data Center Interconnects: An OverviewXO Communications
 
The Case for Hosted Exchange
The Case for Hosted ExchangeThe Case for Hosted Exchange
The Case for Hosted ExchangeXO Communications
 
Forces Disrupting the Network
Forces Disrupting the Network Forces Disrupting the Network
Forces Disrupting the Network XO Communications
 
From the Network to Multi-Cloud: How to Chart an Integrated Strategy
From the Network to Multi-Cloud: How to Chart an Integrated StrategyFrom the Network to Multi-Cloud: How to Chart an Integrated Strategy
From the Network to Multi-Cloud: How to Chart an Integrated StrategyXO Communications
 
Forces Disrupting the Network
Forces Disrupting the NetworkForces Disrupting the Network
Forces Disrupting the NetworkXO Communications
 
Application Performance Management: Intelligence for an Optimized WAN
Application Performance Management: Intelligence for an Optimized WANApplication Performance Management: Intelligence for an Optimized WAN
Application Performance Management: Intelligence for an Optimized WANXO Communications
 
The ROI of Application Performance Management Build a Business Case for Your ...
The ROI of Application Performance Management Build a Business Case for Your ...The ROI of Application Performance Management Build a Business Case for Your ...
The ROI of Application Performance Management Build a Business Case for Your ...XO Communications
 
A Business Guide to MPLS IP VPN Migration: Five Critical Factors
A Business Guide to MPLS IP VPN Migration: Five Critical FactorsA Business Guide to MPLS IP VPN Migration: Five Critical Factors
A Business Guide to MPLS IP VPN Migration: Five Critical FactorsXO Communications
 
Intro to Voice over Internet Protocol: What does VoIP Mean for My Business?
Intro to Voice over Internet Protocol: What does VoIP Mean for My Business?Intro to Voice over Internet Protocol: What does VoIP Mean for My Business?
Intro to Voice over Internet Protocol: What does VoIP Mean for My Business?XO Communications
 
Avoid Three Common Pitfalls With VoIP Readiness Assessments
Avoid Three Common Pitfalls With VoIP Readiness AssessmentsAvoid Three Common Pitfalls With VoIP Readiness Assessments
Avoid Three Common Pitfalls With VoIP Readiness AssessmentsXO Communications
 
MPLS IP VPNs: Are You Ready to Migrate?
MPLS IP VPNs: Are You Ready to Migrate?MPLS IP VPNs: Are You Ready to Migrate?
MPLS IP VPNs: Are You Ready to Migrate?XO Communications
 
WAN Services Planning Checklist
WAN Services Planning ChecklistWAN Services Planning Checklist
WAN Services Planning ChecklistXO Communications
 
Cloud Communications: Top 5 Advantages for Your Enterprise
Cloud Communications: Top 5 Advantages for Your EnterpriseCloud Communications: Top 5 Advantages for Your Enterprise
Cloud Communications: Top 5 Advantages for Your EnterpriseXO Communications
 
Implementing SIP Trunking: Keys to Ensuring Interoperability
Implementing SIP Trunking: Keys to Ensuring InteroperabilityImplementing SIP Trunking: Keys to Ensuring Interoperability
Implementing SIP Trunking: Keys to Ensuring InteroperabilityXO Communications
 
Level 3 Global Crossing Merger Not in Public Interest
Level 3 Global Crossing Merger Not in Public InterestLevel 3 Global Crossing Merger Not in Public Interest
Level 3 Global Crossing Merger Not in Public InterestXO Communications
 
The Benefits of Migrating to MPLS
The Benefits of Migrating to MPLSThe Benefits of Migrating to MPLS
The Benefits of Migrating to MPLSXO Communications
 
Meet XO Communications - 2011
Meet XO Communications - 2011Meet XO Communications - 2011
Meet XO Communications - 2011XO Communications
 
Why SIP Makes Sense: Enabling the Evolution to Unified Communications
Why SIP Makes Sense: Enabling the Evolution to Unified CommunicationsWhy SIP Makes Sense: Enabling the Evolution to Unified Communications
Why SIP Makes Sense: Enabling the Evolution to Unified CommunicationsXO Communications
 

Mais de XO Communications (20)

Data Center Interconnects: An Overview
Data Center Interconnects: An OverviewData Center Interconnects: An Overview
Data Center Interconnects: An Overview
 
The Case for Hosted Exchange
The Case for Hosted ExchangeThe Case for Hosted Exchange
The Case for Hosted Exchange
 
Forces Disrupting the Network
Forces Disrupting the Network Forces Disrupting the Network
Forces Disrupting the Network
 
From the Network to Multi-Cloud: How to Chart an Integrated Strategy
From the Network to Multi-Cloud: How to Chart an Integrated StrategyFrom the Network to Multi-Cloud: How to Chart an Integrated Strategy
From the Network to Multi-Cloud: How to Chart an Integrated Strategy
 
Forces Disrupting the Network
Forces Disrupting the NetworkForces Disrupting the Network
Forces Disrupting the Network
 
Application Performance Management: Intelligence for an Optimized WAN
Application Performance Management: Intelligence for an Optimized WANApplication Performance Management: Intelligence for an Optimized WAN
Application Performance Management: Intelligence for an Optimized WAN
 
The ROI of Application Performance Management Build a Business Case for Your ...
The ROI of Application Performance Management Build a Business Case for Your ...The ROI of Application Performance Management Build a Business Case for Your ...
The ROI of Application Performance Management Build a Business Case for Your ...
 
A Business Guide to MPLS IP VPN Migration: Five Critical Factors
A Business Guide to MPLS IP VPN Migration: Five Critical FactorsA Business Guide to MPLS IP VPN Migration: Five Critical Factors
A Business Guide to MPLS IP VPN Migration: Five Critical Factors
 
Intro to Voice over Internet Protocol: What does VoIP Mean for My Business?
Intro to Voice over Internet Protocol: What does VoIP Mean for My Business?Intro to Voice over Internet Protocol: What does VoIP Mean for My Business?
Intro to Voice over Internet Protocol: What does VoIP Mean for My Business?
 
Avoid Three Common Pitfalls With VoIP Readiness Assessments
Avoid Three Common Pitfalls With VoIP Readiness AssessmentsAvoid Three Common Pitfalls With VoIP Readiness Assessments
Avoid Three Common Pitfalls With VoIP Readiness Assessments
 
MPLS IP VPNs: Are You Ready to Migrate?
MPLS IP VPNs: Are You Ready to Migrate?MPLS IP VPNs: Are You Ready to Migrate?
MPLS IP VPNs: Are You Ready to Migrate?
 
Wan and VPN Solutions
Wan and VPN SolutionsWan and VPN Solutions
Wan and VPN Solutions
 
WAN Services Planning Checklist
WAN Services Planning ChecklistWAN Services Planning Checklist
WAN Services Planning Checklist
 
Cloud Communications: Top 5 Advantages for Your Enterprise
Cloud Communications: Top 5 Advantages for Your EnterpriseCloud Communications: Top 5 Advantages for Your Enterprise
Cloud Communications: Top 5 Advantages for Your Enterprise
 
Implementing SIP Trunking: Keys to Ensuring Interoperability
Implementing SIP Trunking: Keys to Ensuring InteroperabilityImplementing SIP Trunking: Keys to Ensuring Interoperability
Implementing SIP Trunking: Keys to Ensuring Interoperability
 
Level 3 Global Crossing Merger Not in Public Interest
Level 3 Global Crossing Merger Not in Public InterestLevel 3 Global Crossing Merger Not in Public Interest
Level 3 Global Crossing Merger Not in Public Interest
 
The Benefits of Migrating to MPLS
The Benefits of Migrating to MPLSThe Benefits of Migrating to MPLS
The Benefits of Migrating to MPLS
 
Meet XO Communications - 2011
Meet XO Communications - 2011Meet XO Communications - 2011
Meet XO Communications - 2011
 
Meet XO Communications
Meet XO CommunicationsMeet XO Communications
Meet XO Communications
 
Why SIP Makes Sense: Enabling the Evolution to Unified Communications
Why SIP Makes Sense: Enabling the Evolution to Unified CommunicationsWhy SIP Makes Sense: Enabling the Evolution to Unified Communications
Why SIP Makes Sense: Enabling the Evolution to Unified Communications
 

Último

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 

Último (20)

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 

Evolving Security 5 Reasons to Outsource Network Security Management in Today's Threat Environment

  • 1. EVOLVING SECURITY 5 REASONS TO OUTSOURCE NETWORK SECURITY MANAGEMENT IN TODAY’S THREAT ENVIRONMENT xo.com
  • 2. Evolving Security 5 Reasons to Outsource Network Security Management in Today’s Threat Environment Contents Introduction 3 Network Security is More Complex Than Ever 4 Costs from Attacks are Increasing 5 The Need for a Collaborative Approach 5 1. Greater centralization of network security controls and policies 6 2. Deeper and broader coverage 7 3. Experience and competence 7 4. Increased responsiveness 8 5. Cost savings (operational and opportunity) 8 The Cost Implications of Network Security Attacks 9 Conclusion 10 About XO Communications 11 About XO Hosted Security 11 About StillSecure 11 2 Solutions you want. Support you need.
  • 3. XO Communications Introduction This white paper describes the reasons why companies outsource security management in today’s threat environment. It includes an assessment of the overall threat landscape, and reviews five key benefits of outsourcing. Expanding use of Web 2.0 and Internet-based business applications creates new chal- lenges for businesses that need to keep malicious security breaches from entering their company networks. Next-generation security threats, including Advanced Persistent Threats, are menacing and increasingly difficult to detect. A single data breach could have Many businesses no longer potentially devastating direct and indirect consequences such as fines, penalties or law- suits arising from a company’s failure to protect its private and personal customer informa- possess the in-house expertise tion according to industry standards. Security breaches also can result in huge financial or the resources to monitor, losses and lost revenue as a result of operational downtime, customer turnover, and dam- detect or mitigate today’s age to credibility and reputation. sophisticated security threats Many businesses no longer possess the in-house expertise or the resources to moni- from entering their networks. tor, detect or mitigate today’s sophisticated security threats from entering their networks. Outsourcing network security management to a ‘Security-as-a-Service’ or cloud-based delivery provider has become an attractive option for enterprises that need company-wide visibility of their Internet security gateways, Unified Threat Management, 24x7x365 moni- toring and management, and a stronger knowledge base of security best practices across a broad range of industries. Besides centralizing security controls and policies across the network, the cloud-delivery model of a ‘Security-as-a-Service” eliminates the need to buy and manage premise-based security devices at individual locations. Security-as-a-Service offerings that provide “clean pipes” capabilities help prevent unwanted or malicious traf- fic from entering the network through the Internet or data “pipe”, and permit legitimate or “clean” data traffic to get delivered across the network more efficiently. 3
  • 4. Evolving Security Network Security is More Complex Than Ever News stories about high-profile brands being compromised by network security breaches are widespread. Because of the growing security threats, information security officers at U.S. businesses are more concerned than ever about security risks. In a survey of more than 2,000 small-to-medium business and enterprise security decision makers, the majority Sobering reports of network of respondents listed data security (88%) and managing vulnerabilities and threats (84%) security threats are a constant among their top priorities.1 reminder that the threat landscape has changed and Sobering reports of network security threats are a constant reminder that the threat land- scape has changed and become very complex. One security threat report predicted that become very complex. cumulative, unique malware samples will have surpassed 75 million by year-end 2011. 2 What’s behind this surge in malware? A key factor is that hackers can more easily acquire software that they need to inflict dam- age. For example, exploits can be bought and sold on the black market for a few hundred dollars. The code for malware and worms is readily available over the internet for dupli- cation and manipulation. The code for the Stuxnet worm, one of the most sophisticated worms ever discovered, was effectively open sourced with point-and-click accessibility. As malware advances, it’s easier than ever for criminals to use it to inflict harm. In addition, there are new avenues that hackers can use to gain access to an enterprise network—particularly from social media, virtualized servers, cloud computing applications, wireless networking and smart phone applications. 1 Forrester Research, Inc., Security Futures: Selected Results from Forrsights Security Survey Q3 2010, presen- tation, September 23, 2010, slide 10. 2 McAfee Labs, McAfee Threats Report: Third Quarter 2011, page 6 4 Solutions you want. Support you need.
  • 5. XO Communications Costs From Attacks are Increasing Attacks Grow in Number and Sophistication Costs associated with corporate network attacks are severe and growing. According to one security industry study, the cost of a data breach rose for five One cyber-security watch consecutive years from 2006 through 2010.3 Clean up costs that resulted from survey of 600 organizations damaging data breaches among the surveyed companies increased to $7.2 million found that: and cost an average of $214 per compromised record.4 In another security threat report that surveyed 50 corporations, malicious code, Denial of Service, and web- • 81% of respondents’ organi- based attacks were cited as the most costly types of threats for businesses.5 zations experienced a secu- rity event between the survey Unfortunately, IT budgets are struggling to keep up with the rise in costs to period of August 2009 and clean up after security breaches. While a sluggish economic recovery has put July 2010, compared to 60% downward pressure on security budgets, new and evolving technologies provide the year before corporate spies, cyber warriors, and other hackers with new avenues with which • Of the companies that expe- to exploit network vulnerabilities. As a result, Chief Security Officers (CSOs) and rienced an attack, 28% of Chief Information Security Officers (CISOs) face the nearly impossible challenge respondents saw an increase of having to strengthen network defenses within significant budgetary constraints. in the number of attacks • Cyber attacks from foreign entities doubled to 10% from The Need for a Collaborative Approach 2009 to 2010 6 As information security risks soar, it’s become harder for security professionals to dedicate the time and resources to everyday monitoring, management and responses that are necessary to combat the increased risks. As a result, many companies are selecting service providers to help them improve preparedness in the most cost-efficient manner, thereby freeing up in-house staff for other activi- ties, such as strategic planning and management. Why do enterprises hire a third party to manage network security? One survey of 1,400 small-to-medium business and enterprise security decision makers identi- fied the top motives. Respondents indicated said that it was important to them to improve the quality of protection, gain 24x7 coverage, reduce cost, gain greater competency or specialized skills, and to reduce complexity.7 3 Ponemon Institute LLC, 2010 Annual Study: U.S. Cost of a Data Breach, April 10, 2010; Overall Trends, page 5. 4 Ponemon Institute LLC, 2010 Annual Study: U.S. Cost of a Data Breach, April 10, 2010, Overall Trends, page 5. 5 Ponemon Institute, LLC, Second Annu al Cost of Cyber Crime Study: Benchmark Study of U.S. Companies, August 2, 2011, Page 2. 6 Software Engineering Institute CERT Program at Carnegie Mellon, Press release, “2011 Cybersecurity Watch Survey: Organizations Need More Skilled Cyber Professionals to Stay Secure” January 31, 2011, pages 1-2; survey by CSO, the U.S. Secret Service, the Software Engineering Institute CERT Program at Carnegie Mellon University, and Deloitte. 7 Forrester Research, Inc., Security Futures: Selected Results from Forrsights Security Survey Q3 2010, presentation, September 23, 2010, slide 10. 5
  • 6. Evolving Security “ Many organizations don’t have the tools and in-house expertise to detect these ” threats, so attacks and security breaches go unnoticed.8 - Gartner Research, Inc. Undeniably more businesses value the benefits of outsourcing their security management to a service provider to deploy a more layered defense strategy across the entire network. Outsourcing helps companies simplify their infrastructure and costs, and also frees up their time to devote to core security functions such as strategic planning, governance and risk management, and regulatory compliance reporting responsibilities. The biggest benefits of outsourcing are greater centralization of network security controls and policies, deeper and broader coverage of security threat intelligence from experienced network security professionals, increased responsiveness, and considerable cost savings. Following is a more detailed look at these five core benefits. Benefits of outsourcing 1. Greater centralization of network security controls and policies Businesses with multiple locations, flat IT management structures, and fragmented approaches to security make easy targets for hackers. Enterprises that lack a cohesive security strategy and uniform, top-down security implementation open up vulnerabilities, often at network endpoints. When company-wide security policies and rules aren’t con- sistently updated on a centralized network firewall, problems can arise that can jeopardize the security of the entire network. In addition, if companies with Managed Security at the customer premise of an individual location fail to update the premise-based firewall at that location, it could open the door for hackers to gain access, which compromises the net- work. Security leaders who recognize these vulnerabilities increasingly turn to the Security- as-a-Service model, which centralizes and standardizes network security controls and policies across the organization. By definition, Security-as-a-Service models are typically delivered virtually using a cloud-based delivery model and may be referred to as network- based services. Beyond the benefits of centralization, the virtualized, cloud-based delivery model eliminates the need to buy and manage premise-based, security devices and appli- ances, and manage software updates at each location. 8 Gartner Research, Inc., Network Security Monitoring Tools for ‘Lean Forward’ Security Programs. February 1, 2011. 6 Solutions you want. Support you need.
  • 7. XO Communications 2. Deeper and broader coverage By outsourcing network security management, businesses are able to significantly improve network security with proactive, 24x7x365 monitoring and alerting —without having to recruit, train, and manage additional internal IT staff. Many security service providers offer SSAE 16- audited Security Operations Centers that are staffed with professional analysts who have access to hundreds of security feeds, including those from the U.S. Computer Emergency Readiness Team (CERT), the FBI, and major software providers such as Microsoft®. When threats are identified, analysts are able to block attack pathways and send appropriate notifications. Since security analysts are monitoring around the clock, threats are addressed strategically—before or as they happen, in real time, and not just during business hours. 3. Experience and competence Businesses that choose to hire a third party to manage their Businesses that choose to hire a third party to manage their network security benefit from network security benefit from an immediate boost in quality as well as quantity of coverage. That’s largely because Security-as-a-Service providers focus exclusively on the detection, prevention and neu- an immediate boost in quality tralization of network threats. In-house security and IT staff, tasked with a wide range of as well as quantity of coverage. responsibilities, typically cannot focus purely on information security. Many in-house secu- rity teams don’t have the same depth of knowledge that comes with specialization or the same degree of expertise in network analysis as a Security-as-a-Service provider. In a Global State of Information Security Survey of more than 12,800 executives in busi- nesses of 135 countries, 59% of respondents said that having an increased reliance on managed security services was important; and 43% said that economic realities caused them to reduce the number of security personnel.9 9 “Respected but still restrained: Findings from the 2011 Global State of Information Security Survey, by PriceWaterhouseCoopers, CIO magazine and CSO magazine, published September 15, 2011, page 17. 7
  • 8. Evolving Security 4. Increased responsiveness With a singular focus on network threats, network security service providers offer a level of readiness that gives clients a considerable edge in terms of preparedness and overall miti- gation of risk. With daily access to hundreds of industry security alert feeds, Security-as- a-Service providers have an up-to-the-minute awareness of existing and potential threats, often far sooner than an in-house security team. Outsourcing network 5. Cost savings (operational and opportunity) security management can Outsourcing network security management can be an ideal solution for many enterprises, be an ideal solution for given today’s rising security threat environment and stagnant security budgets. Some many organizations, given businesses whose industry compliance regulations are so complex that they require highly specialized in-house expertise and certified professional security professionals may prefer today’s rising security threat to keep network security in-house. Yet for many other businesses, the Security-as-a- environment and stagnant Service model lowers operational and capital expenses by reducing the need to hire, train security budgets. and manage additional security staff, as well as the costs associated with location-based customer support, security appliances and software patch updates. There are other savings as well. Blocking unwanted traffic on a company network frees up bandwidth that can be shared with other locations on the network, thereby helping com- panies save on Internet costs. In this way, enterprises can ensure strong network security without degrading the availability or performance of their corporate network. In addition, the outsourced security model eases many information security officers’ con- cerns over control. Chief Information Security Officers (CISOs) and other decision makers realize the distinction between network security execution and control—and that outsourc- ing doesn’t mean that a company relinquishes control of security policies. On the contrary, even with an outsourced network security component, enterprises still set the rules that govern their security policies. In turn, service providers implement the management of these policies based on custom requirements. Leading security service providers collabo- rate closely with their clients to design, implement, and manage network security that’s appropriate for each business. In addition, security policies often need to be adjusted several times a day as new threats develop. A service provider can help the organization put the rules into place and monitor threats accordingly. 8 Solutions you want. Support you need.
  • 9. XO Communications The Cost Implications of Network Security Attacks The longer it takes to clean up after a network security attack, the greater the financial impact. According to one 2010 study, it took companies an average of 14 days and an average of $247,744 to clean up after an attack.10 A year later, respondents to the 2011 study report that it takes them an average of 18 days and an average of $417,748 to clean up after an attack.11 The study also found that 40% of the external costs to an organization for cyber crime were attributed to information theft, and that 28% were due to business disruption and lost productivity.12 Many IT departments, particularly those whose fund- ing is tied to corporate profits, either cannot currently afford or cannot count on having the resources to pay for dedicated analysts to monitor their systems 24x7. Without expert around-the-clock coverage, these organizations tempt a costly fate. $23,200 18 days 40% Cost of a Network attack The average length of time of the external costs to per day, according to one it took to clean up after an an organization for cyber industry survey. attack in 2011, according crime were attributed to respondents of a bench- to information theft, mark survey, compared according to one industry with 14 days in 2010. research study. 10 Ponemon Institute LLC, Research Report, Second Annual Cost of Cyber Crime Study: Benchmark Study of U.S. Companies, published August 2011, Executive Summary, page 2. 11 Ponemon Institute LLC, Research Report, Second Annual Cost of Cyber Crime Study: Benchmark Study of U.S. Companies, published August 2011, Executive Summary, page 2. 12 Ponemon Institute LLC, Research Report, Second Annual Cost of Cyber Crime Study: Benchmark Study of U.S. Companies, published August 2011, Executive Summary, page 2. 9
  • 10. Evolving Security Conclusion The benefits of outsourcing: According to Gartner, Inc, a leading information technology research and advisory com- greater centralization, pany, “the cost of mitigating a data breach is likely to be vastly greater than the cost of preventing the breach beforehand—perhaps by a 70-to-1 margin in 2011.” 13 greater depth and breadth of coverage, greater experience High profile attacks against government agencies and large corporations make us all and competence, increased cognizant of the threat potential from hackers and cyber anarchists. These episodes have responsiveness, and greater prompted new and expanding regulatory frameworks that, paradoxically, have increased the strain on in-house security resources. This all comes at a time when economic pres- cost efficiency reduce the sures and uncertainties strain even the most competent information security professionals strain on information security at U.S. enterprises. Fortunately, the benefits of an outsourced Security-as-a-Service model professionals at U.S.-based help resolve these issues with greater centralization; greater depth and breadth of cover- businesses. age; greater experience and competence; increased responsiveness; and greater cost efficiency than traditional, premise-based approaches at individual sites. 13 Gartner Research, Gartner Predicts 2011: Infrastructure Protection is Becoming More Complex, More Difficult and More Business-Critical than Ever, November 16, 2010. 10 Solutions you want. Support you need.
  • 11. XO Communications About XO Hosted Security XO® Hosted Security is a Security-as-a-Service offering that gives companies more flex- ibility to deploy and manage comprehensive network-based security. The solution provides Hosted Security is a high-speed, unified threat management capabilities and advanced technology, and sup- Security-as-a-Service ports customers 24/7 through a certified security partner, StillSecure. XO Enterprise Cloud offering that gives companies Security includes one or more next-generation network-based firewalls; intrusion detection and prevention, including Distributed Denial of Service (DDoS) protection; secure web and more flexibility to deploy content filtering; and secure remote access to the company network. Since all of the secu- and manage comprehensive rity applications reside in the cloud, organizations with widely distributed operations can network-based security. implement robust security services without having to manage and maintain the equipment and infrastructure at each location. Hosted Security is fully integrated with the award- winning XO MPLS IP-VPN intelligent networking service. For more information, visit www. xo.com/hostedsecurity. About StillSecure StillSecure, a technology partner for Hosted Cloud Security, delivers comprehensive network security that protects organizations from the perimeter to the endpoint. Offering both products and managed security services, StillSecure enables customers to affordably deploy the optimal blend of technologies for locking down their assets and complying with security policies and regulations. StillSecure customers range from mid- market companies to the world’s largest enterprises and agencies in government, financial services, healthcare, education, and technology. For more information visit http://www.stillsecure.com. © Copyright 2012. XO Communications, LLC. All rights reserved. 11 XO, the XO design logo, and all related marks are registered trademarks of XO Communications, LLC.
  • 12. About XO Communications XO Communications is a leading nationwide provider of advanced broadband communications services and solutions for businesses, enterprises, government, carriers and service providers. Its customers include more than half of the Fortune 500, in addition to leading cable companies, carriers, content providers and mobile network operators. Utilizing its unique combination of high- capacity nationwide and metro networks and broadband wireless capabilities, XO Communications offers customers a broad range of managed voice, data and IP services with proven performance, scalability and value in more than 85 metropolitan markets across the United States. For more information, visit www.xo.com. For XO updates, follow us on: Twitter | Facebook | Linkedin | SlideShare | YouTube | Flickr © Copyright 2012. XO Communications, LLC. All rights reserved. XO, the XO design logo, and all related marks are trademarks of XO Communications, LLC. XONSWP-0412