Archives For blackstratus

SIEM viewpointWhat The Lazy MSP Companies Aren’t Showing Their Clients

Assessing Risk is the fastest way to land new logo business in the MSP arena. And if you want to build a long term, profitable business, you’re MSP is going to have to go MSSP…

(Note: I’ve purposely left out the heavy technical jargon to make this readable by sales – if you actually do the engineering work, you’re probably wanting a more technical deep dive. My goal here is to help sales reps sell the one thing that will overcome any IT budget objection.)

While 90% of the tech companies I speak to CLAIM they do security (on their website), only a handful actually do.  If you want to set yourself apart, learning to discover urgent issues (already present) on your client’s network will do it.

Over the past several months I’ve written numerous articles on how to sell, deliver, and convert assessments to long term annuity business.  This one last step in the actual assessing process is arguably the most important.

You Can’t Just Look At Perimeter Scans and Configurations

2017-06-22_07-57-50

In this YouTube video (published by Alienvault – below), the speaker is explaining the dangers of connecting to Tor or using BitTorrent, as examples of traffic symptomatic of botware. Check out 0:48 in the video below for more threats he uncovers…

These are the urgent issues you need to move deals forward!!!!

Traffic patterns also reveal reconnoissance efforts underway by hackers – thieves gathering information to be used in a future attack.

You also want to know if malware is already installed or in the process of being installed through phishing attacks or web-threats of any kind…port scans in most cases will not do this.

The problem is, most assessments I review in my coaching calls show nothing regarding traffic or connection activity between workstations and the outside.  Why?

Because it’s not easy.

In other words, the MSP providing the assessment is either too lazy or too cheap to do it, or just doesn’t know what they’re doing.

If you sell (or use pro bono) assessments, with the goal of opening new doors in the accounts you serve, make sure your professional services team understands the importance of traffic analysis and has the tools to do it….

Lots Of Data, No Connection, Equals Meaningless Data

AV SIEM

Today’s technology is great at logging data…but not so great at drawing out intelligence.

That is unless you know SIEM…Security Information & Event Management.

The ability to take all of that data from AV software, UTM firewalls, IPS devices, etc. and make sense of it has been a road block for just about any company short of large enterprise…

Until now…

There are several options including some UTM firewalls, products like AlienVault and Arctic Wolf (positioned for mid market), and BlackStratus’ recent entry into mid-market and SMB…Cybershark (Which can be white-labeled and offered with full SOC services – with little of no investment!)

With SIEM now available as a cloud offering, there’s really no excuse for not doing this.

Key Point in the video below (at 2:35) – None of this information is actually interesting unless you can get the analysis, and make the data actionable.

Unfortunately, most SIEM technology won’t really do this for you (Even  though AlienVault and others claim to). In the end, you (The Rep) must read the report and see if your client is going to be moved by it.

If not, rewrite the execute findings as a separate report – more to come on that in a future post.

This takes us back to an earlier article on QUESTIONS TO ASK…The most important part of the interview process is in gathering the mission critical data offered only by executive management.

MTD, RPO, Etc…think Business Impact Analysis…all security issues are disasters and should be viewed just like Disaster Recovery…But you’re competition isn’t doing this.

Key Moment In The Video (3:50)

2017-06-22_08-25-43

At 3:50, this video shows actual malware infections being installed – not only is this type of activity undetectable with simple observation, your Network Patrol Product is not going to see it either!

Only with something that looks at host intrusion does this become evident.  The good news – once you have an MSSP offering installed to do this type of analysis, it’s easy to justify keeping it there – this is annuity business that self-justifies.

Check Out The Entire Video Right Here

But Remember, this is not the most important tool – your QUESTIONS are.

Armed with the intelligence that comes from talking with executives and other asset owners, this information suddenly makes sense in helping a client determine their true threat levels, while providing you with the justification you need to move forward with MSSP.

Copyright 2017, David Stelzl

For more insights on how to sell assessments and larger security deals, check out one of the only books written to resellers and MSP providers on how to sell Security: The House & The Cloud…