MANAGED SECURITY SERVICES NEWS
Managed Security Services
When is a vulnerability trivial? When the chance of exploit is next to nothing and/or compromising the vulnerable system will have little or no impact on your business. On the other hand, a highly exploitable flaw on a customer Web site will set off alarms.
Prioritizing threats based on three key factors--the presence of a vulnerability, the likelihood of a successful exploit and, perhaps most important, the value of the asset to the company--is nothing new. Companies apply it in their risk management processes, and many security products, from vulnerability management systems to SIMs, incorporate it.
But companies that use managed security services will be hard-pressed to evaluate threats without help from their providers. That's why Cybertrust's enhanced services, introducing what they call "triangulation" of threats, vulnerabilities and assets, is an important added value to their customers. "This will give us real-time event correlation," says Isabelle Theisen, CSO for First Advantage, a global risk mitigation and business solutions provider. "We will be able to identify security events and anomalies for fraud detection.
"We're a new group trying to build something. If I had to do it myself, I would need a team of 22 people. I have six."
Theisen, who reports to the CEO, is developing a security model from the center out.
"We set the direction, the compliance and risk management work," she says. "We identify security liaisons or champions within the business units. Cybertrust's road map is fully aligned with our strategy," she adds. "They have a holistic approach to manage security issues."