Start
Start

Managed Security

Contact us
3

01 Relevance

Cybersecurity in the cloud age

Until now, many companies have been protected against external threats by firewalls, virus scanners and VPNs. This protection is no longer sufficient due to the new cloud architectures and software-as-a-service usage. The previous demarcation of the infrastructure worthy of protection is no longer possible. Work-from-everywhere, home office, outsourcing, bring-your-own-device and many other aspects of the flexibilization of our working world prevent a clear differentiation between "insiders" and "outsiders". The classic "company perimeter", which was characterized by a spatial demarcation, has become obsolete. The diversity and complexity of IT systems open up new gateways for attackers of all kinds. A paradigm shift is necessary in order to protect yourself effectively.

Security for your data

Data is primarily worth protecting. This is where the focus should be placed if an effective security architecture is to be found. Data can be located anywhere - on the internet, on company servers, in SaaS services or even on end devices. If we turn our attention to the data, we quickly realize that access to it and its use must be restricted and controlled according to several criteria. These criteria are the identity and role of the user - whether employee or external -, the environment from which access is made - Internet café, airport, home office, company network, etc. -the end device from which access is made - smartphone, notebook, etc. -or the use of the data - download, upload, input, etc. The intelligent combination of all these criteria leads to the desired protection profile.

Attack vectors
Effective protection can only be achieved if all possible points of attack are secured. This applies to applications such as Microsoft 365, SAP, HubSpot, Workday or ServiceNow as well as interfaces to individual software (APIs) or the users' various end devices. It also affects the users themselves, who are regular victims of phishing, malware or Trojans and thus represent a target for hackers. An effective security solution addresses all of these attack possibilities.

02 Success factors

The definition of the data to be protected, the definition of authorizations and the criteria on which they are based, as well as a high degree of automation of protective measures are crucial. The best cybersecurity solution is ineffective if nothing happens or the wrong thing happens in the event of an attack. That is why we make sure that an incident is always followed by an action.

This is the principle behind SIEM (Security Information and Event Management) in conjunction with SOAR (Security Orchestration, Automation and Response): The myriad of data collected must then be followed by an effective action when a threat has been detected in this data.

In addition, an effective and suitable security architecture always consists of several components and systems. When done well, they interlock and increase the level of protection. When selecting them, it is therefore important to ensure that they not only fulfill their original task optimally, but can also be combined with each other as well as possible. This is achieved through automation processes so that the manual effort for quarantine, checking, evaluation and approval or blocking as well as reporting is close to zero. This is the only way to effectively analyze the flood of data that overwhelms our IT systems every day.

03 Procedure

Protection needs

The first step is to determine which assets are worthy of protection (data, applications, devices, access, identities, etc.). Then the requirements and prohibitions must be defined (rules) as to who should have access to what, under what circumstances, to what extent and for what purpose. Furthermore, existing technologies such as firewalls, VPNs, virus software etc. must be taken into account; they should possibly continue to be used and be integrated into the new security architecture. Finally, certain security-related principles need to be clarified. Should a zero trust approach be pursued (ZTNA)? Will a Secure Access Service Edge approach be pursued that enables the most heterogeneous system architecture possible (SASE)? These principles are important for the selection of technologies and providers.

Security architecture
Five elements should always be part of a cybersecurity solution. These are
  • Identity and Access Management (IAM) - protection against identity theft
  • Secure Web Gateway (SWG) - protection against malware, phishing, espionage
  • Cloud Access Security Broker (CASB) - protection against unauthorized access to cloud applications
  • Data loss prevention (DLP) - protection against unauthorized theft or use of data
  • Extended Detection and Response (XDR) - protection against all types of attacks on end devices and services
These five components - to which others can be added if required, such as Cloud Security Posture Management (CSPM) for APIs, containers, serverless, etc. - should be linked via automated orchestration so that the administration of this solution is reduced to a minimum. An attack happens quickly, so action must be taken immediately. This is best done automatically. 
Implementation and fine-tuning

We design and implement these security solutions comprehensively. We not only configure the software solutions but also go through how they work with you so that you can assess for yourself which changes in your IT or application environment require which adjustments. On request, we can also take over the operation and fine-tuning of your cybersecurity solution so that you always have effective protection and are prepared for new developments.

What customers say

Text customers

 

Message from the page "Managed Security"