This page is fully or partially automatically translated.

Send message to

Do you want to send the message without a subject?
Please note that your message can be maximum 1000 characters long
Special characters '<', '>' are not allowed in subject and message
reCaptcha is invalid.
reCaptcha failed because of a problem with the server.

Your message has been sent

You can find the message in your personal profile at "My messages".

An error occured

Please try again.

Make an appointment with

So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.

Create an onsite appointment with

So that you can make an onsite appointment, the appointment request will open in a new tab.

Forums it-sa Expo Knowledge Forum A

Protecting enterprises and KRITIS from business disruption caused by cyberattacks

Skills shortage in IT security: coManaged SOC/SIEM

calendar_today Tue, 25.10.2022, 15:00 - 15:15

event_available On site

Action Video


Action description





Cloud Security Endpoint Protection Managed Security Services / Hosting Network Security / Patch Management Secure Homeoffice SIEM / Threat Analytics / SOC



This action is part of the event Forums it-sa Expo

Action Video

grafischer Background

This video is available to the it-sa 365 community. 
Please register or log in with your login data.

Action description

What do CIOs see as the biggest threat to positive business performance in 2022 and how should it be addressed?

According to a survey of 2650 professionals in 89 countries by risk insurer Allianz AGCS, managers and security professionals see business interruption from cyber attacks as the biggest threat

Even the best IT security precautions do not protect 100% against successful attacks
The question has long ceased to be whether an attack is successful, but rather when and, more importantly, how quickly to stop it!

Which scenarios most often lead to successful cyberattacks?

-Unsecure emails are still the number one vulnerability for cyberattacks:
The most common attack vectors against often insufficiently trained users are business email compromise, phising, or contaminated attachments
-Comprised, mostly unpatched systems continue to be a serious problem
-lack of security in the supply chain - the door is then wide open for attackers, as in the case of SOLARWINDS.

What are specific measures that an MSSP like Trustwave recommends their customers take against business interruptions caused by cyberattacks?

The basics:
A secure email GW, ideal as a managed service with a high protection factor!!! No Ransomware
Daily backups, network segmentation of important systems and of course patch management.
Supporting you should regularly test with vulnerability scanning if patches are rolled out
Least Priviledge IAM! Who needs access and is he also the right user????

Further steps:
Implementation of a framework like NIST ->Definition and monitoring of security policies, plus regular pentests.
Regular risk assessment of the supply chain, etc.
Sign a DFIR retainer with a provider early on (Digital Forensics and Incident Response), this is the only way to have direct access to forensic experts within a few hours who can detect malware, secure forensic evidence and defend against attacks in real time.
To complement this, disaster recovery planning workshops, table top exercises and purple teaming should be conducted on a regular basis.
And finally: rolling out an EDR platform as a managed service, combined with threat hunting.
Only after that: Red Teaming (White Hacking) for ultimate verification of all measures.

What distinguishes a pure MDR provider from an MSSP?
Pure MDR providers do not have a holistic view on all assets of the customer, or vulnerabilities beyond the endpoints and usually do not offer DFIR, Red Teaming, etc. An MSSP can provide everything from consulting to vulnerability scanning to managed SOC.
A managed SOC can flexibly include services such as Tier 1-2-3.
This also includes the setup and operation of a SIEM solution like Splunk, or MS Sentinel. If alerts are reported here, the MSSP can then "respond" on the customer's EDR platform depending on defined use cases and playbooks and, for example, isolate a compromised host in real time.
... read more

Language: German

Questions and Answers: No


show more

This content or feature is available to the it-sa 365 community. 
Please register or log in with your login data.