Security as a Service / MSS.....Why?

By -


Security as a Service / MSS.....Why?

A number of factors are driving the need for managed security services (MSS) which are namely expertise, cost and consistency. 

Key concerns when considering an MSS should be included as detailed below:


Cost: The associated cost benefits of using some MSS providers may appear a very attractive proposition. 
MSS provides the ability for a company to have deep security expertise without the associated cost of full time employees. 

For example our edgescan™ service gives our clients access to our security engineering team whom manage the security posture of their assets. A managed service should give you the ability to reduce your Capital Expenditure and control your security-spend without sacrificing quality.
Using an MSS, you can maintain your security posture but reduce overall Cost of ownership.

Accuracy: Security is about covering all the bases; a defender needs to manage all vulnerabilities, whilst an attacker needs to exploit only one (vulnerability).

Accuracy covers two aspects of MSS;
  1. Firstly the ability to detect and manage discovered vulnerabilities with confidence
  2. Secondly to reduce the time required by the business to patch, fix or configure due to the quality of the vulnerability information delivered via the MSS provider.

For example, our clients value the hybrid approach we have to vulnerability management which involves human validation of every discovered vulnerability and results in virtually “false positive free” security intelligence.

Your MSS should provide you with accurate, actionable security information.
Compliance and continuous management

Threat & Vulnerability management and meeting compliance requirements via  a 24/7 security assessment remain the primary drivers for considering an MSS. 
Your MSS should assist with demonstrating compliance and continuous improvement via management information dashboards and extensible API calls for integration into your technology “stack”.


MSS can also assist you in reallocating existing resources to other security areas, or the need to engage deeper or broader expertise than is available in-house. 
Your MSS should address requirements where you don’t have in-house expertise.

edgescan.com is a managed security service developed, managed and delivered by BCC Risk Advisory. It's a cloud based vulnerability management platform and helps clients discover and manage system vulnerabilities on an ongoing basis. 

It significantly reduces the cost of ownership while increasing cybersecurity resilience significantly. 
edgescan provides continuous vulnerability assessment coupled with a customized reporting portal and APIs set to help you understand what vulnerabilities your business faces.

edgescan assesses the security of both web/mobile applications and associated servers, or indeed any deployed systems, giving you “full-stack” vulnerability management.

www.edgescan.com
www.bccriskadvisory.com


Comments

Post a Comment

Popular posts from this blog

By -
Image
The HSE Data Breach and the State of Irish Cyber Security Many years ago, shortly after I founded the Irish chapter of OWASP ( http://www.owasp.org ) (in 2007??) we were delivering free application and software development classes to anyone who wanted them. It was a local low key affair but every class we delivered was "sold out". We have 60-80 folks mostly developers willing to spend 4-5 hours on learning the fundamentals of secure application development and testing. I suppose we felt cyber security was an important issue because that's what we did. At the time many folks in business felt cyber security was an overhead or a "tax" and did not give it much time. A few years later (late 2010) when the the foundation of the NCSC (National Cyber Security Centre) was announced, a few of us (local OWASP Ireland leaders) wrote a number of emails to the Irish government offering free cyber security training. As we were working for a non profit (501.3c) charity (OWA...
Read more

Edgescan and Huawei - Cybersecurity - Irish Times Article and Panel Discussion

By -
Image
I recently was interviewed by the Irish times on why is everything getting hacked and how can we change the game.... https://www.irishtimes.com/special-reports/cybersecurity-focus/criminals-have-an-inbuilt-advantage-in-the-great-cyber-arms-race-1.4651078  A recording of the Panel with Andy Purdy, CSO of Huawei North America. https://www.youtube.com/watch?v=cQJ1uSQ4IEk&t=33s Both are decent and worth a listen.
Read more

How Simple can it be.....XSS Prevention....

By -
Cross Site Scripting is sill a very common web vulnerability. Generally it is used to attack clients/users. It can be used for malware upload, botnet hooking, keylogging, a payload delivery system for clickjacking and CSRF attacks and much much more, all for 6 easy payments of $9.99...sorry got carried away there :) But is is easily preventable. You dont even have to know what XSS (type 0, type 1, type 2, DOM, Stored, Reflected) is to prevent it. One pretty simple way to prevent XSS is to use the OWASP ESAPI (Enterprise Security API). A very easy tool to use/invoke. It's also managed and attended to by Chris Schmidt ....A great guy... Regardless of what it does....if there was a mandate to use it on all redisplayed external input a site could become virtually XSS free!! (all for 6 easy payments of......). It's easy to deploy.... 1. Include in JSP (Java version) 2. Invoke in JSP 3. Job done!!! We include it by <%@ page import="org.owasp.esapi.ESAPI...
Read more