MSSPs have failed us, now what?

 

Managed Security Service Providers (MSSPs) have been around for over twenty years. That’s long enough for Lightstream’s V.P. of Security Strategy Raf Los to explain (with conviction) why the model isn’t working anymore. Raf makes a case for “Security as a Service,” what this really means and why this is the new paradigm the industry should be – and is — shifting towards. Here’s a hint: CISOs need to get out the of business of managing security infrastructure.

On Apple

On Spotify

Lightstream Achieves Palo Alto Networks Prisma Cloud Specialization

NextWave Prisma Cloud Specialization will help Lightstream bring Advanced Cloud Security Expertise to Customers 

Salt Lake City, UT, June 3, 2021– Lightstream announced today that it has achieved a Palo Alto Networks NextWave Prisma Cloud Specialization Status. Lightstream has met the key specialization criteria around performance, capabilities, and engagement established by Palo Alto Networks’ NextWave 3.0 Partner Program.

As businesses expand their cloud footprints to innovate and go to market faster, cloud security must keep pace with the needs of both agile software development practices and hybrid and multi-cloud environments. Customers need the expertise and tools to ensure that their entire cloud native application lifecycle is protected and compliant while enabling full stack protection across public or private clouds for hosted, container, and serverless workloads.

Lightstream’s achievement of Palo Alto Networks’ Prisma Cloud Specialization adds further value to its robust cloud and security practice. The practice emphasizes architectural excellence as well as ongoing technical optimization, remediation, and cost performance for core, virtual, and remote infrastructures.  It further validates the capabilities of Lightstream Security Managed Services product portfolio to address the ongoing operational needs of customers.

“Lightstream Cloud Defense, built on Palo Alto Networks Prisma Cloud, pairs a flexible platform approach with cloud and security engineering expertise and remediation through our 24/7 security operations center (SOC),” said Jeff Collins, chief strategy officer for Lightstream. “Customers benefit from the power of Palo Alto Networks Prisma Cloud in a pay-as-you-grow managed service designed to fit their needs.”

“The partner of tomorrow will differentiate itself by building security expertise where that need is greatest,” said Karl Soderlund, SVP of Worldwide Channel Sales at Palo Alto Networks. “As a Prisma Cloud Specialized partner, Lightstream will bring expertise and cloud security to our customers who don’t always have the tools or resources to manage integrated DevOps security or secure complex, hybrid-cloud environments. This Cloud specialization is also our commitment to identify and bring high-value opportunities to partners backed by our leading security platform, with the incentives, enablement and support services that will help them establish innovative new solutions.”

About the NextWave Partner Program

The Palo Alto Networks NextWave partner program includes approximately 6,500 partners who help 80,000 customers around the world succeed with Palo Alto Networks Technologies. Its pre-sales, sales, and post-sales capabilities and enablement are instrumental in helping our partners create an optimal customer experience and serve as trusted security experts. Partners’ achievements in the program are proactively monitored and annually assessed.

NextWave 3.0 is a comprehensive set of program specializations, incentives, and enablement initiatives launched by Palo Alto Networks to Enable partner differentiation; enhance partner profitability, expand partner opportunities; and empower partner success.

To learn more about Lightstream’s Security Managed Services, visit our Security Practice page on lightstream.tech.

About Lightstream

Lightstream provides full-service cloud, connectivity, and security solutions to enterprises worldwide with a focus on managed services for all three, as well as cloud infrastructure implementation, security, and support.

Lightstream is an AWS Security Competency Partner, an AWS Advanced Consulting Partner, a Microsoft Cloud Platform Gold Partner with Security Competency, and was named Palo Alto Networks Public Cloud Partner of the Year in 2018 and 2019. Visit us at http://www.lightstream.tech or LinkedIn.

Media Contact

Cynthia.Lawton@lightstream.tech

 

SOC 2 isn’t your problem. It’s your network.

Information security is a reason for concern for all organizations, including those that outsource key business operations to third-party vendors like SaaS and cloud providers. But beware! Don’t let your network be an afterthought when it comes to achieving SOC 2 compliance.

Lightstream’s Chief Strategy Officer Jeff Collins discusses the basics of SOC 2 and offers concrete advice on what to consider when preparing for an audit or undertaking a digital transformation initiative.

On Apple

On Spotify

A Large Design-Build Construction Company Saves Azure Cloud Migration with Help from Lightstream

Security gaps threatened the company’s cloud migration, but crisis was averted with services from Lightstream.

Business Challenge

A desire to stay innovative, modern, and operationally effective—three critical attributes in today’s competitive construction industry—led a large design-build construction company in the Midwest to explore the cloud. The company’s IT leadership team chose Microsoft Azure as their platform and purchased Prisma Cloud, a multi-cloud security offering from Palo Alto Networks, to provide added security protection for their cloud environments.

Once its Azure environment was implemented, the company began migrating applications. The team’s goal was to move as many applications as possible to the cloud, knowing some applications would have to remain on-premises, and their operating environment would result in a hybrid configuration.

After months of moving applications and deploying them into production, however, the company discovered problems. A security assessment revealed there were serious security gaps in the way Azure and Prisma Cloud had been implemented. If not addressed, the gaps would allow external entities to gain access to their environment, leaving the company’s systems vulnerable to breaches. This forced the company to stop its cloud migration and move applications back into its own data center.

Solution

With its cloud migration on hold, the company looked for a solution to solve its security problems and contacted Lightstream for help.

Once engaged, Lightstream Azure Cloud experts began gathering information. They reviewed the company’s business requirements, technology environment (infrastructure, data services, security landscape, application portfolio, and operations tools), and processes to gain a clear understanding of the company’s operating environment.

Next, the team evaluated the company’s existing Azure environment. They reviewed the company’s core cloud configurations, standards and governance, identity and access management (IAM), network interconnectivity, security, and monitoring, provided recommendations for changes to address issues, and then created an operational run-book with as-built documentation.

The next step was to review the Palo Alto Networks NGFW (next-generation firewall) configuration. The team reviewed the overall design of the appliances, assessed the Azure routing configurations, network placement, and connectivity, and recommended changes to remediate issues and ensure high availability.

The last step was to address the Palo Alto Networks Prisma Cloud implementation. The team evaluated the existing deployment, including policies and settings for resource configurations, user activities, network traffic, and host vulnerabilities, and made changes to resolve problems and ensure the environment operated correctly.

Business Outcomes

Remediation of Security Gaps and Reduced Business Risk

After completing the project with Lightstream, the company was able to eliminate its security gaps. External entities were no longer able to gain access to the company’s Azure environment through the known security vulnerabilities. This increased the confidence in the company’s cloud platform and lowered the risk of security breaches to the organization.

Secure Azure Environment with Next-Generation Firewalls

The company gained a secure Azure environment protected by Palo Alto Networks NGFWs in a high availability configuration. This enabled the company to resume migrating applications safely to the cloud and ensured its firewalls would be resilient.

Successful Prisma Cloud Implementation

With help from Lightstream experts, the company was able to overcome its initial problems and successfully implement Palo Alto Networks Prisma Cloud in its environment. This provided added security protection for the company’s cloud infrastructure and cloud-native applications.

A Large Dairy Co-operative Turns to Lightstream to Help Save Its ERP Migration in Azure

Microsoft Azure and Palo Alto Networks NGFW design and implementation services from Lightstream help the company overcome edge security issues and deploy ERP in the cloud.

Business Challenge

Dairy is a complex, regulated industry. Since the 1930s, the U.S. government has regulated milk prices. Minimum prices are set for fluid milk (based on several factors, including the price of butter, cheese, nonfat dry milk, and dry whey), and all processors must pay it. Different prices are set for milk used as an ingredient in dairy products, though the process is the same: the government sets the price, and processors pay it.

In addition, milk is a perishable product. As a result, the government sets strict standards on its use. Processors are unable to stockpile product to meet fluctuating consumer demand, which in recent years has been shifting to dairy alternatives like oat and soy milk.

These market realities put pressure on dairy processors. To address these challenges, a large dairy co-operative in the Pacific Northwest decided to expand its operations beyond its regional customer base with the goal of becoming a national brand. But to do that, the company first needed to modernize its systems by moving away from its on-premise legacy enterprise resource planning (ERP) system to Microsoft Dynamics 365 to establish a more flexible operating platform.

Midway through the project, however, the company ran into security problems. It turned out the company didn’t fully understand how to implement native cloud security controls available in Microsoft Azure and did not have proper edge security protection in place to satisfy governance and compliance regulations. After months of trying to correct the problem with the help of a 3rd -party firm, the company was unable to deploy its ERP solution and was faced with either seeking additional help or shutting down the project.

Solution

Prior to contacting Lightstream, the company had attempted to implement Palo Alto Networks NGFW (next-generation firewall) in Azure to provide edge security for its users. The company’s IT team was committed to the solution and its capabilities, but they had struggled with the implementation.

Once engaged, the Lightstream team reviewed the company’s requirements. They evaluated the existing Palo Alto NGFW configuration, executed an ingress and egress assessment, developed a security plan for implementing the company’s ERP system in the cloud using Azure native controls and Palo Alto NGFW as the edge inspection point, and architected the design to ensure high availability and resiliency. This was done by performing a customized Cloud Foundation Framework engagement.

After the design was completed, Lightstream built the Azure environment per the design blueprint, including VNets, network security groups, platform logging, and all native security controls. Then, the team implemented the Palo Alto NGFWs in a high availability configuration.

The final step was testing and validation. Lightstream’s Azure Cloud engineering experts helped test traffic flow, routing, and connectivity, as well as security functionality to ensure the solution provided the edge security protection the company needed.

Business Outcomes

Next-Generation Edge Security Protection

The company now has next-generation security to protect its systems. This includes IPS (intrusion prevention system) that examines network traffic to prevent vulnerability exploits, APT (advanced persistent threat) intelligence and detection, and other security capabilities that help keep data safe from cyber attacks.

Successful Migration to Microsoft Dynamics 365

With edge security in place, the company was able to move forward with its ERP project. Now, the company has replaced its legacy ERP solution with Microsoft Dynamics 365, providing the enhanced computing platform the company needs to expand its operation.

Reducing the Complexity of Securing SD-WAN Environments

In today’s remote-working world, many enterprises are transitioning to software-defined networking in their wide area networks, or SD-WAN, in place of traditional MPLS-based WANs. Is it any wonder network and IT professionals are fully embracing SD-WAN? Where they once had to deal with the challenges caused by an architecture overwhelmed by an ever-increasing load of data and devices, IT departments now are able to increase bandwidth, improve connectivity, and enable multicloud applications via a single, centrally managed WAN edge platform.

MPLS-based wide area networks allowed for centralized security policy and enforcement across the organization. While SD-WAN enables lower latency and faster access to cloud and SaaS applications, it also raises significant security issues. If a corporate enterprise has 200 locations, transitioning to an SD-WAN topology now expands the footprint of locations that must be secured, audited and monitored from a handful of data centers in the MPLS world to all 200 locations in an Internet-based SD-WAN architecture. That’s a tremendous burden for IT leaders to take into consideration as they are not only deploying a new WAN architecture, but they also must make sure it is properly secured. So as SD-WAN fosters tremendous transformation, it also increases the potential for major vulnerabilities within the organization.

SD-WAN topologies enable greater network visibility and centralized management of the distributed network This in turn allows IT personnel greater insight into the applications traversing the WAN between locations as well as to the Internet. When properly secured, SD-WAN enables “internal” network segmentation on an organization’s WAN without forcing all Internet-based traffic to flow through the headquarters location. However, it is imperative that additional security tools be implemented. Networking and security technology have come a long way, but still there is significant room for advancement. No cybersecurity infrastructure is perfect, and that fact is proven daily by the number of successful cyberattacks experienced by businesses worldwide.

As organizations increasingly move to the cloud, many have turned to a cloud access security broker (CASB) or one of the cloud-based caching, proxying, and security devices to confront data security and governance challenges. Secure access service edge (SASE) frameworks have been gaining traction as these are designed to connect and secure geographically dispersed branches and other endpoints to an enterprise’s data and application resources, whether internal, cloud-based, or Internet-based. Despite – or perhaps due to – this rapidly emerging technology, it is more important than ever for IT teams to come together to determine where to do the appropriate level of security introspection and inspection.

The Convergence of Security and Networking

Where security and network procurements were once handled separately, network and security decisions increasingly are being made at the same time and more often with the same solution, according to Gartner. It predicts that as part of a desire to minimize branch sprawl, more customers will look to partner with vendors that offer a combined security and networking solution or as part of a broader ecosystem.

Likewise, this convergence is prompting convergence of networking and security teams. Frequently the question is who owns the SASE product set? The answer: it doesn’t matter.

Securing SD-WAN can be a complex and overwhelming undertaking, and one that should not be initiated without networking and security teams joining forces long before the SD-WAN is deployed. The two teams must collaborate on how to take the organization’s architecture and security posture from its current state to where it needs to go for future growth and success. Three steps to get started include:

  1. Evaluate Your Services Chain
    Analyze your edge services chain to identify what network functions need to be supported and integrated into the SD-WAN. By analyzing what components need to be physical, virtualized or combined/collapsed, your organization can determine if a single SD-WAN appliance will meet the need or whether a more complex deployment model is needed. Be sure to look at it from the lens of security, including regulatory compliance.
  2. Identify Must-Have SD-WAN Security Capabilities
    Learn the different security features of various SD-WAN vendors and line them up against your organization’s requirements. Some must-have security capabilities include policies for on-demand security, encryption, distributed denial-of-service DDOS protection, unified threat management (UTM)/firewalls, and threat intelligence.
  3. Fill Security Gaps
    Address missing security needs with managed services. These services can range from Managed SD-WAN solutions to Managed Security Services that address security from the network’s edge all the way to the cloud, and incorporate automation, Zero Trust, and best practices for security and industry-specific compliance. The key is to make sure you work with a partner who understands clearly how to secure SD-WAN solutions effectively with clear KPIs that work well with your IT organization.

The Case for Outsourcing

As SD-WAN adoption expands, there is a surge in managed service providers augmenting the enterprise IT staff. Organizations are finding that they must refocus valuable internal IT resources to carry out their core goals. The software-defined nature of SD-WAN lends itself to leveraging third-party providers that can alleviate the burden on overworked IT staff. The smartest IT leaders will turn to a provider with expertise in network, security, and cloud to gain 360-degree visibility into network and security actions as well as cloud governance

 

 

The Maturity of Vulnerability Management Matters

If you work in cybersecurity at a typical mid-market company, you probably cringe when you hear the term “vulnerability management.” Let me see if I can guess how the workflow goes for you:

  1. Someone uses a scanning tool to scan as many assets across your network as you know about.
  2. The output gets exported to a spreadsheet.
  3. The spreadsheet is sorted by “criticality.”
  4. Various department or organization heads receive line-items they are responsible for patching with little context on why.
  5. You wait a week or so, then repeat the process.

How close did I get?

The various pieces of your cybersecurity strategy are programs in themselves, which means we can measure them for maturity. The problem is that mid-market companies seldom have the time or resources, not to mention the capital, to execute a full-scale program. That approach ultimately leads to a “just-do-something” execution of cybersecurity, and things get complicated.

Some hallmarks help me determine what level of maturity an organization has attained. Here are just a few:

  1. Strategy: How an organization thinks about vulnerability management and whether it’s truly managing vulnerabilities or simply trying to play whack-a-mole is telling. Managing vulnerabilities means a lifecycle approach and understanding that once they’re discovered, vulnerabilities can have one of three fates:
    1. Remediate – simply put, apply the fix or patch.
    2. Defer – push the fix until a later point in time such as when the system is retired shortly.
    3. Accept – accept that the vulnerability will not be fixed, and alternative accommodation needs to be made.
  2. Execution Discipline: Understanding the discipline with which an organization executes the tasks of a vulnerability-management program says a lot. Are there change controls? Is the process well-documented and universally accepted across the organization? Does the program include all of the organization’s assets? These and more are important questions to consider. As an organization matures, execution will be more repeatable and predictable.
  3. Follow-through: Few things are more important than following through. It makes no sense to scan, notify, but then do nothing but wait for someone else to do something. As an organization matures it will learn to not only notify but report, and follow-through on impacting positive change.

All this said the important thing is to figure out how your organization ranks, and what your real level of maturity is. There is no universal answer to what maturity level your particular organization should be at. But knowing is a critical first step.

5 Things Your Breach Response Attorney Needs You to Know Before an Incident

It is now clear that every company is at risk of a cyber-attack and resulting data breach no matter how diligent and sophisticated they are at cybersecurity. Most recognize that such an attack requires a technical response but do not realize that there are legal and business issues that must be addressed as part of the incident response process. One of the most important factors in getting this right is to prepare for it ahead of time.

Shawn Tuma is an internationally recognized thought leader, subject matter expert in cybersecurity and data privacy, and breach response attorney who leads companies through this process every day. He will explain the five most important things he wishes his clients knew before their incident and what actionable steps you can take now to prepare your company for such an event.

Rafal Los, Lightstream’s vice president of security strategy, will moderate the discussion. Rafal is well known for his podcast, Down the Security Rabbithole, that has over 25K monthly listeners. He is a recognized thought leader, speaker and industry contributor on cybersecurity topics.

Please send your questions, comments and feedback to: cynthia.lawton@lightstream.tech