The Cloud Experience Everywhere
SimonLeech

Lighten your security ops burden with Managed Security from HPE GreenLake Management Services

Cyberattacks continue to escalate, and many companies are having a hard time defending against them. A study released in June by the Ponemon Institute, and sponsored by Hewlett Packard Enterprise, identified and described an “IT security gap,” defined as the “inability of an organization’s people, processes and technologies to keep up with a constantly changing threat landscape.” Only 29 percent of the study’s 4,000-plus respondents described their organization as “highly effective in closing the IT security gap.”1

Of course, cybersecurity has long been a permanent feature, and cost, of doing business. But clearly companies still feel less than fully prepared to meet the challenge of cyber breaches and the disruptive downtime, loss of revenue, and massive reputational damage they can cause.

 

Most businesses accept that the public cloud isn’t always the answer, and there are still plenty of use cases where an on-premises or hybrid data center can make sense. However, while you can outsource your operations in many fashions, you still can’t outsource your organizational risk.

 

Building and maintaining cybersecurity defenses is an increasingly onerous and time-consuming task for hard-pressed IT teams. Here’s what we hear from IT leaders:

 

“We lack the skills and resources to address the complex and never-ending challenges of security.”

The security skills gap has been extensively reported, to put it mildly, in the industry press2. When the Ponemon researchers asked respondents why breaches were still happening, 49% cited “a lack of adequate security staff with the right skills.” It’s hard to find the right people to hire in the marketplace, so companies start looking internally. But bringing internal hires up to speed for security projects calls for time and training capabilities that may also be in short supply.

 

“The sheer volume and complexity of cyber security solutions consumes too much of our budget, time and resources.” Organizations tend to have dozens of security solutions, and it's often very difficult to get the full value out of them. Some of them may have been installed as a tick-box for a particular compliance requirement. If they're not properly managed, they can take a considerable bite out of . Fully 60 percent of the companies in the Ponemon study said that “it is difficult to protect complex and dynamically changing attack surfaces (mobile, byod, cloud, IoT etc.)

 

“Detecting a threat is not enough: we need a solution that addresses detection through to response.” When you have a lot of security tools, they generate a lot of security alerts. But then what? A number of years ago there was a security breach at a large retail organization. They had a number of security systems, but they had on ongoing problem with false positives. So when a series of alerts came in, they dismissed them. A few days later they got an alarm from their gateway protection solution. It came in in the evening, and they ignored it again as a ‘false alarm’. They didn't react until a government agency contacted them and said, “hey, you've been hacked.”

 

“The wide range of cyber security threats forces us to deploy many solutions that are not integrated, nor can we correlate between them.” Cybersecurity architectures are made up of a proliferation of systems that typically don’t talk to each other well, or at all. And siloed solutions lead to siloed responsibilities. You might have a firewall team. Patching is done by the server management team, networking security is handled by the networking team and so on. But there's no integrated team responsible for full-lifecycle operational security for your environment.

 

For companies that have taken the managed services route with HPE GreenLake Management Services, these challenges are about to become a lot less pressing. We’ve been doing managed services for a long time, and we’re very accustomed to helping customers with ad hoc customer requests like updating their antivirus signatures, or deploying a particular patch. But we’ve always had the capability to deliver end-to-end security management, and with our recent innovations in remote infrastructure management, we’ve decided to take it to the next level. We are introducing a new service that will proactively lift much or all of the operational burden of cybersecurity from IT’s shoulders: Managed Security from HPE GreenLake Management Services (HPE GMS).


HPE20160627193_1600_0_72_RGB.jpg

 

With this new offering, we're making it straightforward for you to put your security operations into HPE’s hands, because we will treat your data, apps and infrastructure as if they’re our own, enabling you to reduce organizational risk. And we bring the vast resources of HPE GMS to bear in ensuring that they’re safe and protected.

 

Lightening the load

Managed Security by HPE GreenLake Management Services is an optional add-on to your HPE GreenLake Management Services contract. We offer two options:

  1. Essential Security elements. With this foundational offering, we provide a technology stack, installed on-premises at your location, which enables us to collect all of the logs from the platforms that we manage for you under HPE GreenLake Management Services and store them in our security information and event management (SIEM) platform based upon Elastic Stack and SOC Prime

    We leverage that log collection capability to perform security monitoring. Our analysts connect to SIEM to do their monitoring and threat-hunting. Essentially, you get a remote Security Operation Center (SOC) – a 24x7, eyes-on-glass security monitoring capability for your HPE-managed infrastructure.

  2. Enhanced Security elements. Many organizations are looking for more than monitoring. When you add Enhanced Security elements, you get all of the services under the Essential plan, and you can choose from a wide range of additional services, including vulnerability management powered by Rapid7, compliance management and security transition management. We will build an account security plan to support us in staying compliant with your security requirements. We can deliver advanced security metrics and enhanced infrastructure controls, and we can assign you an HPE Account Security Officer to oversee your Managed Security solution. And by working together with HPE Pointnext Services we can provide additional services such as our Security Analysis and Roadmap Service, Vulnerability Analysis Service, and security training courses from HPE Education Services.

    It all adds up to a more efficient, less stress-inducing way to run IT security operations. Managed Security by HPE GreenLake Management Services tackles the security skills gap by helping your staff acquire new skills if they need them, and freeing them up to work on high-value projects. It enables you to bypass the complexities of managing the cybersecurity stack and ties off the detection-to-response cycle.

 

Managed, as-a-service security and beyond

We see Managed Security as a natural extension of HPE GreenLake Management Services, and another advance for HPE as the edge-to-cloud platform-as-a-service company. In a sense, this new solution does what the cloud can’t do. It enables you to reduce some of you organizational risk. We think that’s great news for companies struggling to maintain a strong security posture in today’s difficult business environments.

The even better news is that Managed Security by HPE GreenLake Management Services is just one of five new services that we’ll be introducing under the HPE GreenLake Management Services umbrella. We’re building a complete portfolio of security, risk and compliance solutions. Keep an eye on this blog; we’ll be covering them in upcoming posts.

Learn more about HPE GreenLake Management Services and how we help you run IT securely.

1. You can download Ponemon’s 2020 Study on Closing the IT Gap with a simple registration.

2. To take just one example: earlier this year a Security Magazine article estimated that around three-quarters of cybersecurity leaders are facing a skills shortage

 

Co-authored with Paul Benedetti, Worldwide Business Service Manager at HPE GMS


Simon Leech
Hewlett Packard Enterprise

twitter.com/HPE_Pointnext
linkedin.com/showcase/hpe-pointnext-services/
hpe.com/pointnext

 

About the Author

SimonLeech

Simon Leech is a Certified Information Systems Security Professional with a specialisation in Security Architecture (CISSP-ISSAP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified in Cloud Security Knowledge (CCSK) and working in the Worldwide Security, Risk and Compliance Practice within HPE Pointnext Advisory and Professional Services. Simon is active on Twitter as @DigitalHeMan