The time had come for a contract renewal with one of our Managed Security Services clients, and we started the conversation with a look back at what we have accomplished together since 2015 when the relationship began.
At that time, the main focus was on replacing aging firewalls to address an audit finding. By adding our Co-Managed Firewall coverage the client could keep the hardware updated, optimize security rules and make configuration changes as needed, and have an outside resource to monitor 24/7 and assist with incident response, they also addressed another 50+ of their audit findings and helped them to overcome the limitations of relying strictly on blocking controls by adding log correlation and threat intelligence to take advantage of the data the hardware can provide.
Fast forward 18 months, and the client reached out to us before the next renewal to add more assets for log collection and monitoring and to discuss how to best utilize this protection as part of their incident response program.
Now for the latest renewal, the focus was on alignment to the NIST Cyber Security Framework, and one of the issues they faced was that different locations were at different levels. Some had set up protected enclaves for sensitive data, had patching programs to make sure known vulnerabilities were addressed when security patches were released and were doing regular testing of controls to look for holes to fix before they could be exploited by an attacker. Others had prioritized other initiatives and were further behind, so the challenges was how to align the services in our renewal for maximum cost benefit while still meeting the individual location needs.
Integrating Cybersecurity as a Service (CaaS) into the Managed Services renewal is how we were able to keep the current protections in place while adding flexibility for each location to have access to patch management, cyber testing, and compliance consulting. We also added our breach response to expand access from cyber forensics resources on our team to a National group of cyber, legal and even public relations help and a cyber gap insurance policy to fund initial investigations, commercial policy deductibles and coverage exclusions.
We leave out the details of this particular client because we identify cyber risks and provide solutions for organizations of all kinds and sizes with scalable, tailored recommendations that empower them to use the resources they have, layered with protections that they simply cannot afford to implement themselves.