IT still struggling to figure out security


IT managers have been working to implement a procedure known as "Defense in Depth", however those companies using this model almost always seem to forget certain aspects of the attack vectors in their organizations. Below we share some of our recent findings and explain why defense in depth should not be how you protect your crown jewels. In short, even with a fully implemented design, there will still be trusted system with exploitable vulnerabilities.

What is Defense in Depth?

In short it is the practice of layering your security so that if a control fails, another control will protect your enterprise. The problem with this approach is that it only takes one failure of a defensive measure to compromise an entire system, even with a layered defense. Another common issue is that even with properly implemented defense in depth on IT, there are other vectors not covered that are commonly exploited such as employee owned devices, social engineering vulnerabilities and improper procedures. The other issue with this process is that new vulnerabilities are found daily, and unless you have an automated way to cover these vulnerabilities proactively, they may have been exploited before the method has become public.

The problem with security models - The Struggle

Back in 2016 we started looking for a security model that would cover all of the vulnerabilities being seen in real world attacks. After looking at CDM, NIST and similar controls, we realized that all of them left open certain vectors and especially non IT vectors that could still be exploited by attackers. This finding is what spun off the Jigsaw Threat Mitigation Model which is a protected process for implementing true security with a model that covers all of the vectors observed in the last 5 years.

Nearly every customer we audit has findings that they did not identify during their own internal auditing that we were able to exploit and demonstrate during our penetration testing. Call today to schedule a penetration test or company evaluation.

As you can see we have implemented a method of protecting customers that goes above and beyond typical IT security based models. Our model includes the human element, physical non IT attacks and other items not covered by most security models. While we don't go into specifics about how Jigsaw Security implements this framework, we have provided a guide for MSSP's that allow them to get an idea of the scale and scope of what a real comprehensive security plan consist of.

Download our Guide Below

MSSP Guide and overview of the JTTM

For More Information

If you have questions about how Jigsaw Security protects our customers and provides MSSP's with the tools to centrally manage clients, feel free to email us or chat using the chat feature on our website. There's a very good reason why we provide managed security to MSSP's, in short it's because we have the most complete set of tools available in the market today.

#MSP #MSSP #Guidance

18 views

Contact: (800)447-2150 Ext. 1        To contact Jigsaw simply send a message in our chat window!

  • Facebook - Black Circle
  • Twitter - Black Circle

© 2017-2018 Jigsaw Security Enterprise Inc.

Jigsaw Security Enterprise Inc is a SDVOSB - Service Connected Disabled Veteran Owned Small Business Jigsaw Security is an operator of WIMAX networks and is operating under license WQVC235 as a common carrier, non-common carrier and private communications operator. Jigsaw Security operates cable and satellite services. Courses may be provided by a third party authorized training partner in some cases. Some training is only available for cleared and US Citizens. Courses approved by the North Carolina Department of Public Safety Private Protective Services Board for licensing and CE credits. JPM program insurance is provided by an authorized Jigsaw Security Insurance Partner and is not underwritten by Jigsaw Security. For insurance information please contact our JPM program manager. Jigsaw Security operates a network through our NCBroadband brand.