A Practical Lesson in Collaborative Security

The sheer complexity of cybersecurity and the relentlessness of attacks organizations face today make going alone dangerous for even the most security-savvy enterprises.

In a recent blog, we looked at how security requires collaboration across departments and how to foster that collaborative approach. Today, let’s look at a concrete example of it in action.

The Power of Cybersecurity Teamwork

Many organizations struggle to keep up despite the ever-changing cybersecurity and compliance landscape. That’s why collaboration, both internally and externally, is so important to mitigating risk, remediating vulnerabilities, and reaching compliance.

Check out our eBookGuiding the Collaborative Approach, to learn why collaboration is so crucial to security.

Unlike other approaches, like managed security services providers (MSSP), the advice and counsel don’t stop there; security teams are not left with the responsibility of using the tools themselves to thwart incidents. With a collaborative managed detection and response (MDR)) approach, the security partner continuously detects and alerts to incidents and handles them on the organization’s behalf, and provides constant visibility into its security posture.

In the case of ActZero, that means turning operations center (SOC), painstakingly (and expensively) developed over many years, into our client’s SOC. Providing the technical account managers and virtual chief information security officer (vCISO) that reviews security reports, gives strategic support, and offers prioritized guidance to help inform security policy.

Covering Compliance Through Collaboration

Almost nowhere is compliance stricter than in the healthcare industry. That’s one reason why leadership at one of the largest privately held long-term elderly care companies in America saw value in shoring up their cybersecurity capabilities and recognized they required help.

The organization needed guidance to help with the massive undertaking of achieving NIST800 and HIPAA compliance. Typically, reaching regulatory compliance can take a full year, given the amount of time and labor involved, and it wanted a way to meet requirements and improve security – and fast! It turned to ActZero to improve security through a compliance audit and controls mapping and provide insights into how to cover security gaps and avoid exploits.

In addition to the expert advice around compliance, the ActZero team guided the insurance provider to source and procure tools, like trackers to map their project framework against cybersecurity maturity model certification (CMMC) regulatory requirements. The organization documented its efforts towards the previous frameworks, preparing them for what lies ahead as the industry moves to CMMC 2.0. (Check out our webinar if you’re interested in knowing more about CMMC 2.0 and the original framework.)

Adopting a collaborative approach to security proved invaluable in meeting the organization’s goals – from seeking external help for penetration testing to working closely with ActZero for security functions and vCISO consulting to internal teams handling vulnerability remediation and network architecture. When an attack finally came, this teamwork had the organization well prepared. ActZero threat hunters were able to detect and help the insurer and care provider through a DDOS attack immediately, resulting in zero downtime and no impact on its clients.

Armed with comprehensive guidance and reporting and visibility through the ActZero customer portal, the organization has received its compliance certification. With the level of reporting now possible, the organization’s president – who advocated for greater measures – provides the board with frequent reports demonstrating the improved defensive posture and providing them with valuable insights to drive executive-level buy-in.

Without a team effort, the organization’s journey – simultaneously taking on a monumental compliance project while upgrading security – would have been long, arduous, and fraught with risks. Yet, by working together with experts, it was able to reach its destination smoothly, all while safeguarding itself and its clients. Read more: https://bit.ly/3aGYWPz

You can also read this: Be Proactive! Shift Security Validation Left

Leave a Reply

Your email address will not be published. Required fields are marked *