Barry O’Connell, General Manager EMEA at Trustwave, explores how enterprises can benefit from working with managed security services providers (MSSP’s)
The world of cyber security has grown vastly more complex in recent years. Cyber-attacks have grown in both volume and sophistication as techniques and technology have developed.
This is exacerbated by a highly organised and well-funded criminal underworld and highly motivated nation state actors.
This increase in complexity, and the expansion of the attack surface, has created a kind of cyber arms race. It often involves more leading-edge technologies and the need for resources to effectively operate them.
Given this background, the reality is not surprising. Many enterprises will naturally look at security as first and foremost a technology issue.
This in turn means organisations begin and end their security investment with choosing and purchasing a selection of tools. They assume that this should have them covered.
The same organisations are ultimately disappointed when they find they are not protected and become victims of a breach.
In the vast majority of security incidents, organisations already had the tools and technology to prevent the attack. However, this is only if the technology had been fully deployed and utilised.
Managing the challenge
The challenge for CISOs and their organisations is how to remain current, agile and prepared.
This fast-moving environment means constantly assessing threats; understanding the risk to the business; being prepared to mitigate the impact of an incident – as well as being a security chief technologist.
This is a huge amount of activity for any organisation. Even major banks, governments and other extremely well-resourced enterprises have discovered it’s all but impossible to do everything in-house.
Compounding the challenge is the fact that the security industry is in the midst of a longstanding, global skills shortage. Recruiting and retaining the best staff for the job can be a constant struggle.
It can leave companies short-handed. Also, unable to manage the day to day demands of operationally securing the enterprise. It can leave companies unable to adequately detect and mitigate threats.
Partnering with a managed security services provider (MSSP) is one of the most effective methods. It helps deal with the daunting scale and complexity of the security landscape.
A good MSSP will be equipped with teams of skilled and experienced security specialists. They will also be backed by the latest developments in security technology.
And not just access to the tools, but deep expertise and adjacent IP. This will optimise the use of the technology. Thereby ensuring not just a better, faster outcome, but maximizing the return on the technology investment.
Outsourcing security activity to the right MSSP grants 24/7/365 access to the right skills and tools for any situation without having to continually invest in new technology and deal with recruitment challenges.
The managed service model also means organisations can scale up or down as the situation dictates.
Choosing the right MSSP
The MSSP market has grown rapidly in recent years and organisations have a large number of providers to choose from.
However, when selecting an MSSP partner security leaders should look for a partner that will be a good fit with their business in terms of technological capability but also business context and culture.
At a basic level, an MSSP can provide the tools and skills to match fundamental security needs. However, the real value of an MSSP lies in the more advanced security solutions they can provide.
This will include optimising the use of existing technology, access to the broadest and latest threat information, additional capability in the form of IP developed over multiple engagements to rapidly detect.
It also includes response to incidents and the expertise to hunt, analyse and action threats.
Proactive threat hunting, for example, will see a team of experienced security practitioners search for, detect and eliminate threats. It will provide visibility into potential weaknesses that would go unnoticed by a more standard level of security provision.
This capability to eliminate threats in real-time is not something all MSSPs or in-house security organisations can consistently deliver.
Furthermore, this can only be done with the technological know-how and partnership required to drive understanding of the customer environment and the risk-based decisions they are prepared to take.
Threat profiling is another example of higher-level security activity a service provider can offer.
MSSPs that have access to multiple in-house, partner and public threat feeds can profile a customer’s threat posture based on geography, industry, technology environment, etc.
This will establish a detailed view of the threats facing an organisation, allowing for more strategic decision making and more informed board-level discussions.
Gaining access to these kinds of capabilities will help to elevate security discussions from being one of cost to one of value.
This in turn makes it much easier to respond to board level enquires as to the return on security investment and shifts the COSO conversation from one solely focused on spend to one based on a strategic partnership that can help the business mature, advance and transform.
In addition to advanced security services it is important to consider the MSSP’s maturity and global reach.
An MSSP with limited ability to pull the latest threat intelligence from across the globe or have intimate knowledge surrounding various data regulations will underserve the enterprise in the long run.
An MSSP should not only be able to meet an organisation where it is today in terms of cyber security but where they are going.
A clear vision and roadmap should be established early on defined by how business operations specific to the enterprise are evolving, how supporting technologies can be exploited by cybercriminals and how customer needs are projected to change.
If the vision is misaligned from the start, it will likely end as a frustrating experience for both sides.
By finding an MSSP that understands the security goals of the customer while possessing capabilities to fully see those goals through, a true partnership can be established that will stand the test of new requirements, evolving technologies and threat actors that continue to adapt.