Organizations are more likely to work with a number of MSSPs, as opposed to one.

Edward Gately, Senior News Editor

February 21, 2019

9 Min Read
Security Roundup

When it comes cybersecurity, many organizations, especially large companies, are unlikely to choose a single MSSP to fulfill all of their needs.

Instead, they’re likely to work with a number of MSSPs based on each MSSP’s expertise in individual capabilities. And coordinating and integrating those MSSPs into their business will present a challenge.


ThreatConnect’s Adam Vincent

That’s according to Adam Vincent, CEO of ThreatConnect, a security operations and analytics platform. He said working with MSSPs is like maintaining a car. If you don’t maintain your tires, it is bad for your car’s health. In that same vein, if the MSSPs are plugged and forgotten, the organization’s security will take a beating.

Vincent spoke with us about the issues involved in working with MSSPs.

MSSPs deploy ThreatConnect as their primary platform to aggregate and analyze threat intelligence, and then automatically act on validated threat intelligence. With ThreatConnect’s API, MSSPs can integrate their ThreatConnect instance with their customers’ security infrastructure and push rules to their endpoint protection devices.

“I believe that the ultimate future of security is going to be akin to what happened to IT,” Vincent said. “Over the course of many, many years, many processes within the IT organization have become commodities and been outsourced to a variety of companies. There’s some things that had to happen for that to take place. One, the company needed to know what drives their bottom line, what kinds of processes they needed to produce in order to become a more effective business. Two, they needed to have people that do those processes for some length of time so that they truly understand what the process requirements are and how to do them at scale. And three, once they had the process down and they knew they were doing it correctly, then they likely looked to outsource it.”

Security is nowhere near being able to “just throw everything to an MSSP,” Vincent said. Instead, an MSSP likely will be focused on a particular aspect of a security program, whether monitoring, threat hunting or email phishing protection, he said.

“If you think about how the rest of the business has outsourced parts of their processes, they don’t go to one organization and just throw all of their requirements into some organization’s lap,” he said. “They have multiple MSSPs that do different things. If you have a car, you have your favorite place that you go for tires and your favorite place you go for cleaning your car, and there’s a best-of-breed aspect of that.”

The future of security is going to be more and more things moving to MSSPs, but that’s going to drive a requirement to understand the full aspect of the security program, Vincent said.

“You’re not going to throw your security program to an MSSP as much as you’re going to throw aspects of your security program to multiple MSSPs, and you’re going to coordinate them,” he said. ” It might even require MSSPs to work together across a single process. So if you had an MSSP for hunting and you had a different MSSP for monitoring, there’s a very good chance that monitoring and hunting need to be a combined process and therefore you need to technically support an integration between your different service providers.”

MSSPs are going to be a force within the cybersecurity industry, but what’s ultimately going to happen is …

… “you’re going to have enough MSSPs that you become overwhelmed working with them,” Vincent said.

“There’s going to be a coordinated, orchestrated and maybe even automated process on how data transitions back and forth between the MSSP and the organization, and then if you multiply that by the number of MSSPs and the number of products that the MSSPs may be monitoring and/or have some integration into, that problem is only going to be exacerbated,” he said. “It’s going to be very important that the organization have a technology … in place to integrate those different MSSPs into their business, and ultimately also then integrate aspects of the business and those processes that need to be fulfilled back into the MSSPs in a measurable and process-driven way so they can then see whether the money they’re paying to each of their MSSPs is in fact getting the return on investment that they require.”

SolarWinds: MSSPs Need to be Prepared to Fight Latest Threats

During the recent BlueHat security conference, a Microsoft security engineer revealed that during the last 12 years about 70 percent of Microsoft patches were fixes for memory safety bugs. If memory safety errors are today’s biggest attack vector, what’s tomorrow’s?

Microsoft has patched most of the basic memory safety bugs, so now cybercriminals need to step up their game. How can tech pros managing modern-day tech environments prepare for new issues and vulnerabilities lurking above and below the surface?


SolarWinds’ Tim Brown

Tim Brown, SolarWinds‘ vice president of security architecture, tells us the most important step is ensuring that you’re embracing good cyberhygiene. If you leave the front door open, you’re inviting the bad guys in. The four essentials you need to help do this are: network protection, web protection, patch management and mail security.

“Don’t forget the human factor,” he said. “Untrained staff, unmitigated access and lack of good policies are all big contributors to security vulnerabilities. Make sure you’ve taken the time to establish policies, and train anyone and everyone who has access to your systems. And, make sure that you haven’t granted that access too widely. The bad guys can get to your ‘crown jewels’ easily, for example, by throwing out a phishing line to an HR administrator if that administrator’s credentials aren’t locked down tightly.”

Education is always pivotal in helping to ensure security readiness, and education isn’t just for the people doing security, it’s for everyone in the business, Brown said.

“The best tools to detect and respond to potential threats can vary widely based on your organization’s individual needs and the type of industry you’re in,” he said. “For example, if you’re in the health care industry,  you’re going to need a more rigorous set of tools to help you both detect and report on breaches around data in different ways than an HVAC company would. But every company, regardless of industry, needs to remember cyberhygiene. After all, an HVAC vendor — as we saw in the Target breach in 2014 — was the entry point for the cybercriminals in that attack.”

The worst thing you can do is gauge effectiveness based on whether you’ve been breached, Brown said. The best way is to stay on top of hygiene and training, and regularly audit your own systems to help ensure they are properly locked down, he said. No one is immune from a vulnerability, unfortunately, but knowing your weak links and helping to strengthen them is key.

Continuum Unveils Latest Cybersecurity Offering for MSPs

Continuum has launched its new Empower subscription-based service model aimed at giving MSPs the expertise, support and solutions they need to understand their clients’ security gaps and deliver the service they need.

Empower allows MSPs to change their approach to selling security offerings by …

… generating client-facing assessment reports that combine dark web scanning, endpoint and user data, providing clients with a clear and comprehensible view of their current risks, according to Continuum.

The new offering provides MSPs with marketing materials and licenses to advanced security tools from the Continuum security product suite for demos and proof of concepts.


Continuum’s Brian Downey

Brian Downey, Continuum’s senior director of security product management, tells us Empower is based on the feedback from MSPs as they’ve been building out their security practices.

“The conversations we’ve had with our partners indicated that, while they have access to the solutions and tools to protect their clients, the biggest gap they faced was creating and executing the demand from end-clients,” he said.  “We set out to build Empower to meet that specific need by giving them the ability to identify risks, have conversations with clients, and show exactly where and how security solutions could protect their businesses.”

For an MSP looking to become an MSSP, or an MSP just looking to provide the value their partners are looking for by adding security services, the first step is being able to have conversations about security that resonate with your clients, Downey said.

“If you can’t do that, it makes no difference how advanced or solid you security services are because your clients won’t be interested in them,” he said. “Empower focuses on this key first step, enabling MSPs to successfully have productive conversations with their clients that resonate and drive them to take action around security.”

365 Data Centers Rolls Out New Cybersecurity Offerings

365 Data Centers has added new cybersecurity solutions to its portfolio of colocation, cloud, network and managed services.

Supported via 365 Data Centers’ partnership with Tel-Networks, the new product suite offers solutions from cybersecurity vendors including Arctic Wolf, Cisco, Exabeam, Forcepoint, SecurAuth, Secureworks, TrapX and many more.


365 Data Centers’ Tony Franchi

The new cybersecurity products provide full-service managed security information and event management (SIEM), and security operations solutions, including complete end-point protection, cloud access security broker (CASB), insider threat, applications security, security audit and assessment services, network security, digital resilience, micro segmentation, advanced deception grid, compliance and database exfiltration control.

Tony Franchi, 365 Data Centers’ senior vice president of sales and marketing, tells us partners will be able to benefit by offering these solutions to any existing or potential new clients by adding cybersecurity to additional services his company offers such as colocation, cloud and IP network services.

“365 has a wholistic approach to cyber security, meaning 365 is partnered with many cyber vendors that some MSPs and MSSPs may not have in their portfolio of solutions,” he said.

Read more about:


About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like