https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Services Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
    • Diversity, Equity & Inclusion
  • MSP 501
    • Back
    • MSP 501 Information Center
    • 2021 MSP 501 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2022 Editorial Calendar
  • Awards
    • Back
    • 2021 MSP 501
    • Circle of Excellence
    • DE&I 101
    • Top Gun 51
    • Channel Partners 101 (CP 101)
  • Events
    • Back
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Services Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
    • Diversity, Equity & Inclusion
  • MSP 501
    • Back
    • MSP 501 Information Center
    • 2021 MSP 501 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2022 Editorial Calendar
  • Awards
    • Back
    • 2021 MSP 501
    • Circle of Excellence
    • DE&I 101
    • Top Gun 51
    • Channel Partners 101 (CP 101)
  • Events
    • Back
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

From the Industry


AlienVault

Sponsor Content

AlienVault February Blog image

10 Ways MSPs and MSSPs Can Deliver Managed Detection and Response Services

  • February 21, 2019
For service providers, the MDR trend creates an opportunity to stay competitive and add value that helps clients defend and respond to cyber threats.

The proliferation of cybersecurity attacks and greater adoption of cloud applications and services is proving that traditional, prevention-only approaches are ineffective. Instead, organizations are focusing more on a detection and response strategy to manage their cybersecurity risk. However, staying up to date with the latest cybersecurity risks, managing multiple point security products, and finding skilled security resources is proving too challenging for many organizations that are instead looking to invest in Managed Detection and Response (MDR) services from their service providers, including MSPs and MSSPs.

For service providers, the MDR trend creates an opportunity to stay competitive and add value that helps clients defend and respond to cyber threats. Here are 10 opportunities to embrace and deliver competitive MDR services:

  1. Provide 24-hour monitoring: Most organizations today are online and continuously connected, but many do not have the resources to monitor their IT security across all hours of every day. Offering round-the-clock monitoring takes the burden off resource constrained organizations, and helps reduce their cybersecurity risk both during and outside of regular business hours.
  2. Monitor cloud environments and applications: Many organizations are considering, or have already begun, the drive toward deploying infrastructure in the cloud or even using cloud applications for workloads like e-mail, collaboration, CRM, payroll, identity and more. However, traditional security tools and existing expertise lack the ability and know-how to monitor these environments, creating an increasing opportunity for service providers to help organizations on their respective journeys to the cloud.
  3. Identify the attack surface with asset discovery: The assets deployed across an organization’s environment represents the surface against which a malicious entity will conduct one or more attacks. That in mind, a common challenge for IT and security teams—both in terms of managing cost and cybersecurity risk—is keeping track of what assets are deployed and where. Particularly with the ease and speed in which new virtual machines can be created on virtualized and cloud environments, keeping track of any changes is critical. Service providers can solve this problem for clients by including asset discovery in their MDR services, providing awareness and visibility into all assets on-premises and in the cloud.
  4. Perform vulnerability scanning: Finding and addressing vulnerabilities is critical because they are often exploited to deliver zero-day threats and ransomware, and it’s no surprise to see regular vulnerability scanning a requirement for compliance with many regulations. Once you know where all assets are in the environment, the next logical step is to assess them for vulnerabilities, a process that–given an average of 14 vulnerabilities are discovered each month–needs to be performed regularly. While some customers may wish to patch systems on their own, service providers can also offer vulnerability remediation—namely, the application of available patches–as an additional service.
  5. Provide log management: Identifying risks and attacks requires analyzing events and logs, and being able to determine the root cause of an attack typically requires piecing together events from across multiple systems. The manual approach of collecting logs from individual systems is resource intensive, and that’s assuming the device still has the logs for the desired timeframe. Service providers can offer a better way with log management, automating the collection of events and logs into a central location, normalizing the log data for easier analysis and investigation, and storing the data for at least one year to help customers satisfy any regulatory or standards-based log retention requirements (e.g., for PCI DSS) and for security best practice.
  6. Offer advanced intrusion detection and security analysis: These will facilitate the rapid detection of threats across customers’ on-premises and cloud environments and applications. Host IDS and file integrity monitoring (FIM), network IDS, and cloud IDS can all offer quick warning of attacks and unauthorized activities. Additionally, advanced correlation—including the use of machine learning and behavioral monitoring—can accurately identify threats that may not be clearly apparent to traditional defenses
  7. Provide threat intelligence and context: To get the latest cyber threat indicators and context, some organizations opt to do their own research and analyze threat intelligence on their own, and some choose to acquire threat intelligence from a third party. Both of these approaches often prove too expensive for many organizations, both in up-front cost and time–especially considering that some have to procure multiple commercial threat intelligence feeds to meet their needs. Service providers that offer threat intelligence as part of their portfolio will have a distinct advantage: They can be proactive against new threats, and they have the right context on threats so that they can deliver optimal protection and response, and quickly show their customers that they are knowledgeable of the who, what, why and when questions that surround cyber threats.
  8. Deliver incident validation and response: Once an incident has been detected, the first step is to validate whether it is an actual threat or just noise, which often requires advanced knowledge and experience. The next step is delivering relevant information about each threat—what it is, its strategy and method, its origin and target, the threat actor, and the recommended response. While some organizations may wish to respond on their own, there is an accelerating trend for service providers to contain and/or fully remediate incidents, as well as perform post-incident forensics to identify the root cause.
  9. Deliver backup and recovery capabilities: The simplest form of business continuity, but one that is often poorly implemented across many organizations, is backup and recovery. This provides opportunity for service providers to deliver verified backup, along with the option to fully or partially recover systems and data, in the event of an outage or loss such as from a ransomware attack. Service providers can choose to offer additional business continuity services, such as the provision of warm and hot sites, as additional differentiators.
  10. Provide security consultation: Organizations often invest in disparate protection tools that don’t always work together, that require expertise they lack, or that may not be adequate for the environments they are trying to protect. This is exacerbated by the lack of skilled talent on the market, and new challenges such as protecting cloud and mobile assets. Service providers can address this space by offering consulting services to guide customers on understanding their environment, identifying where there are risks, and helping to develop and implement a cybersecurity management plan. In addition, service providers can offer training services, such as training customers to recognize phishing attacks how to respond if they discover them.

To accelerate your managed security services with AlienVault Unified Security Management, visit https://www.alienvault.com/partners.

Mike LaPeters joined AlienVault in 2015 and heads up the global channel initiative. Mike has more than 20 years’ experience building and leading channel organizations in security, infrastructure and storage software products. He has led teams at CA, VERITAS Software (Formerly Symantec) and he represented the sales and channel efforts from inception through acquisition at 4 startups (acquired by Microsoft, Hitachi (WD), SolarWinds, Nimboxx). He is a 3-time recipient of CRN’s Channel Chief award.

This guest blog is part of a Channel Futures sponsorship.

Tags: MSPs Best Practices From the Industry Intelligence Security Technologies AT&T Cybersecurity Sponsor Content

Most Recent


  • cybersecurity trends research for MSPs
    Increased Cybersecurity Vulnerability = Increased MSP Opportunities
    Gartner's 2022 cybersecurity trends research has excellent lessons and takeaways for MSPs.
  • Must See
    IBM, F5, Appgate, Axonius, CyberGRX Among 'Must-See' Vendors at RSA
    EMA said these vendors provide products and solutions that are some of the best in the industry.
  • Business building block growth
    So You Want to Build a Microsoft Practice? Here's What It Will Take
    “It's a labor of love, and it didn't happen overnight," Jim Campbell of Opkalla said.
  • secure
    Work Goes Remote - (and Other Top ITOps Trends)
    Remote work is perhaps the most obvious trend for 2022. But other key trends affecting your clients include gaining buy-in from their existing IT staff, improving security for better compliance, using MSPs to supplement staffing needs, deploying in the cloud, and paying attention to human factors. Download this whitepaper to  look at each of these […]

One comment

  1. Avatar C. Watson February 23, 2019 @ 8:15 am
    Reply

    Within the MDR market space, how has the need for onsite, physical presence been addressed? Example: Remote MSSP/MSP monitoring detects a device or user is actively violating security policy and/or poses an immediate threat, and timely physical remediation is warranted. In this scenario, how would the contracted parties describe and plan for this, and what mix of logical and physical controls are ideal that are practical and risk prudent?

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Screen Shot 2018-11-25
    Do You Need an MSSP?
  • Making a list
    MSP Success Series: Make a List
  • December AlienVault Blog Image
    Five Mistakes MSSPs Should Avoid
  • zero-trust
    The Benefits of Zero-Trust Security over VPNs

Upcoming Events

View all

Channel Partners Europe

June 14, 2022 - June 15, 2022

MSP Summit

September 13, 2022 - September 16, 2022

Galleries

View all

IBM, F5, Appgate, Axonius, CyberGRX Among ‘Must-See’ Vendors at RSA

May 25, 2022

So You Want to Build a Microsoft Practice? Here’s What It Will Take

May 25, 2022

Cisco Hybrid Cloud Trends Report Indicates Important Uptake

May 25, 2022

Industry Perspectives

View all

Increased Cybersecurity Vulnerability = Increased MSP Opportunities

May 25, 2022

Leverage Your MSP’s People Power

May 24, 2022

How SD-WAN Helps Secure the Expanding Network Perimeter

May 19, 2022

Webinars

View all

Simplifying SaaS Security for MSPs

April 27, 2022

How to Supercharge The Network to Support Your IT Superhero Moves

May 3, 2022

The 2022 MSP Challenge: Scale Service Delivery Despite the Talent Gap

April 21, 2022

White Papers

View all

Work Goes Remote – (and Other Top ITOps Trends)

May 25, 2022

The New Bottom Line: How MSPs Can Meet the Healthcare Crisis While Evolving Their Businesses

April 19, 2022

How to build a Security Operations Center (on a budget)

April 4, 2022

Channel Futures TV

View all

AT&T, Microsoft, Cisco, ThreatLocker on Unlocking Partner Potential

Agents Share ‘Secrets,’ Industry Opportunity

May 11, 2022

Vonage Addresses Potential Partner Opportunity via Acquisition by Ericsson

May 5, 2022

Lumen Technologies ‘Built for Growth and Scale’

May 4, 2022

Twitter

ChannelFutures

Are your #MSP clients struggling to handle their cybersecurity vulnerability? #cybersecurity #cyberthreats… twitter.com/i/web/status/1…

May 25, 2022
ChannelFutures

Introducing the 2022 Channel Futures MSP 501: The best of the best. Register for the reveal webinar here.… twitter.com/i/web/status/1…

May 25, 2022
ChannelFutures

.@Tanium launches new Technology Partner Program. #endpointdata dlvr.it/SR3pvw https://t.co/5DL6gvTAhX

May 25, 2022
ChannelFutures

EMA's picks for must-see vendors at next month's @RSAConference: @AppGateSecurity, @AxoniusInc, @coalfire,… twitter.com/i/web/status/1…

May 25, 2022
ChannelFutures

Jim Campbell of @opkalla shared how the consultancy built a Microsoft gold partner CSP business in 18 months.… twitter.com/i/web/status/1…

May 25, 2022
ChannelFutures

.@Nable's new N-hanced Services empower partners to leverage N-able’s full breadth of experience and expertise, the… twitter.com/i/web/status/1…

May 25, 2022
ChannelFutures

Work Goes Remote – (and Other Top ITOps Trends) dlvr.it/SR3d06

May 25, 2022
ChannelFutures

.@ConnectWise adds two executives to its leadership team: Todd Hale as CIO and Ciaran Chu as GM of ConnectWise Cont… twitter.com/i/web/status/1…

May 25, 2022

MSSP Insider

Business advice for MSSPs and news from the broader security channel.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X