What’s Missing from MSSPs and Enterprise SOCs That Will Change the Game?
MSSPs and enterprise security operations centers (SOCs) share a similar function: MSSPs are SOCs for many paying customers, while enterprise SOCs are found in large companies with enough budget to build a centralized security organization.
Both functions have a singular focus on ensuring their customers and/or company are secure along multiple attack vectors. The attack landscape is vast and growing exponentially with IoT and 5G coming soon. One has to wonder how MSSPs/SOCs are training their personnel to “experience” the emotional, gut-level, in-the-trenches hard work that comes with a cybersecurity breach to the networks in their care. Yes, they break out the run books and follow the steps, but, as with any crisis, there is a lag. The muscle memory is just not there. Time is the enemy, and it’s winning. Data is leaking quickly.
Big Idea No. 1: To upskill your staff with experiences that will prepare them for a catastrophe, consider a cyber range.
MSSPs and enterprise SOCs are unwittingly being held back from delivering the best service experience because they are focused on the prevention of security incidents–as they should–but are ill-prepared when a major security event happens.
The problem with all this is that MSSPs and enterprise SOCs are not in the incident response simulation training business. It’s just not a core element to their charters. But, it should be. For MSSPs to ignore incident response simulation training is to overlook a true differentiator of their offering. By adding “SOC Analysts Stress Testing” to their customer marketing, it will ensure that they stand out from the competition. Enterprise SOC teams also will gain tremendous benefit from simulation training, allowing for cooler heads during time of crisis.
Cyber ranges are typically places to run these exercises along with exposure to various malware and exploits that can be detonated in a virtual environment. These are places where you can not only experience incident response simulation training, but also try your hand at defending a network from compromise in real time.
Big Idea No. 2: Virtualize your network to experience an accurate attack simulation.
Having established the need for incident response simulation training for MSSPs and enterprise SOCs, the next question might be: How can I perform incident response simulation on a network that looks and behaves similarly to the one I have?
Well, as it turns out, a new category of technology is now available. We’ve covered the need for incident response simulation training for “security events” that are focused on various attack scenarios presented, but what about technical scenarios? What if a major vendor’s SIEM, network, and storage were virtually built for you to experience multiple attacks to see how they looked and felt? This would be a game changer, giving you the ability to devise a plan of attack before one happens.
This type of attack on a technical environment provides tremendous value as it can be consumed from either inside the cyber range or across the internet. Since it’s a virtual instance, the technical environment can be spun up and down in minutes, but its reach and efficacy are vast.
Tying It All Together
Tech Data’s new Cyber Range is a dream come true for channel partners. Since it’s built inside of a technology distribution company:
- It’s optimized for training on many of the security technologies available through Tech Data.
- It can demonstrate security vendor technologies in real time to see how they work against cyberthreats.
- It’s purpose-built to upskill cybersecurity workers across all channels and verticals (MSPs, MSSPs, SLED, fed, channel partners, healthcare, large enterprise, etc.).
- Channel partners of all types can hold events, conferences and training classes as an extension of their security practices to their end customers.
This guest blog is part of a Channel Futures sponsorship.