Security Roundup: Advanced MSSP Services, Seceon, Health Care Threats and More
The new year will unleash even more cyberthreats, increasing competition and more pressure on MSSPs to deliver more advanced security services.
Further adding pressure to traditional MSSPs is the growth of the managed detection and response (MDR) category. MDR services are fueling significant growth in the managed security services (MSS) space and typically offer higher margin than traditional MSSP device-management services.
The result? MSSPs globally are maturing their models to offer more of these high-value services and grow the bottom line.
We spoke with Meny Har, vice president of product at cybersecurity company Siemplify, about the need for MSSPs to incorporate security orchestration, and endpoint detection and response (EDR) in their architecture.
As the number of necessary security sensors and alert volumes continues to rise, so does the number of MSSPs being created and brought to market, he said. There is a clear need for service providers to look at improving the quality and breadth of their service offerings to address the new threat landscape, as well as to find distinctive and unique capabilities to help differentiate themselves, he said.
“This is emphasized even more by the lack of skilled analysts that are currently available,” Har said. “EDR and security orchestration, automation and response (SOAR) platforms are key to allowing service providers to address any scope and depth of service they need, as well as differentiate themselves and provide dynamic, value-added service[s] to their prospective customers, all while requiring a lesser number of skilled analysts.”
One of the main objectives of a security orchestration platform is to bring together disparate security tools, he said. As EDR tools have become more popular, adding an integration to an EDR of choice to your security-orchestration platform has become increasingly simplified, even in a service provider’s managed service/multitenant environment, he said.
“The integration itself is quick and painless, and support for most existing EDR exists out-of-the-box,” Har said. “Advanced knowledge of the EDR itself – for example, query language – is needed only for the most advanced use cases and needs. The cost of bringing together security orchestration and EDR tools is essentially only a minimal effort on top of the EDR deployment in the [MSSP’s] customer environment.”
The more mission-critical your service, such as moving from alerting to remediation, the more “high-touch” it needs to be, he said.
“For example, a customer may be OK hearing music on the phone for 30 minutes if they need a firewall change, but not when they are hit with a ransomware account,” Har said.
As you look further into response, make sure you understand the customer process and risk tolerance for taking action on the network, he said. If you’re just sending alerts (the traditional MSSP model), everything is very similar, but when you’re remediating and taking action on the customer’s own network, some customers might want to approve the action, which can be tied directly into the playbooks and processes in the security orchestration platform, he said.
SOAR platforms and EDR tools are “very complementary” to one another and a powerful combination for a security operations center (SOC), Har said. EDR is a “powerful tool for endpoint detection and visibility, as well as a perfect conduit for context, response and remediation,” he added.
By combining both technologies, SOCs, for both enterprise and managed service providers, can:
(continued on next page)