Security Roundup: ThreatConnect, SolarWinds, Continuum, 365 Data Centers
When it comes cybersecurity, many organizations, especially large companies, are unlikely to choose a single MSSP to fulfill all of their needs.
Instead, they’re likely to work with a number of MSSPs based on each MSSP’s expertise in individual capabilities. And coordinating and integrating those MSSPs into their business will present a challenge.
That’s according to Adam Vincent, CEO of ThreatConnect, a security operations and analytics platform. He said working with MSSPs is like maintaining a car. If you don’t maintain your tires, it is bad for your car’s health. In that same vein, if the MSSPs are plugged and forgotten, the organization’s security will take a beating.
Vincent spoke with us about the issues involved in working with MSSPs.
MSSPs deploy ThreatConnect as their primary platform to aggregate and analyze threat intelligence, and then automatically act on validated threat intelligence. With ThreatConnect’s API, MSSPs can integrate their ThreatConnect instance with their customers’ security infrastructure and push rules to their endpoint protection devices.
“I believe that the ultimate future of security is going to be akin to what happened to IT,” Vincent said. “Over the course of many, many years, many processes within the IT organization have become commodities and been outsourced to a variety of companies. There’s some things that had to happen for that to take place. One, the company needed to know what drives their bottom line, what kinds of processes they needed to produce in order to become a more effective business. Two, they needed to have people that do those processes for some length of time so that they truly understand what the process requirements are and how to do them at scale. And three, once they had the process down and they knew they were doing it correctly, then they likely looked to outsource it.”
Security is nowhere near being able to “just throw everything to an MSSP,” Vincent said. Instead, an MSSP likely will be focused on a particular aspect of a security program, whether monitoring, threat hunting or email phishing protection, he said.
“If you think about how the rest of the business has outsourced parts of their processes, they don’t go to one organization and just throw all of their requirements into some organization’s lap,” he said. “They have multiple MSSPs that do different things. If you have a car, you have your favorite place that you go for tires and your favorite place you go for cleaning your car, and there’s a best-of-breed aspect of that.”
The future of security is going to be more and more things moving to MSSPs, but that’s going to drive a requirement to understand the full aspect of the security program, Vincent said.
“You’re not going to throw your security program to an MSSP as much as you’re going to throw aspects of your security program to multiple MSSPs, and you’re going to coordinate them,” he said. ” It might even require MSSPs to work together across a single process. So if you had an MSSP for hunting and you had a different MSSP for monitoring, there’s a very good chance that monitoring and hunting need to be a combined process and therefore you need to technically support an integration between your different service providers.”
MSSPs are going to be a force within the cybersecurity industry, but what’s ultimately going to happen is …