Top 5 Challenges in Providing Managed Security
Challenges in the security spectrum are shifting and evolving on a daily basis. It’s a minefield out there, with new threats popping out of the woodwork so often and with such ferocity it can make providers’ heads spin.
There are many factors that contribute to the headaches MSSPs encounter in this arena. We sat down with Mike Manske, senior architect, performance services at West Monroe Partners, to get his insight and expertise on the numerous managed security services hurdles.
- Finding and maintaining security talent. “There is a shortage in the market of qualified security candidates; therefore, recruiting and retaining these individuals is a huge challenge. West Monroe has found success by recruiting candidates internally and developing a comprehensive training program to train our security operations center analysts.”
- Changing the way organizations consume IT. “Many organizations are moving to SaaS-based cloud applications, which do not integrate into traditional security monitoring tools managed by MSSPs. This leaves the managed service provider managing multiple security tools, or more often, a gap in coverage and visibility into security threats.”
- Limited capabilities to provide threat hunting and incident response services. “Many MSSPs only provide security log monitoring services, which doesn’t exactly allow MSSPs to provide a deeper level of security incident investigations. This can frustrate clients, who may feel the alerts are not meaningful and that the MSSP is putting the burden of investigation on the client. MSSPs need to integrate into client processes (i.e. change management, access management [and so on]) and have access to security tools (for example, CMDB, Microsoft Cloud App Security, endpoint protection) to eliminate false positives and provide meaningful alerts to clients.”
- Determining roles, responsibilities and scope of managed security services. “The market is flooded with security tools claiming to protect businesses from the next security threat; however, each one of these security tools needs to be managed and maintained, and it’s hard to draw the line of responsibilities between the managed services provider and internal IT. If not defined, this usually means no one is managing the security tools, and when a breach occurs, clients usually assume the security tools are in scope and managed by the MSSP.”
- MSSP services not integrating well with existing tools. “MSSP services are built on specific security solutions and sometimes don’t integrate well with clients’ existing tools. Since these MSSP tools don’t have visibility into all security logs or environments, the alerts generated by the MSSP may contain false-positives which force the client to do security investigations internally. This can lead to the client questioning the value of the MSSP, which is certainly something to avoid.”