https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

Security


Virus warning

Achieving Zero False Positives with Security Automation

  • Written by Vendor
  • September 5, 2017
-Kumar Saurabh | LogicHub If not managed properly, security monitoring can spiral out of control, swamping MSPs with busy work and escalating labor costs.

Over the past few years, there’s been a constant and growing drumbeat of news stories about data breaches, phishing and ransomware.

Organizations are recognizing they lack the time and expertise to implement state-of-the-art security monitoring and threat investigations themselves.

Not surprisingly, many of these organizations are turning to their MSPs for help.

Security monitoring can be a growing business for MSPs, but it brings with it some significant challenges and risks.

If not managed properly, security monitoring can spiral out of control, swamping MSPs with busy work and escalating labor costs.

Poorly managed security monitoring also introduces the risk of customers blaming MSPs when data breaches and other serious security incidents occur.

Too Many False Positives  

A key reason security monitoring is so costly is due to the large amount of “noise” generated by false positives from security systems.

To understand why, let’s walk through what typically happens when an MSP begins security monitoring for a customer.  

First, an MSP deploys a Security Information and Event Management (SIEM) system, which collects and analyzes log events and alerts from systems and applications on customer sites.

Suddenly they start receiving hundreds, if not thousands, of alerts every day.

A large majority of these are false positives, but each alert still must be manually investigated to filter the good from the bad.

A big part of what’s missing from nearly all SIEM systems is local, in-depth knowledge about the customer’s context— information that would help greatly in distinguishing false positive alerts from genuine alerts that merit attention.

As a result, your analysts tend to stop paying full attention to every alert, and can potentially miss the small percentage of alerts that were early indicators of an incident.

Getting To Zero False Positives – Mission Impossible?  

We propose MSPs set an audacious goal for security monitoring: aim to reduce the number of false positives to zero.

To streamline the number of alerts, the MSP can program the SIEM with rules for ignoring certain types of alerts.

However, SIEM rules tend to be simplistic since they can’t account for the context in which an alert occurred.

The slightest irregularities in employee behavior can send security analysts scurrying to their screens, looking for signs of a threat.

Even threat intelligence data feeds, which are meant to assist SIEMs in identifying threats that have been detected on other sites, are unable to stay sufficiently up to date or help with fast-breaking trends.

By definition they can’t help with Zero Day, or previously unseen, threats at all.

Without good contextual information, an MSP has no choice but to wade through an ever-expanding list of alerts by hiring an ever-expanding team of security analysts.

This is assuming these analysts can even be found, vetted and recruited.

How should MSPs solve this problem of collecting and applying contextual information to reduce false positives?

With intelligent automation.

Not All Automation Is Created Equal

There are two types of automation for security monitoring and threat detection: robotic and cognitive.

Robotic automation is useful for the repetitive steps that require minimal decision-making.

For example, robotic automation can be used to perform routine case creation and permission-checking after an incident is detected.

Cognitive automation is much more advanced and uses machine learning to automate tasks that require decision-making.

Hence, it’s perfect for threat detection activities such as performing triage on security alerts and threat hunting.

A “smart” security automation system uses cognitive automation to gain contextual awareness of a customer site and then makes decisions (such as threat-scoring) based on deep correlation across multiple data sources.

The system accepts feedback from security analysts, who can rate or correct its decisions, ultimately helping the system become more accurate over time.

Unlike “black box” security solutions, this solution is programmable and analyzable.

Its decisions can be examined and understood.

Security analysts are never left wondering why the system made the decision it did when it dismissed or elevated an alert.

Such a system can accurately triage alerts at scale, causing the number of false positives to plummet.

This automated approach reduces most of the manual investigation work that keeps security analysts overwhelmed and MSP owners awake at night.

Mission Accomplished, Almost

Can such a system reduce false positives to zero?

Not yet.

However, we work with customers who successfully reduced the number of false positives by 90 percent—no menial feat.

Reaching zero false positives—an unimaginable goal even a few years ago—now seems within reach with the next generation of cognitive security solutions.

For MSPs, reducing false positives by 90 percent is a tremendous competitive advantage, saving time and improving margins, but most importantly enabling much better security for their customers.

Our advice to MSPs is to welcome customers seeking help with security monitoring. By deploying both SIEM and cognitive automation systems, MSPs can aim for zero false positives and reap the benefits of a growing business and satisfied customers.

 

Kumar Saurabh is co-founder and CEO of security intelligence automation platform LogicHub. He has 15 years of experience in the enterprise security and log management space leading product development efforts at ArcSight and SumoLogic, which he left to co-found LogicHub.

Tags: Cloud Service Providers Digital Service Providers MSPs VARs/SIs Security Strategy

Related


  • VDI
    TA Associates to Acquire Virtual Desktop OS Provider IGEL
    Microsoft and HP veteran Bill Veghte will become IGEL’s executive chairman.
  • Cloud security
    IT Facing Major Security Issues, But Cloud Security May Be Most Immense
    A number of reports point to security problems within client environments, but cloud could be the biggest.
  • Technical Know-How
    Companies Seek IT Security Resellers with Technical Know-How
    Providers can offer managed services to fill customers' cyber-defense needs.
  • diverse group of businesspeople
    HP Calls on Partners to Embrace Its Sustainable Impact Initiative
    Amplify Impact enables partners to address sustainability, diversity and inclusion.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Cisco Second Quarter: Profit Slips, Revenue Flat
  • Diversity and Inclusion Survey Results Point to a Still-Growing Channel
  • Channel Survey: Sales and Marketing, Analytics Are Significant Challenges
  • AppDirect Eyes System Integrators, Launches Program

Galleries

View all

Threat Protection Vendors: Why MSSPs Have to Ramp Up Efforts Right Now

February 23, 2021

Industry Perspectives

View all

Three Ways MSPs Can Improve Supply Chain Security

February 24, 2021

SASE: The Key to Mitigating Business Transformation Risk

February 22, 2021

Public Sector IT Funding Outlook for 2021–and What It Means for Our Reseller Partners

February 18, 2021

Webinars

View all

XDR and Why it Matters to MSPs

March 24, 2021

Top Security Trends Impacting Technology Security Providers In 2021

March 25, 2021

In Case of Emergency: The Importance of Proactive Critical Event Management

February 23, 2021
  • 1

White Papers

View all

Kaspersky Endpoint Detection and Response Optimum

February 19, 2021

Product Brief: Kaseya VSA Integrated Workflows with BMS and IT Glue

January 26, 2021

Why Subscription Business Model

January 15, 2021

Upcoming Events

View all

Channel Partners Virtual

March 2, 2021 - March 4, 2021

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

.@BlackBerry report shows rise in hacker-for-hire groups targeting #MSSPs. dlvr.it/RtQjD9 https://t.co/VYr5cEXCCm

February 25, 2021
ChannelFutures

.@PTsecurity_UK discovers #vulnerabilities in @VMware vCenter server. dlvr.it/RtQjD5 https://t.co/WQbn5SJdFL

February 25, 2021
ChannelFutures

Take #supplychainsecurity to the next level. @Sophos #MSP #MSSP #ransomware #cybersecurity #managedservice… twitter.com/i/web/status/1…

February 25, 2021
ChannelFutures

[email protected]_inc rolls out first partner program. #securityanalytics dlvr.it/RtQhlW https://t.co/c1Xhxaf3qr

February 25, 2021
ChannelFutures

.@AteraCloud receives $25 million investment to help more #MSPs, IT pros. dlvr.it/RtPbBG https://t.co/UxHqhrUKgx

February 24, 2021
ChannelFutures

.@Infoblox rolls out new #Cloud Specialization program to increase partners' #SaaS sales. dlvr.it/RtPb7f https://t.co/CmZTwYiv1u

February 24, 2021
ChannelFutures

RT @Channel_Expo: ⏱️ Time is ticking to save on your pass to #CPVirtual next week...View all pass options and secure your virtual seat by F…

February 24, 2021
ChannelFutures

The new @Commvault #EMEA channel exec will focus attention on alliances, cloud and simplifying and expanding partne… twitter.com/i/web/status/1…

February 24, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X