As organizations evolve their security programs, the complexity of their security environments grow. Complexity and change require an entirely new approach for the modern security operations center (SOC). According to Gartner, by 2022, 50 percent of all SOCs will transform into modern operations centers with integrated incident response, threat intelligence and proactive threat hunting capabilities, up from less than 10 percent in 2015.

Security and risk leaders are looking for a partner to help them build in-house capabilities or outsource them altogether. As a result, the overall market for managed security services (MSS) is in a rapid state of evolution from traditional monitoring and management to more advanced, artificial intelligence (AI)-led (but human-driven) security services. Not to mention, companies are undergoing organizationwide digital transformation initiatives that require an entirely new approach to security across hybrid multicloud platforms.

What Needs to Change to Modernize Managed Security Services?

Traditionally, managed security service providers (MSSPs) have focused on the highest volume of log monitoring and alerting with a lack of context into investigations and a perimeter-focused defense. Traditional security service providers offer limited to no transparency into their investigations or context to define what gets escalated and what does not; they have become a black box. As attack vectors evolve and the volume and veracity of data increase, MSSPs are now at a pivotal moment in security. It is a question of evolving or becoming irrelevant to your clients.

Let’s dive a little deeper into three areas where your MSSP should be driving toward managed security modernization.

1. Managed Detection and Response (MDR)

One of the most significant changes for traditional managed security service providers involves managed detection and response capabilities. According to Gartner, more than 25 percent of organizations will be using managed detection and response (MDR) services by 2024, and 40 percent of midsize enterprises will use MDR as their only managed security service. Client demand for more proactive response and remediation is a major driving factor.

With traditional managed security services, the focus has been on log management, threat intelligence, compliance and device management. On the other hand, MDR is focused on a proactive approach to detecting and managing security events through to remediation, thereby limiting the impact of a security event.

MDR incorporates a balanced approach between human expertise and analysis and AI and machine learning (ML) to accelerate detection and response. Improving these two key areas means an attacker will spend less time in an environment and potentially induce less damage. In addition, the human expertise behind MDR enables the organization to proactively hunt threats and identify the tools and techniques that adversaries are using to attack organizations.

2. AI-Driven Security Management

AI and ML are critical areas of growth for next-generation MSSPs. According to Forrester, 64 percent of enterprise security decision-makers are concerned about cybercriminals using AI. Moreover, 54 percent of enterprises are implementing or expanding AI capabilities by hiring or outsourcing to an AI expert.

Security and risk leaders must familiarize themselves with the building blocks of AI technologies and security research. The first reason is that threat actors are actively leveraging AI and ML to target organizations and find massive data sets of personally identifiable information (PII). Secondly, without real-time security analytics and management through the use of AI and ML, organizations are unable to obtain contextual, meaningful insights in their security posture as they grapple with an ever-increasing volume of alerts.

Technologies such as the internet of things (IoT) and operational technology (OT) have also added more devices and data to the security ecosystem. These reflect a new threat landscape, one that many CISOs have not had to deal with securing before. As the volume and veracity of data increases, managed security providers need AI to increase their detection, response and remediation.

AI and ML allow third-party security providers to sift through the noise and effectively reduce false positives for their clients. AI-driven security management helps analysts quickly analyze large data sets and correlate data, allowing analysts to find potential threats and unusual behaviors before quickly escalating.

AI and ML also help accelerate response, reducing the time it takes to complete an investigation from days or months to just a few hours or even minutes. AI and ML-powered detection and response can leverage data and insights from previous attacks to help identify similar characteristics in new threats.

3. Turning Compliance and Risk Into Actionable Insights

Organizations not only face complexity with the security landscape, but also with compliance and regulatory requirements. Top barriers to managing risk include increasing costs, the struggle to find the right technology, and a lack of expertise and staff to manage risk and compliance functions properly.

Security and risk leaders often tell us they find it difficult to quantify and report on organizational risk. They either do not have the right context in terms of the risk or they’re unsure how to handle new regulations.

Modern MSSPs need to bring meaningful compliance and risk management to the forefront in every engagement with the client. To do so, the modern MSSP should be synthesizing telemetry from incidents, correlation data, and vulnerability and threat intelligence to help clients assess, detect, and prioritize new and existing risks. The service provider needs to understand the business as a partner to help the client stay informed with relevant business information.

Security Rules Were Meant to Be Broken

Today’s modern security landscape requires an entirely new approach to security rules. Managed security providers should constantly be looking to stay ahead of the threats and risks posed for their clients.

Emerging threats, risks and new technologies can create uncertainty. A global, modern security partner can help your organization manage enterprise security functions and free up your security staff to focus on overall program oversight.

Download our latest MSSP buyer’s guide

More from Security Services

5 Golden Rules of Threat Hunting

When a breach is uncovered, the operational cadence includes threat detection, quarantine and termination. While all stages can occur within the first hour of discovery, in some cases, that's already too late.Security operations center (SOC) teams monitor and hunt new threats continuously. To ward off the most advanced threats, security teams proactively hunt for ones that evade the dashboards of their security solutions.However, advanced threat actors have learned to blend in with their target's environment, remaining unnoticed for prolonged periods. Based…

Everyone Wants to Build a Cyber Range: Should You?

In the last few years, IBM X-Force has seen an unprecedented increase in requests to build cyber ranges. By cyber ranges, we mean facilities or online spaces that enable team training and exercises of cyberattack responses. Companies understand the need to drill their plans based on real-world conditions and using real tools, attacks and procedures. What’s driving this increased demand? The increase in remote and hybrid work models emerging from the COVID-19 pandemic has elevated the priority to collaborate and…

An IBM Hacker Breaks Down High-Profile Attacks

On September 19, 2022, an 18-year-old cyberattacker known as "teapotuberhacker" (aka TeaPot) allegedly breached the Slack messages of game developer Rockstar Games. Using this access, they pilfered over 90 videos of the upcoming Grand Theft Auto VI game. They then posted those videos on the fan website Gamers got an unsanctioned sneak peek of game footage, characters, plot points and other critical details. It was a game developer's worst nightmare. In addition, the malicious actor claimed responsibility for a…

Log4j Forever Changed What (Some) Cyber Pros Think About OSS

In late 2021, the Apache Software Foundation disclosed a vulnerability that set off a panic across the global tech industry. The bug, known as Log4Shell, was found in the ubiquitous open-source logging library Log4j, and it exposed a huge swath of applications and services. Nearly anything from popular consumer and enterprise platforms to critical infrastructure and IoT devices was exposed. Over 35,000 Java packages were impacted by Log4j vulnerabilities. That’s over 8% of the Maven Central repository, the world’s largest…