Light Dark
September 6, 2019 By Spencer Ingram 4 min read
Security Services

As organizations evolve their security programs, the complexity of their security environments grow. Complexity and change require an entirely new approach for the modern security operations center (SOC). According to Gartner, by 2022, 50 percent of all SOCs will transform into modern operations centers with integrated incident response, threat intelligence and proactive threat hunting capabilities, up from less than 10 percent in 2015.

Security and risk leaders are looking for a partner to help them build in-house capabilities or outsource them altogether. As a result, the overall market for managed security services (MSS) is in a rapid state of evolution from traditional monitoring and management to more advanced, artificial intelligence (AI)-led (but human-driven) security services. Not to mention, companies are undergoing organizationwide digital transformation initiatives that require an entirely new approach to security across hybrid multicloud platforms.

What Needs to Change to Modernize Managed Security Services?

Traditionally, managed security service providers (MSSPs) have focused on the highest volume of log monitoring and alerting with a lack of context into investigations and a perimeter-focused defense. Traditional security service providers offer limited to no transparency into their investigations or context to define what gets escalated and what does not; they have become a black box. As attack vectors evolve and the volume and veracity of data increase, MSSPs are now at a pivotal moment in security. It is a question of evolving or becoming irrelevant to your clients.

Let’s dive a little deeper into three areas where your MSSP should be driving toward managed security modernization.

1. Managed Detection and Response (MDR)

One of the most significant changes for traditional managed security service providers involves managed detection and response capabilities. According to Gartner, more than 25 percent of organizations will be using managed detection and response (MDR) services by 2024, and 40 percent of midsize enterprises will use MDR as their only managed security service. Client demand for more proactive response and remediation is a major driving factor.

With traditional managed security services, the focus has been on log management, threat intelligence, compliance and device management. On the other hand, MDR is focused on a proactive approach to detecting and managing security events through to remediation, thereby limiting the impact of a security event.

MDR incorporates a balanced approach between human expertise and analysis and AI and machine learning (ML) to accelerate detection and response. Improving these two key areas means an attacker will spend less time in an environment and potentially induce less damage. In addition, the human expertise behind MDR enables the organization to proactively hunt threats and identify the tools and techniques that adversaries are using to attack organizations.

2. AI-Driven Security Management

AI and ML are critical areas of growth for next-generation MSSPs. According to Forrester, 64 percent of enterprise security decision-makers are concerned about cybercriminals using AI. Moreover, 54 percent of enterprises are implementing or expanding AI capabilities by hiring or outsourcing to an AI expert.

Security and risk leaders must familiarize themselves with the building blocks of AI technologies and security research. The first reason is that threat actors are actively leveraging AI and ML to target organizations and find massive data sets of personally identifiable information (PII). Secondly, without real-time security analytics and management through the use of AI and ML, organizations are unable to obtain contextual, meaningful insights in their security posture as they grapple with an ever-increasing volume of alerts.

Technologies such as the internet of things (IoT) and operational technology (OT) have also added more devices and data to the security ecosystem. These reflect a new threat landscape, one that many CISOs have not had to deal with securing before. As the volume and veracity of data increases, managed security providers need AI to increase their detection, response and remediation.

AI and ML allow third-party security providers to sift through the noise and effectively reduce false positives for their clients. AI-driven security management helps analysts quickly analyze large data sets and correlate data, allowing analysts to find potential threats and unusual behaviors before quickly escalating.

AI and ML also help accelerate response, reducing the time it takes to complete an investigation from days or months to just a few hours or even minutes. AI and ML-powered detection and response can leverage data and insights from previous attacks to help identify similar characteristics in new threats.

3. Turning Compliance and Risk Into Actionable Insights

Organizations not only face complexity with the security landscape, but also with compliance and regulatory requirements. Top barriers to managing risk include increasing costs, the struggle to find the right technology, and a lack of expertise and staff to manage risk and compliance functions properly.

Security and risk leaders often tell us they find it difficult to quantify and report on organizational risk. They either do not have the right context in terms of the risk or they’re unsure how to handle new regulations.

Modern MSSPs need to bring meaningful compliance and risk management to the forefront in every engagement with the client. To do so, the modern MSSP should be synthesizing telemetry from incidents, correlation data, and vulnerability and threat intelligence to help clients assess, detect, and prioritize new and existing risks. The service provider needs to understand the business as a partner to help the client stay informed with relevant business information.

Security Rules Were Meant to Be Broken

Today’s modern security landscape requires an entirely new approach to security rules. Managed security providers should constantly be looking to stay ahead of the threats and risks posed for their clients.

Emerging threats, risks and new technologies can create uncertainty. A global, modern security partner can help your organization manage enterprise security functions and free up your security staff to focus on overall program oversight.

Download our latest MSSP buyer’s guide

 |  |  |  |  |  |  | 
Spencer Ingram
Vice president, global managed security services (MSS), IBM Security

More from Security Services
July 11, 2024

39% of MSPs report major setbacks when adapting to advanced security technologies

4 min read - SOPHOS, a leading global provider of managed security solutions, has recently released its annual MSP Perspectives report for 2024. This most recent report provides insights from 350 different managed service providers (MSPs) across the United States, United Kingdom, Germany and Australia on modern cybersecurity tools solutions. It also documents newly discovered risks and challenges in the industry.Among the many findings of this most recent report, one of the most concerning trends is the difficulties MSPs face when adapting their service…

July 9, 2024

A decade of global cyberattacks, and where they left us

5 min read - The cyberattack landscape has seen monumental shifts and enormous growth in the past decade or so.I spoke to Michelle Alvarez, X-Force Strategic Threat Analysis Manager at IBM, who told me that the most visible change in cybersecurity can be summed up in one word: scale. A decade ago, “'mega-breaches' were relatively rare, but now feel like an everyday occurrence.”A summary of the past decade in global cyberattacksThe cybersecurity landscape has been impacted by major world events, especially in recent years.…

May 17, 2024

How a new wave of deepfake-driven cyber crime targets businesses

5 min read - As deepfake attacks on businesses dominate news headlines, detection experts are gathering valuable insights into how these attacks came into being and the vulnerabilities they exploit. Between 2023 and 2024, frequent phishing and social engineering campaigns led to account hijacking and theft of assets and data, identity theft, and reputational damage to businesses across industries. Call centers of major banks and financial institutions are now overwhelmed by an onslaught of deepfake calls using voice cloning technology in efforts to break…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature