As organizations evolve their security programs, the complexity of their security environments grow. Complexity and change require an entirely new approach for the modern security operations center (SOC). According to Gartner, by 2022, 50 percent of all SOCs will transform into modern operations centers with integrated incident response, threat intelligence and proactive threat hunting capabilities, up from less than 10 percent in 2015.

Security and risk leaders are looking for a partner to help them build in-house capabilities or outsource them altogether. As a result, the overall market for managed security services (MSS) is in a rapid state of evolution from traditional monitoring and management to more advanced, artificial intelligence (AI)-led (but human-driven) security services. Not to mention, companies are undergoing organizationwide digital transformation initiatives that require an entirely new approach to security across hybrid multicloud platforms.

What Needs to Change to Modernize Managed Security Services?

Traditionally, managed security service providers (MSSPs) have focused on the highest volume of log monitoring and alerting with a lack of context into investigations and a perimeter-focused defense. Traditional security service providers offer limited to no transparency into their investigations or context to define what gets escalated and what does not; they have become a black box. As attack vectors evolve and the volume and veracity of data increase, MSSPs are now at a pivotal moment in security. It is a question of evolving or becoming irrelevant to your clients.

Let’s dive a little deeper into three areas where your MSSP should be driving toward managed security modernization.

1. Managed Detection and Response (MDR)

One of the most significant changes for traditional managed security service providers involves managed detection and response capabilities. According to Gartner, more than 25 percent of organizations will be using managed detection and response (MDR) services by 2024, and 40 percent of midsize enterprises will use MDR as their only managed security service. Client demand for more proactive response and remediation is a major driving factor.

With traditional managed security services, the focus has been on log management, threat intelligence, compliance and device management. On the other hand, MDR is focused on a proactive approach to detecting and managing security events through to remediation, thereby limiting the impact of a security event.

MDR incorporates a balanced approach between human expertise and analysis and AI and machine learning (ML) to accelerate detection and response. Improving these two key areas means an attacker will spend less time in an environment and potentially induce less damage. In addition, the human expertise behind MDR enables the organization to proactively hunt threats and identify the tools and techniques that adversaries are using to attack organizations.

2. AI-Driven Security Management

AI and ML are critical areas of growth for next-generation MSSPs. According to Forrester, 64 percent of enterprise security decision-makers are concerned about cybercriminals using AI. Moreover, 54 percent of enterprises are implementing or expanding AI capabilities by hiring or outsourcing to an AI expert.

Security and risk leaders must familiarize themselves with the building blocks of AI technologies and security research. The first reason is that threat actors are actively leveraging AI and ML to target organizations and find massive data sets of personally identifiable information (PII). Secondly, without real-time security analytics and management through the use of AI and ML, organizations are unable to obtain contextual, meaningful insights in their security posture as they grapple with an ever-increasing volume of alerts.

Technologies such as the internet of things (IoT) and operational technology (OT) have also added more devices and data to the security ecosystem. These reflect a new threat landscape, one that many CISOs have not had to deal with securing before. As the volume and veracity of data increases, managed security providers need AI to increase their detection, response and remediation.

AI and ML allow third-party security providers to sift through the noise and effectively reduce false positives for their clients. AI-driven security management helps analysts quickly analyze large data sets and correlate data, allowing analysts to find potential threats and unusual behaviors before quickly escalating.

AI and ML also help accelerate response, reducing the time it takes to complete an investigation from days or months to just a few hours or even minutes. AI and ML-powered detection and response can leverage data and insights from previous attacks to help identify similar characteristics in new threats.

3. Turning Compliance and Risk Into Actionable Insights

Organizations not only face complexity with the security landscape, but also with compliance and regulatory requirements. Top barriers to managing risk include increasing costs, the struggle to find the right technology, and a lack of expertise and staff to manage risk and compliance functions properly.

Security and risk leaders often tell us they find it difficult to quantify and report on organizational risk. They either do not have the right context in terms of the risk or they’re unsure how to handle new regulations.

Modern MSSPs need to bring meaningful compliance and risk management to the forefront in every engagement with the client. To do so, the modern MSSP should be synthesizing telemetry from incidents, correlation data, and vulnerability and threat intelligence to help clients assess, detect, and prioritize new and existing risks. The service provider needs to understand the business as a partner to help the client stay informed with relevant business information.

Security Rules Were Meant to Be Broken

Today’s modern security landscape requires an entirely new approach to security rules. Managed security providers should constantly be looking to stay ahead of the threats and risks posed for their clients.

Emerging threats, risks and new technologies can create uncertainty. A global, modern security partner can help your organization manage enterprise security functions and free up your security staff to focus on overall program oversight.

Download our latest MSSP buyer’s guide

More from Security Services

Detecting Insider Threats: Leverage User Behavior Analytics

3 min read - Employees often play an unwitting role in many security incidents, from accidental data breaches to intentional malicious attacks. Unfortunately, most organizations don’t have the right protocols and processes to identify potential risks posed by their workforce. Based on a survey conducted by SANS Institute, 35% of respondents said they lack visibility into insider threats, while 30% said the inability to audit user access is a security blind spot in their organizations. In addition, the 2023 X-Force Threat Intelligence Index reported that…

3 min read

Poor Communication During a Data Breach Can Cost You — Here’s How to Avoid It

5 min read - No one needs to tell you that data breaches are costly. That data has been quantified and the numbers are staggering. In fact, the IBM Security Cost of a Data Breach estimates that the average cost of a data breach in 2022 was $4.35 million, with 83% of organizations experiencing one or more security incidents. But what’s talked about less often (and we think should be talked about more) is how communication — both good and bad — factors into…

5 min read

Ransomware Renaissance 2023: The Definitive Guide to Stay Safer

2 min read - Ransomware is experiencing a renaissance in 2023, with some cybersecurity firms reporting over 400 attacks in the month of March alone. And it shouldn’t be a surprise: the 2023 X-Force Threat Intelligence Index found backdoor deployments — malware providing remote access — as the top attacker action in 2022, and aptly predicted 2022’s backdoor failures would become 2023’s ransomware crisis. Compounding the problem is the industrialization of the cybercrime ecosystem, enabling adversaries to complete more attacks, faster. Over the last…

2 min read

BlackCat (ALPHV) Ransomware Levels Up for Stealth, Speed and Exfiltration

9 min read - This blog was made possible through contributions from Kat Metrick, Kevin Henson, Agnes Ramos-Beauchamp, Thanassis Diogos, Diego Matos Martins and Joseph Spero. BlackCat ransomware, which was among the top ransomware families observed by IBM Security X-Force in 2022, according to the 2023 X-Force Threat Intelligence Index, continues to wreak havoc across organizations globally this year. BlackCat (a.k.a. ALPHV) ransomware affiliates' more recent attacks include targeting organizations in the healthcare, government, education, manufacturing and hospitality sectors. Reportedly, several of these incidents resulted…

9 min read