As organizations evolve their security programs, the complexity of their security environments grow. Complexity and change require an entirely new approach for the modern security operations center (SOC). According to Gartner, by 2022, 50 percent of all SOCs will transform into modern operations centers with integrated incident response, threat intelligence and proactive threat hunting capabilities, up from less than 10 percent in 2015.
Security and risk leaders are looking for a partner to help them build in-house capabilities or outsource them altogether. As a result, the overall market for managed security services (MSS) is in a rapid state of evolution from traditional monitoring and management to more advanced, artificial intelligence (AI)-led (but human-driven) security services. Not to mention, companies are undergoing organizationwide digital transformation initiatives that require an entirely new approach to security across hybrid multicloud platforms.
What Needs to Change to Modernize Managed Security Services?
Traditionally, managed security service providers (MSSPs) have focused on the highest volume of log monitoring and alerting with a lack of context into investigations and a perimeter-focused defense. Traditional security service providers offer limited to no transparency into their investigations or context to define what gets escalated and what does not; they have become a black box. As attack vectors evolve and the volume and veracity of data increase, MSSPs are now at a pivotal moment in security. It is a question of evolving or becoming irrelevant to your clients.
Let’s dive a little deeper into three areas where your MSSP should be driving toward managed security modernization.
1. Managed Detection and Response (MDR)
One of the most significant changes for traditional managed security service providers involves managed detection and response capabilities. According to Gartner, more than 25 percent of organizations will be using managed detection and response (MDR) services by 2024, and 40 percent of midsize enterprises will use MDR as their only managed security service. Client demand for more proactive response and remediation is a major driving factor.
With traditional managed security services, the focus has been on log management, threat intelligence, compliance and device management. On the other hand, MDR is focused on a proactive approach to detecting and managing security events through to remediation, thereby limiting the impact of a security event.
MDR incorporates a balanced approach between human expertise and analysis and AI and machine learning (ML) to accelerate detection and response. Improving these two key areas means an attacker will spend less time in an environment and potentially induce less damage. In addition, the human expertise behind MDR enables the organization to proactively hunt threats and identify the tools and techniques that adversaries are using to attack organizations.
2. AI-Driven Security Management
AI and ML are critical areas of growth for next-generation MSSPs. According to Forrester, 64 percent of enterprise security decision-makers are concerned about cybercriminals using AI. Moreover, 54 percent of enterprises are implementing or expanding AI capabilities by hiring or outsourcing to an AI expert.
Security and risk leaders must familiarize themselves with the building blocks of AI technologies and security research. The first reason is that threat actors are actively leveraging AI and ML to target organizations and find massive data sets of personally identifiable information (PII). Secondly, without real-time security analytics and management through the use of AI and ML, organizations are unable to obtain contextual, meaningful insights in their security posture as they grapple with an ever-increasing volume of alerts.
Technologies such as the internet of things (IoT) and operational technology (OT) have also added more devices and data to the security ecosystem. These reflect a new threat landscape, one that many CISOs have not had to deal with securing before. As the volume and veracity of data increases, managed security providers need AI to increase their detection, response and remediation.
AI and ML allow third-party security providers to sift through the noise and effectively reduce false positives for their clients. AI-driven security management helps analysts quickly analyze large data sets and correlate data, allowing analysts to find potential threats and unusual behaviors before quickly escalating.
AI and ML also help accelerate response, reducing the time it takes to complete an investigation from days or months to just a few hours or even minutes. AI and ML-powered detection and response can leverage data and insights from previous attacks to help identify similar characteristics in new threats.
3. Turning Compliance and Risk Into Actionable Insights
Organizations not only face complexity with the security landscape, but also with compliance and regulatory requirements. Top barriers to managing risk include increasing costs, the struggle to find the right technology, and a lack of expertise and staff to manage risk and compliance functions properly.
Security and risk leaders often tell us they find it difficult to quantify and report on organizational risk. They either do not have the right context in terms of the risk or they’re unsure how to handle new regulations.
Modern MSSPs need to bring meaningful compliance and risk management to the forefront in every engagement with the client. To do so, the modern MSSP should be synthesizing telemetry from incidents, correlation data, and vulnerability and threat intelligence to help clients assess, detect, and prioritize new and existing risks. The service provider needs to understand the business as a partner to help the client stay informed with relevant business information.
Security Rules Were Meant to Be Broken
Today’s modern security landscape requires an entirely new approach to security rules. Managed security providers should constantly be looking to stay ahead of the threats and risks posed for their clients.
Emerging threats, risks and new technologies can create uncertainty. A global, modern security partner can help your organization manage enterprise security functions and free up your security staff to focus on overall program oversight.
Download our latest MSSP buyer’s guide
Vice president, global managed security services (MSS), IBM Security
Spencer Ingram is Vice president, global managed security services (MSS) within IBM Security. Spencer leads market-leading delivery capabilities within multi...