July 28, 2020 By Spencer Ingram 4 min read

Managed security service providers (MSSPs) can speed up detection and response capabilities in complex, distributed security environments.

However, many traditional managed security providers simply act as alert factories that collect log data and spit out low-value alerts. These increase the workload on their clients’ security teams rather than offloading work and enhancing their security posture. In addition to this alert fatigue, more problems pile up. Fragmented tools, increases in the attack surface and the complexity of response to a threat all create additional strain on security teams today. Conversely, quality MSSP can streamline the entire pipeline.

In Forrester’s new report The Forrester Wave: Global Managed Security Services Providers, Q3 2020, the independent research firm mentioned that “MSSPs have attempted to solve the alert-factory problem by adopting the philosophy that any problem that exists can be solved by managed detection and response (MDR).”

A significant client driver we see today is a focus on managed detection and response (MDR) capabilities. Essentially, this technique moves beyond log collection and alerting to more proactive response, remediation and threat hunting. The goal is to detect threat actors faster. Therefore, teams can limit the impact of security incidents as they move across the threat management lifecycle.

Download a copy of the report

Increasing Speed and Precision With a MSSP

With so many disconnected and fragmented security tools, it’s not surprising that complexity and inefficiency arise during the threat management lifecycle. Security analysts simply have too many tools to use to quickly triage and respond to threats. In the 2020 Ponemon Institute Study The Cyber Resilient Organization, organizations deploy more than 45 security solutions on average and use 19 different tools when responding to a cybersecurity incident. This study also found that there’s actually an adverse effect when using more security solutions and technologies to detect, prevent, contain and respond to incidents. More tools can mean your analysts spend too much time in any one stage of the threat management lifecycle.

Analysts must monitor and manage the intricacies of these environments with speed and precision. Doing so is an imperative within dynamic and evolving security environments. Teams can bring together best-of-breed technologies and best-of-suite platforms with the right MSSP to deliver an all-in-one, integrated security experience.

Questions to Ask

For now, you might have one vendor covering your vulnerability scanning, another for security information and event management (SIEM), and still another vendor for your identity and access management (IAM) program. These systems and tools rarely connect and talk to one another. Security leaders are left without answers to the following:

  • Are we getting the right telemetry across all these systems and tools?
  • Are our best-of-breed solutions offering a broader picture of our security program?
  • How do we use orchestration and integration to unify our offense and defense?
  • Are we covering the new perimeterless environment with a multitude of endpoints?

Security leaders and their teams need to see the sum of the parts to understand the entirety of their environment. Without this broader perspective, you’re not getting the right context the way you might with a MSSP and could miss insights needed to rapidly make decisions.

Combining Best-of-Breed and Best-in-Suite in MSS

Comparatively, best-of-suite solutions can combine multiple tools into one. A best-of-suite MSS provider may provide multiple security solutions into a single unified console. The solution should provide threat intelligence, incident response, vulnerability, artificial intelligence (AI) and machine learning (ML) enhancement on workflows, for on-premise, as well as your multicloud security visibility. However, the selection of tools and technologies is at the discretion of the provider’s security suite.

This approach means the security team has one source of truth when handling incidents. Rather than switching between multiple provider’s security applications, your team works in a single interface and ecosystem to triage threats.

Benefits of All-in-One MSS

According to Forrester’s 2020 Now Tech report, “security leaders can’t build and maintain teams focused on detection, investigation, compliance, risk, regulatory requirements and more. MSSPs exist to offset some of the workload, and leaders must use them for their programs to succeed.”

For example, maybe outsource the threat and vulnerability management lifecycle to a security partner but focus your in-house resources on pandemic response or that key strategic, transformative project.

The right all-in-one managed security platform offers unmatched intellectual property (IP) and assets, like AI and ML, to filter out the noise your team may be experiencing. It also offers opportunities to speed up your detection and response. This is a chance to bring clarity and direction to overwhelmed security teams. Some MSSPs have developed partnership-based bundles that include consulting services and technology that can help speed up your initiatives across networks, hybrid cloud, data and app, identity and more.

Global and in-region support are possible from this approach, as well. Your team benefits from global scalability, better data sovereignty and regionalized architecture and the capabilities of local security operations centers. Moreover, an all-in-one MSS model gives your team more individualized attention through staff training opportunities to level up their skills.

Legacy MSSPs are Missing the Future

Finally, an all-in-one MSSP that has been in the business for at least 10 or more years is likely a stable and established business. It’s unlikely that the MSSP is going to get acquired or end support any time soon. The organization likely services thousands of clients and analyzes billions of security events across industries, which allows you deeper insights into current global threats. These types of providers can offer unmatched knowledge-sharing and expertise from working on major security flaws and zero-days that have impacted clients over the last several decades. That kind of expertise and knowledge can be invaluable for your team in gaining better insights and decision making in the operations center.

IBM Named a Leader in Global Managed Security Services

Forrester named IBM as a leader in its new report, The Forrester Wave™: Global Managed Security Services Providers (MSSPs), Q3 2020. Only four vendors were ranked as a leaders out of the 15 evaluated vendors in the MSSP space.

According to the Forrester report, “IBM’s portfolio of intellectual property now directly benefits its MSS clients, something mentioned as a strength by client references.”

We believe Forrester’s evaluation validates our goal to provide a next generation, all-in-one MSS solution. This solution brings together the best of IBM’s proprietary technology (AI and ML) and an ecosystem of best-of-breed technologies. At best, it can speed up our customer’s detection and response capabilities for today’s fast-paced and distributed enterprise environments.

Download a copy of the report

 

 

 

More from Security Services

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Ermac malware: The other side of the code

6 min read - When the Cerberus code was leaked in late 2020, IBM Trusteer researchers projected that a new Cerberus mutation was just a matter of time. Multiple actors used the leaked Cerberus code but without significant changes to the malware. However, the MalwareHunterTeam discovered a new variant of Cerberus — known as Ermac (also known as Hook) — in late September of 2022.To better understand the new version of Cerberus, we can attempt to shed light on the behind-the-scenes operations of the…

ITG05 operations leverage Israel-Hamas conflict lures to deliver Headlace malware

12 min read - As of December 2023, IBM X-Force has uncovered multiple lure documents that predominately feature the ongoing Israel-Hamas war to facilitate the delivery of the ITG05 exclusive Headlace backdoor. The newly discovered campaign is directed against targets based in at least 13 nations worldwide and leverages authentic documents created by academic, finance and diplomatic centers. ITG05’s infrastructure ensures only targets from a single specific country can receive the malware, indicating the highly targeted nature of the campaign. X-Force tracks ITG05 as…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today