July 28, 2020 By Spencer Ingram 4 min read

Managed security service providers (MSSPs) can speed up detection and response capabilities in complex, distributed security environments.

However, many traditional managed security providers simply act as alert factories that collect log data and spit out low-value alerts. These increase the workload on their clients’ security teams rather than offloading work and enhancing their security posture. In addition to this alert fatigue, more problems pile up. Fragmented tools, increases in the attack surface and the complexity of response to a threat all create additional strain on security teams today. Conversely, quality MSSP can streamline the entire pipeline.

In Forrester’s new report The Forrester Wave: Global Managed Security Services Providers, Q3 2020, the independent research firm mentioned that “MSSPs have attempted to solve the alert-factory problem by adopting the philosophy that any problem that exists can be solved by managed detection and response (MDR).”

A significant client driver we see today is a focus on managed detection and response (MDR) capabilities. Essentially, this technique moves beyond log collection and alerting to more proactive response, remediation and threat hunting. The goal is to detect threat actors faster. Therefore, teams can limit the impact of security incidents as they move across the threat management lifecycle.

Download a copy of the report

Increasing Speed and Precision With a MSSP

With so many disconnected and fragmented security tools, it’s not surprising that complexity and inefficiency arise during the threat management lifecycle. Security analysts simply have too many tools to use to quickly triage and respond to threats. In the 2020 Ponemon Institute Study The Cyber Resilient Organization, organizations deploy more than 45 security solutions on average and use 19 different tools when responding to a cybersecurity incident. This study also found that there’s actually an adverse effect when using more security solutions and technologies to detect, prevent, contain and respond to incidents. More tools can mean your analysts spend too much time in any one stage of the threat management lifecycle.

Analysts must monitor and manage the intricacies of these environments with speed and precision. Doing so is an imperative within dynamic and evolving security environments. Teams can bring together best-of-breed technologies and best-of-suite platforms with the right MSSP to deliver an all-in-one, integrated security experience.

Questions to Ask

For now, you might have one vendor covering your vulnerability scanning, another for security information and event management (SIEM), and still another vendor for your identity and access management (IAM) program. These systems and tools rarely connect and talk to one another. Security leaders are left without answers to the following:

  • Are we getting the right telemetry across all these systems and tools?
  • Are our best-of-breed solutions offering a broader picture of our security program?
  • How do we use orchestration and integration to unify our offense and defense?
  • Are we covering the new perimeterless environment with a multitude of endpoints?

Security leaders and their teams need to see the sum of the parts to understand the entirety of their environment. Without this broader perspective, you’re not getting the right context the way you might with a MSSP and could miss insights needed to rapidly make decisions.

Combining Best-of-Breed and Best-in-Suite in MSS

Comparatively, best-of-suite solutions can combine multiple tools into one. A best-of-suite MSS provider may provide multiple security solutions into a single unified console. The solution should provide threat intelligence, incident response, vulnerability, artificial intelligence (AI) and machine learning (ML) enhancement on workflows, for on-premise, as well as your multicloud security visibility. However, the selection of tools and technologies is at the discretion of the provider’s security suite.

This approach means the security team has one source of truth when handling incidents. Rather than switching between multiple provider’s security applications, your team works in a single interface and ecosystem to triage threats.

Benefits of All-in-One MSS

According to Forrester’s 2020 Now Tech report, “security leaders can’t build and maintain teams focused on detection, investigation, compliance, risk, regulatory requirements and more. MSSPs exist to offset some of the workload, and leaders must use them for their programs to succeed.”

For example, maybe outsource the threat and vulnerability management lifecycle to a security partner but focus your in-house resources on pandemic response or that key strategic, transformative project.

The right all-in-one managed security platform offers unmatched intellectual property (IP) and assets, like AI and ML, to filter out the noise your team may be experiencing. It also offers opportunities to speed up your detection and response. This is a chance to bring clarity and direction to overwhelmed security teams. Some MSSPs have developed partnership-based bundles that include consulting services and technology that can help speed up your initiatives across networks, hybrid cloud, data and app, identity and more.

Global and in-region support are possible from this approach, as well. Your team benefits from global scalability, better data sovereignty and regionalized architecture and the capabilities of local security operations centers. Moreover, an all-in-one MSS model gives your team more individualized attention through staff training opportunities to level up their skills.

Legacy MSSPs are Missing the Future

Finally, an all-in-one MSSP that has been in the business for at least 10 or more years is likely a stable and established business. It’s unlikely that the MSSP is going to get acquired or end support any time soon. The organization likely services thousands of clients and analyzes billions of security events across industries, which allows you deeper insights into current global threats. These types of providers can offer unmatched knowledge-sharing and expertise from working on major security flaws and zero-days that have impacted clients over the last several decades. That kind of expertise and knowledge can be invaluable for your team in gaining better insights and decision making in the operations center.

IBM Named a Leader in Global Managed Security Services

Forrester named IBM as a leader in its new report, The Forrester Wave™: Global Managed Security Services Providers (MSSPs), Q3 2020. Only four vendors were ranked as a leaders out of the 15 evaluated vendors in the MSSP space.

According to the Forrester report, “IBM’s portfolio of intellectual property now directly benefits its MSS clients, something mentioned as a strength by client references.”

We believe Forrester’s evaluation validates our goal to provide a next generation, all-in-one MSS solution. This solution brings together the best of IBM’s proprietary technology (AI and ML) and an ecosystem of best-of-breed technologies. At best, it can speed up our customer’s detection and response capabilities for today’s fast-paced and distributed enterprise environments.

Download a copy of the report




More from Security Services

Pentesting vs. Pentesting as a Service: Which is better?

5 min read - In today's quickly evolving cybersecurity landscape, organizations constantly seek the most effective ways to secure their digital assets. Penetration testing (pentesting) has emerged as a leading solution for identifying potential system vulnerabilities while closing security gaps that can lead to an attack. At the same time, a newer entrant into the security arena is Pentesting as a Service (PTaaS). Although PTaaS shares some similarities with pentesting, distinct differences make them two separate solutions. This article will discuss how these methodologies…

How I got started: Attack surface management

4 min read - As the threat landscape multiplies in sophistication and complexity, new roles in cybersecurity are presenting themselves more frequently than ever before. For example, attack surface management. These cybersecurity professionals are responsible for identifying, mapping and securing all external digital assets an organization owns or is connected to. This includes servers, domains, cloud assets and any other digital points that could be exploited by cyber criminals. Their role involves continuously monitoring these assets for vulnerabilities, misconfigurations or other potential security risks…

X-Force uncovers global NetScaler Gateway credential harvesting campaign

6 min read - This post was made possible through the contributions of Bastien Lardy, Sebastiano Marinaccio and Ruben Castillo. In September of 2023, X-Force uncovered a campaign where attackers were exploiting the vulnerability identified in CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials. The campaign is another example of increased interest from cyber criminals in credentials. The 2023 X-Force cloud threat report found that 67% of cloud-related…

Does your security program suffer from piecemeal detection and response?

4 min read - Piecemeal Detection and Response (PDR) can manifest in various ways. The most common symptoms of PDR include: Multiple security information and event management (SIEM) tools (e.g., one on-premise and one in the cloud) Spending too much time or energy on integrating detection systems An underperforming security orchestration, automation and response (SOAR) system Only capable of taking automated responses on the endpoint Anomaly detection in silos (e.g., network separate from identity) If any of these symptoms resonate with your organization, it's…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today