Managed security service providers (MSSPs) can speed up detection and response capabilities in complex, distributed security environments.

However, many traditional managed security providers simply act as alert factories that collect log data and spit out low-value alerts. These increase the workload on their clients’ security teams rather than offloading work and enhancing their security posture. In addition to this alert fatigue, more problems pile up. Fragmented tools, increases in the attack surface and the complexity of response to a threat all create additional strain on security teams today. Conversely, quality MSSP can streamline the entire pipeline.

In Forrester’s new report The Forrester Wave: Global Managed Security Services Providers, Q3 2020, the independent research firm mentioned that “MSSPs have attempted to solve the alert-factory problem by adopting the philosophy that any problem that exists can be solved by managed detection and response (MDR).”

A significant client driver we see today is a focus on managed detection and response (MDR) capabilities. Essentially, this technique moves beyond log collection and alerting to more proactive response, remediation and threat hunting. The goal is to detect threat actors faster. Therefore, teams can limit the impact of security incidents as they move across the threat management lifecycle.

Download a copy of the report

Increasing Speed and Precision With a MSSP

With so many disconnected and fragmented security tools, it’s not surprising that complexity and inefficiency arise during the threat management lifecycle. Security analysts simply have too many tools to use to quickly triage and respond to threats. In the 2020 Ponemon Institute Study The Cyber Resilient Organization, organizations deploy more than 45 security solutions on average and use 19 different tools when responding to a cybersecurity incident. This study also found that there’s actually an adverse effect when using more security solutions and technologies to detect, prevent, contain and respond to incidents. More tools can mean your analysts spend too much time in any one stage of the threat management lifecycle.

Analysts must monitor and manage the intricacies of these environments with speed and precision. Doing so is an imperative within dynamic and evolving security environments. Teams can bring together best-of-breed technologies and best-of-suite platforms with the right MSSP to deliver an all-in-one, integrated security experience.

Questions to Ask

For now, you might have one vendor covering your vulnerability scanning, another for security information and event management (SIEM), and still another vendor for your identity and access management (IAM) program. These systems and tools rarely connect and talk to one another. Security leaders are left without answers to the following:

  • Are we getting the right telemetry across all these systems and tools?
  • Are our best-of-breed solutions offering a broader picture of our security program?
  • How do we use orchestration and integration to unify our offense and defense?
  • Are we covering the new perimeterless environment with a multitude of endpoints?

Security leaders and their teams need to see the sum of the parts to understand the entirety of their environment. Without this broader perspective, you’re not getting the right context the way you might with a MSSP and could miss insights needed to rapidly make decisions.

Combining Best-of-Breed and Best-in-Suite in MSS

Comparatively, best-of-suite solutions can combine multiple tools into one. A best-of-suite MSS provider may provide multiple security solutions into a single unified console. The solution should provide threat intelligence, incident response, vulnerability, artificial intelligence (AI) and machine learning (ML) enhancement on workflows, for on-premise, as well as your multicloud security visibility. However, the selection of tools and technologies is at the discretion of the provider’s security suite.

This approach means the security team has one source of truth when handling incidents. Rather than switching between multiple provider’s security applications, your team works in a single interface and ecosystem to triage threats.

Benefits of All-in-One MSS

According to Forrester’s 2020 Now Tech report, “security leaders can’t build and maintain teams focused on detection, investigation, compliance, risk, regulatory requirements and more. MSSPs exist to offset some of the workload, and leaders must use them for their programs to succeed.”

For example, maybe outsource the threat and vulnerability management lifecycle to a security partner but focus your in-house resources on pandemic response or that key strategic, transformative project.

The right all-in-one managed security platform offers unmatched intellectual property (IP) and assets, like AI and ML, to filter out the noise your team may be experiencing. It also offers opportunities to speed up your detection and response. This is a chance to bring clarity and direction to overwhelmed security teams. Some MSSPs have developed partnership-based bundles that include consulting services and technology that can help speed up your initiatives across networks, hybrid cloud, data and app, identity and more.

Global and in-region support are possible from this approach, as well. Your team benefits from global scalability, better data sovereignty and regionalized architecture and the capabilities of local security operations centers. Moreover, an all-in-one MSS model gives your team more individualized attention through staff training opportunities to level up their skills.

Legacy MSSPs are Missing the Future

Finally, an all-in-one MSSP that has been in the business for at least 10 or more years is likely a stable and established business. It’s unlikely that the MSSP is going to get acquired or end support any time soon. The organization likely services thousands of clients and analyzes billions of security events across industries, which allows you deeper insights into current global threats. These types of providers can offer unmatched knowledge-sharing and expertise from working on major security flaws and zero-days that have impacted clients over the last several decades. That kind of expertise and knowledge can be invaluable for your team in gaining better insights and decision making in the operations center.

IBM Named a Leader in Global Managed Security Services

Forrester named IBM as a leader in its new report, The Forrester Wave™: Global Managed Security Services Providers (MSSPs), Q3 2020. Only four vendors were ranked as a leaders out of the 15 evaluated vendors in the MSSP space.

According to the Forrester report, “IBM’s portfolio of intellectual property now directly benefits its MSS clients, something mentioned as a strength by client references.”

We believe Forrester’s evaluation validates our goal to provide a next generation, all-in-one MSS solution. This solution brings together the best of IBM’s proprietary technology (AI and ML) and an ecosystem of best-of-breed technologies. At best, it can speed up our customer’s detection and response capabilities for today’s fast-paced and distributed enterprise environments.

Download a copy of the report

 

 

 

More from Security Services

Secure-by-Design: Which Comes First, Code or Security?

4 min read - For years, developers and IT security teams have been at loggerheads. While developers feel security slows progress, security teams assert that developers sacrifice security priorities in their quest to accelerate production. This disconnect results in flawed software that is vulnerable to attack. While advocates for speed and security clash, consumers must often pay the price when threat actors strike. 48% of developers admitted they were still shipping code with vulnerabilities in 2022. It’s clearly time for a change. Many believe…

4 min read

ITG10 Likely Targeting South Korean Entities of Interest to the Democratic People’s Republic of Korea (DPRK)

7 min read - In late April 2023, IBM Security X-Force uncovered documents that are most likely part of a phishing campaign mimicking credible senders, orchestrated by a group X-Force refers to as ITG10, and aimed at delivering RokRAT malware, similar to what has been observed by others. ITG10's tactics, techniques and procedures (TTPs) overlap with APT37 and ScarCruft. The initial delivery method is conducted via a LNK file, which drops two Windows shortcut files containing obfuscated PowerShell scripts in charge of downloading a…

7 min read

Detecting Insider Threats: Leverage User Behavior Analytics

3 min read - Employees often play an unwitting role in many security incidents, from accidental data breaches to intentional malicious attacks. Unfortunately, most organizations don’t have the right protocols and processes to identify potential risks posed by their workforce. Based on a survey conducted by SANS Institute, 35% of respondents said they lack visibility into insider threats, while 30% said the inability to audit user access is a security blind spot in their organizations. In addition, the 2023 X-Force Threat Intelligence Index reported that…

3 min read

Poor Communication During a Data Breach Can Cost You — Here’s How to Avoid It

5 min read - No one needs to tell you that data breaches are costly. That data has been quantified and the numbers are staggering. In fact, the IBM Security Cost of a Data Breach estimates that the average cost of a data breach in 2022 was $4.35 million, with 83% of organizations experiencing one or more security incidents. But what’s talked about less often (and we think should be talked about more) is how communication — both good and bad — factors into…

5 min read