search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
industryopinion


How MSSPs are closing the cybersecurity gap


By Matthew Rhodes, regional director for MSSPs, Logpoint.


A


cquiring and retaining skilled personnel, addressing specific IT-skill gaps, and the ever-spiralling costs of cybersecurity operations and maintenance – these are


now the top reasons why businesses turn to Managed Security Service Providers (MSSPs). Where previously companies might have baulked at the idea of outsourcing their security, many now realise the benefits, with services proving more cost effective and scalable and customers able to access the latest technology without incurring investment and management costs. But, in a world with a 42% deficit in talented cybersecurity


professionals (the global workforce consists of 4.7m people, but there are 3.4m vacancies, according to (ISC)2) the MSSP also provides the business with access to a pool of human resource. Many are now finding themselves so short staffed that this is threatening the integrity of the business. An ISACA report found that of those businesses that suffered a cyber attack, 69% were “somewhat or significantly understaffed”. Small wonder, then, that in-house SOC teams are deciding to outsource some of their more time-consuming and complex tasks to avoid becoming exposed and meet compliance obligations.


Universal shortages In this respect, MSSPs are helping to close the cybersecurity gap. Except it’s not quite that simple. So extreme are the skills shortages, that MSSPs too are finding it difficult to source staff. Skilled security analysts are hard to recruit and even harder to retain, and they are constantly being asked to do more with a shrinking analyst-to-customer ratio, revealing that the MSSP business model is also under threat. The answer is to embrace automation and orchestration.


This will enable MSSPs to achieve economies of scale and become more efficient, but the debate remains – how should they go about doing this? Should MSSPs use technologies like Security Orchestration, Automation and Response (SOAR) to replace analysts and fully automate? Or should they use SOAR technology to augment analyst expertise and make it much easier for them to handle event data from hundreds of different customers? A recent survey of MSSPs across the EU and the US found there’s little appetite to replace the security analyst, with most


www.pcr-online.biz


looking for tools to augment staff. Analysts bring many skills to the table, looking at an incoming incident, using a variety of contextual information to supplement the forensic data from the security platforms. You can’t replace that kind of expertise, but you can make the analyst’s job easier with the right kind of tools.


Automation and orchestration Understandably, MSSPs are cautious about adopting new technologies and products that may change the vendor licensing scheme and raise costs. They need solutions that can drive business growth without necessarily increasing licensing costs and that offer them flexibility and the ability to scale across the client base. Take Security Incident and Event Management (SIEM). When


analysts create a specific detection rule or another kind of value for one customer, they want it to be available for all customers. If they must manage each customer SIEM one by one, it’s almost impossible to deploy a use case within a normal SLA timeframe. MSSP analysts need a tool that allows them to create a


rule once and automatically deploy it to all customer SIEMs. Likewise, leveraging a single SOAR platform would allow analysts to work on event data from all clients at the same time, improving the quality of threat intelligence while allowing a unified set of rules and playbooks to be leveraged across all MSSP customers.


A tactical advantage Today there is consensus that automation and orchestration will be needed to fill the widening gap between what needs to be done and the resources needed to do it. The same holds true for User Entity Behavioural Analytcs (UEBA) with everyone in agreement that detecting anomalous behaviours in real time will make threat hunting easier and more effective. What’s challenging them is the vendor community who


haven’t been sensitive enough to their pricing models and haven’t provided the hands-on support needed to tailor these offerings to the customer base. But rest assured, those MSSPs that do find a way to create new services using these technologies will not only solve the skills shortage, they’ll also steal a march on the market.


July/August 2023 | 13


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52