The pandemic spared no one and created disruption for everyone. But adversity can bring opportunity, and many of the businesses that prospered because of COVID-19 were the ones able to offer customers something that the crisis took away from them.
(Raise your hand if you or someone you know purchased – or at least thought seriously about buying – a Peloton.)
In the B2B world, COVID-19 accelerated digital transformation, including cloud, IoT and other emerging tech. But it also grew the potential attack surface and exposed weaknesses in organizations now forced to accommodate a distributed workforce using unmanaged technologies. This further exacerbated many of the key challenges security teams already were facing, even before their networks grew overnight: overload of alerts, the need for more detection tools, security skill shortages, etc.
Managed security services providers (MSSPs) and managed detection and response (MDR) vendors have become the big winners because of their ability to provide agility, scale and cost savings during these rough-and-tumble times. These outsourcing arrangements also free up organizations to eventually gain the internal knowledge that they were originally lacking, which led to calling on a provider to help fill the gaps in the first place.
Prior to the pandemic, Enterprise Strategy Group (ESG) research indicated that just-under three-quarters of organizations use some type of managed services for security operations, and ESG Senior Principal Analyst and Fellow Jon Oltsik predicted that trend would rise due to COVID-19.
— Jon Oltsik (@joltsik) August 3, 2020
Indeed, the Siemplify-commissioned State of Remote Security Operations survey report, published in February, supported this foreceast and found that 52% of respondents have increased their use of an MSSP since the pandemic began.
This is promising news for the service provider and ensures likely continued strong growth, but it doesn’t do away with obstacles they face to fulfill increasingly demanding customer expectations. As a result, not all MSSPs will be created equal.
Best one I got:
Me: “Why did you choose your MSSP?”
Them: “Well I was surprised, but they do not suck.”
— Alex Pinto (@alexcpsec) April 5, 2019
In a competitive MSSP marketplace, one way to shed a sometimes-spurious reputation and stand apart from rivals is through ensuring your security operations are optimized and delivering maximum outcomes for customers. To accomplish that, providers must overcome six key modern challenges:
1) Increasing Customer Acquisition Costs
With the proliferation of security technology options, customers’ security stacks are more diverse than ever before. To compete, MSSPs must be willing and able to sufficiently support a broad set of technology that often results in higher acquisition costs, as well as increased training requirements for security analysts.
2) Lack of Centralized Visibility
Analyst teams who manage and monitor a large customer base often lack visibility into the allocation of resources, which hinders their ability to balance productivity and risk. This visibility void often extends to the customer as well. Clients are yearning for greater visibility into their expanding network, more transparency around what is happening within it, and, most of all, the ability for an outsider provider to do more than simply notify them about a threat. Customers care more than ever about positive outcomes from their providers, which means finding, disrupting and eradicating adversaries and helping get their affected business back on its feet as quickly as possible.
3) Multiple Delivery Models
The range of MSSP delivery models is increasingly diverse and includes: 24/7 outsourced SOC, managed SIEM, MDR, staff augmentation, as well as numerous hybrid models. These various models are converging – a single MSSP may provide multiple models in various configurations, adding cost and complexity to operations.
4) Meeting SLA Commitments
MSSP analyst teams who manage multiple systems and interfaces across a diverse set of clients strain to meet rigorous SLA expectations.
5) Round-the-Clock Operations
To meet customer demands, MSSPs work around the clock, requiring multiple shifts and handoffs. It’s crucial to maintain consistency in response from one analyst to the next, and variability in staff knowledge and capability places added pressure on analysts. Driving consistency in processes and workflow to ensure optimal handling of alerts and incidents is paramount to balancing productivity and risk.
6) Personnel Turnover
Shortages and high turnover of personnel add to the challenges of managing a 24/7 operation. Meanwhile, reliance on manual processes and the need to retain expert knowledge further intensifies the pressure.
The Power of Automation and Orchestration
MSSPs are engaged in a constant struggle to ensure their existing security team keeps up with growing customer expectations. Due to an ever-expanding digital footprint, heavy investment in detection, and a growing list of security tools to monitor, the industry is at a tipping point.
Security orchestration, automation and response (SOAR) platforms can help service providers under pressure by ingesting aggregated alerts and indicators of compromise (IOCs) from detection sources and then executing automatable, process-driven playbooks to enrich and respond to these incidents. These playbooks coordinate across technologies, security teams and external users for centralized data visibility and action – for both analysts and customers.
More than three-fourths (76%) of respondents say the COVID-19 pandemic has played a role in their actions to increase SecOps automation or is expected to in the near future, the Siemplify report found. Meanwhile, 37% have prepared new automated playbooks to respond to emerging, remote-specific threats.
I think the technology to finally automate the quality of service of poor-quality (!) #MSSP is here today. I hope this will disrupt and kill shitty MSSP…. soon.
— Dr. Anton Chuvakin (@anton_chuvakin) November 13, 2018
To dip your toes in SOAR, download the always-free Siemplify Community Edition.
Dan Kaplan is director of content at Siemplify.