Security Orchestration Accelerates MSSP Scalability & New Service Development

The market for managed security services grew 9.5% in 2017, the result of continued adoption of services from large global providers and a steady influx of new competitors.

The emergence and continued growth of the managed detection and response (MDR) category further fans the flames of growth and competition.

Managed security services are notoriously hard to scale. Disparate client technologies typically mean either hiring experts on every platform or turning down/missing out on new business.

And unique client demands for reporting, visibility and other services can result in each account being a bit like snowflakes – no two alike.

This places immense pressure on internal development resources to keep pace with market demand and accommodate the needs of new clients.

But to maintain competitive pricing, maximize margins and bring services to market faster, MSSPs are looking for ways to provide a portfolio of services at scale.

In this post we take a look at how security orchestration, automation and response (SOAR) can shorten the time it takes for an MSSP to provide new service offerings in order to stay competitive and gain market share.

Security Orchestration Shortens the Learning Curve for MSSPs

With thousands of security technologies in the market, it’s impossible for any security engineer or SOC analyst to be an expert in every single one. Yet, MSSPs must be ready to effectively manage and monitor whatever tools their clients bring to the table from day one. Hiring additional personnel isn’t always possible, quickly drives up overhead costs and ultimately, doesn’t scale. Training existing talent can take time and spreads analysts thin.

Security orchestration solutions eliminate this need for deep expertise on individual tools by providing a unifying fabric for management of multiple technologies. This means analysts only need be fluent in the use of a single platform to manage and orchestrate activities across myriad tools. Additional learning on certain technologies may still be required for more complex tasks, but security orchestration enables MSSP SOC analysts to effectively start managing new security tools immediately.

MSSPs Can Redirect R&D Resources with Security Orchestration

Managing a wide variety of security tools is the basis for most MSSPs. Large global MSSPs have hundreds of different technologies under management for their clients – from SIEM and EDR to firewalls and vulnerability management solutions. As such, many have created their own homegrown management/orchestration solutions custom coded for their SOC. These solutions are often a hybrid of service management tools that require a tremendous amount of upkeep and development to accommodate new technologies, processes and customer requirements. This takes R&D resources away from the creation of new revenue-generating services, which can mean longer dev cycles or even de-prioritizing new efforts to ensure that the basics are working consistently.

In contrast, dedicated security orchestration solutions are designed to accommodate a broad spectrum of technologies and generally come with more than 150 integrations already built in. Users have the ability to build custom connectors as needed, but, unlike with homegrown solutions, MSSPs aren’t starting from scratch. This greatly drives down the R&D resources needed just to maintain the basic functions of the business so they can be redirected to focus on quickly creating and releasing new services that can positively contribute to the bottom line.

Security orchestration speeds MSSP R&D

Security Orchestration Enables MSSPs to Quickly Add MDR Services

One of the newest frontiers in the MSSP world is the growth of managed detection and response (MDR) services. Providers in this segment go beyond the traditional MSSP model of monitoring and notification to actually triage, respond to and remediate security incidents on behalf of their clients. As the demand for these services continues to grow – Gartner estimates 15% of organizations will be using MDR by 2020 – traditional MSSPs are being asked to get into the MDR business.

For most MSSPs, this represents creating a whole new set of services that necessitates a different skill set, brand new processes and a different level of client access and visibility. Oh, and the ability to provide these services in a way that can be customized for each client, as required. In short – it’s a huge, time-consuming undertaking.

Security orchestration can enable managed detection and response services out of the box. With robust playbook capabilities, MSSPs can use security orchestration platforms to codify and manage the processes associated with incident response. Many platforms even include built-in playbooks to help security teams get started. And with automation capabilities, MSSPs can use security orchestration solutions to provide industry-leading SLAs related to response and remediation times.

As MSSPs explore security orchestration as an enabler for MDR services, they should look for solutions that are purpose-built for multi-tenancy to ensure the ability to customize playbooks and reporting across individual clients. Additionally, MSSPs should look for solutions that have robust dashboards and customized reporting to deliver the visibility clients expect as part of MDR services.

Speed to market will continue to be essential for MSSPs as they work to get their share of the predicted growth over the next few years. For many, security orchestration may hold the key to capitalizing on this momentum by streamlining technology management, adding processes and delivering the scalability needed to truly focus on bringing new, differentiated services to market quickly and effectively.