Cloud services streamline business operations, which explains why many organizations are migrating to cloud environments. Enterprise business leaders adopt Software-as-a-Service (SaaS) applications because they offer the greater availability, cost reduction, and flexible scalability necessary to compete in an increasingly digital world. As a result, core business technology and security purchasing trends now focus on integrations that provide centralized security across multiple environments and complex application architectures.
The shift in computing also drives changes in networking and security that presents MSSPs with new opportunities and challenges. As organizations migrate to the cloud, many find themselves struggling to secure data while maintaining consistent connectivity. With the perimeter moving further from the traditional on-premises network, customers need offerings that future-proof their data centers, branch offices, and hybrid multi-cloud environments.
The Drive for Consistency: The Move to SD-WAN
Remote workforces need efficient, consistent connectivity to maintain productivity. To provide this stable connectivity in concert with security, enterprise customers are increasingly adopting Secure SD-WAN which integrates security directly into networking, along with load balancing and failover. From an enterprise perspective, organizations gain the best of both worlds.
By offering Secure SD-WAN, MSSPs can enable their customers’ productivity and security needs in a single product – thereby consolidating functions while driving better performance and control. This helps drive service adoption and enhances market competitiveness. As the first step on the road to enhanced cloud security, Secure SD-WAN enables customers to achieve operational efficiencies while orchestrating consistent network and security policies. SD-WAN’s adaptive capability to optimize access methodology ensures Quality-of-Service, which is the primary determinant of Quality-of-Experience which along with better outcomes, are the main drivers for cloud adoption.
Trust No One: Zero Trust Access (ZTA) and Zero Trust Network Access (ZTNA)
As IoT devices flood networks and operational environments, and users continue to work from anywhere, organizations need continuous verification of all users and devices as they access corporate applications and data. Zero Trust Access (ZTA) operates on the concept of trusting no person and no device automatically, and it requires identification for all requests for network access. This provides additional identity assurance by limiting user and device access to network resources on a need-to-know basis. Implementing ZTA includes requiring powerful network access control technologies, strong authentication capabilities and pervasive application access controls.
As remote and hybrid work models become standardized across all industries, MSSPs will need to offer a range of secure remote access solutions – for any user, from any location, on any device.
Applying the Zero Trust model to application access makes it possible for organizations to move away from the use of a traditional virtual private network (VPN) tunnel that provides unrestricted access to the network. Zero trust network access (ZTNA) connections grant access on a per-session basis to individual applications only after devices and users are verified. This ZTNA policy is also applied when users are on the network, which provides the same Zero Trust approach no matter where a user is connecting.
And since user identification, authentication, validation and access permissions have become critical, it is essential for enterprises to restrict access strategically, to ensure that only legitimate users can access appropriate network resources. This is what Zero Trust is all about: never assume anything can be trusted simply because it is “inside the perimeter.” Which is especially relevant today, with more users and computing outside of the traditional enterprise perimeter. The level of complexity of in identifying, authenticating, validating, and logging and monitoring the traffic of all sessions is often too much for many enterprises – creating a tremendous opportunity for MSSPs.
Embrace the Cloud
MSSPs need to also offer cross platform security with visibility and control on the LAN, WAN, data center and cloud edges, as well as securing public/private cloud deployments. Today’s network ecosystems are broad and disaggregated, consisting of legacy infrastructure and investments, as well as newly adopted cloud services. MSSPs should consider security platform approach that can cover a broad attack surface with integrated technologies that can collect and share information, with automation to enhance detection and mitigation of threats. Success for MSSPs will be determined by their ability to integrate networking in the form of SD-WAN, with Zero Trust-based, AI-powered security to secure hybrid, multi-cloud environments. The promise of the cloud is about better business outcomes and user experiences, which requires integration of networking, security and compute – that’s both the challenge and opportunity for MSSPs. By moving from just traditional on-premises offerings to cloud-based solutions, MSSPs position themselves as partners in enabling their enterprise customers’ digital transformation.
More distributed computing and the shift to remote work models means that MSSPs must expand offerings. The rise in ransomware attacks reflects the realities of an expanded attack surface as well as systemic problems in the lack of integrated and automated security products.
Today’s advanced attacks can take just minutes, if not seconds, to compromise the endpoints. It’s quite apparent that first-generation endpoint detection and response (EDR) tools simply cannot keep pace. They require manual triage and responses that are not only too slow for fast moving threats, but they also generate a huge volume of indicators that burden already overstretched cyber security teams. Further, legacy EDR security tools drive up the cost of security operations and can slow network processes and capabilities, negatively impacting business.
To meet these changing needs, MSSPs need to offer endpoint detection and response (EDR) solutions that can proactively reduce the attack surface, prevent malware infection, detect and defuse potential threats in real time, as well as automate response and remediation procedures with customizable playbooks. Traditional anti-virus tools offer protections for known signatures, but modernized endpoint security solutions monitor all files and applications. They provide detection for fileless malware and ransomware then remediate a compromised endpoint. Offering these services repositions MSSPs to help organizations identify and stop breaches in real-time automatically and efficiently, without overwhelming security teams with a slew of false alarms or disrupting business operations.
Extended Detection and Response (XDR)
Augmenting EDR, Extended Detection and Response (XDR) extends unified security incident detection capabilities beyond just endpoints to cover, email, web gateways, CASB, IAM, DLP and the NGFW security stack in a single incident detection and response platform. XDR’s use of an integrated security infrastructure, offers organizations the ability to close security gaps, correlate security information, and automate operations. The key XDR considerations for MSSPs center on the breadth of integration and automation capabilities.
As part of providing an XDR offering, MSSPs must assess whether the solution can provide fully automated detection, investigation, and response capabilities. It should also be easily integrated into the SD-WAN and SASE infrastructures to help reduce overall cost and increase return on investment. By doing this, MSSPs move toward creating a well-integrated control plane covering the LAN, WAN, data center and cloud edges.
Managed Detection and Response (MDR)
The growing level of sophistication and effectiveness of threat actors often outstrips the ability of security teams to detect and investigate incidents. Indeed, with attackers often speeding weeks and months inside networks before detection, it’s clear that increasing complexity, vendor sprawl and skills shortages are driving many organizations to seek assistance in incident detection and response. This is manifested in growing adoption manage security services to secure more distributed network environments. But in order to take advantage of this, MSSPs require specialized cybersecurity tools and resources.
Providing managed threat detection and response (MDR) capabilities will play a vital role in MSSPs’ ability to meet customer security demands. This trend was highlighted in a recent Gartner study, which found that by 2024, more than 90% of organizations looking to outsource security will focus on detection and response services. Buyers are turning to MDR providers because they are able to provide comprehensive response capabilities across remote business environments. This means that for MSSPs to stay competitive, they will need to incorporate managed detection and response technologies into their service offerings.
MDR providers and MSSPs both provide security services to their customers; however, they detect and respond to threats in different ways. MDR providers combine network forensic and end-point security tools with human analysis and automation to detect and respond to threats. Their service offering is primarily built around threat detection and response. With improved threat detection times, organizations can respond to security incidents in real-time, limiting the impact of successful attacks. And should customers require assistance, MDR providers can help with threat remediation by deploying on-premise teams.
Conversely, MSSPs have traditionally prioritized security asset management. Compared to MDRs, MSSPs are more concerned with the deployment, management, and monitoring of security assets like firewalls and network access controls.
To address the challenge of new MDR service providers, MSSPs should consider incorporating EDR, SOAR with SIEM services for a comprehensive portfolio. Organizations of all sizes now realize that security is no longer a DIY exercise, with integrated MDR capabilities, MSSPs can take advantage of this emerging market by providing customers with solutions that ensure ongoing security.
Providing a Tightly Integrated Security Platform for the Enterprise
Enterprise customers are looking to remove the clutter of disparate, difficult-to-integrate tools that provide little, to no unified visibility across and expanding attack surface under continual attack. Going forward, effective security requires a single control plane that enables customers to manage their “work from anywhere” employee base, as well as the “always on” enterprise.
The continued shift of computing to the cloud, also drives the requirement for integrated security and networking in the form of Secure SD-WAN and SASE as the foundation of any enterprise IT strategy. MSSPs have an opportunity to provide the needed visibility and control for security, network and application performance that delivers better outcomes and experiences. With Fortinet, MSSPs are able to expand service offerings and deliver comprehensive solutions with a single security vendor using the Fortinet Security Fabric.
Author Jonathan Nguyen-Duy is VP of Field CISO at Fortinet. Read more Fortinet blogs here.