It’s a fine time to be a cybersecurity criminal. Equifax’s exposure of 145.5 million records was shocking, especially since it was caused by someone forgetting or neglecting to patch software. More recently, cyber security firms discovered that Accenture had several unsecured S3 storage servers sitting on AWS and that a home health company had a publicly-accessible database on AWS, containing perhaps 150,000 patient blood test results.
The common thread among these alarming security incidents is that all were preventable. This premise is underscored by a 2017 Verizon report on data breaches, indicating that 81% of attacks leveraged weak or stolen passwords. How long have we been reading about the password problem in IT security?
Of course, not all breaches are preventable. Hackers have a way of getting into places that promise access to data with a high market value. Yet MSSPs can do a lot to ensure maximum prevention tactics have been followed on behalf of their clients, as well as, advise on breach aftermath procedures.
Information security is a specialized, rapidly-changing field where entry-level to midrange salaries are often in the low six figures. Experienced engineers can command far more and they are brutally hard to find, attract and retain. Midsize to large companies may easily have more than 50 different security technologies installed and you can bet that many of them don’t talk to each other.
The MSSP Opportunity
The complexity of properly managing enterprise security is why MSSPs can offer an attractive alternative to the needed focus on breach prevention. For instance:
- MSSPs have deep expertise across the entire organization, which in some cases includes hundreds of certified technicians; that shared and growing knowledge base ensures that the MSSP is always on top of the latest threats, tactics and tools.
- MSSPs are often a more affordable approach to breach prevention and management, delivering economies of scale of staff and technology. Companies choosing to go it alone will find that running a comprehensive internal security operation is an expensive exercise.
- Finally, MSSPs can deliver a soup to nuts program for customers – from planning and strategy to everyday maintenance, monitoring, troubleshooting to incident response and resolution. This takes the burden of patching (and other critical activities) off the shoulders of a business that should focus on customers and building revenues.
Four Core MSSP Capabilities
MSSPs should aim to offer flexibility in terms of a variety of services and packages for customers looking for a little help or a completely outsourced solution. The foundation, however, consists of these core capabilities:
- Assessments— An initial assessment conducted by the MSSP should paint a picture of an organization’s overall security posture across networks and applications, risk from all hardware including mobile and IoT devices, and the state of regulatory compliance. Security assessments should be repeatable yet also customized, as compliance standards change or new threats arise. There are a number of assessment tools that can help in this effort, such as Qualys and Rapid7. MSSPs can also provide regular vulnerability assessments to uncover gaps such as outdated patches and open ports on devices. Penetration (pen) tests which simulate attacks on networks or other assets to test resilience are other critical assessments to include in your arsenal.
- Remediation— Remediation is an ongoing effort to correct and repair the issues identified in assessments, such as upgrading servers or integrating monitoring tools. Do your best to categorize the remediation activities into clear buckets: urgent, high priority, and low priority. An urgent task would be one that involves safeguarding customer and other sensitive data and applications. Assign costs to each service, so that everything is transparent for customers. Keep in mind that the job of the MSSP is to serve the customer, and they may not follow all of your recommendations. It is your job, however, to ensure that the customer understands the potential ramifications of not fixing a vulnerability. If your organization is new to the security field, it will take time to build credibility in the market that you know what you’re doing. That makes it harder for customers to ignore your advice.
- Lifecycle management— This is the bread and butter of the MSSP engagement. MSSPs are experts in setting up the day-to-day security operations process, which will hopefully prevent breaches and other incidents (such as insider attacks and fraud) from happening over time. Lifecycle management includes having monitoring systems in place to alert staff of suspicious events such as ransomware attacks, denial of service, downloading protected information, and so on. MSSPs will need to invest in the best-possible analytics engines to process and evaluate events within customer networks and systems. Those systems will do a good job of isolating the events that may require investigation. Early detection is important; remember the Target hack, in which the bad guys had penetrated the infrastructure weeks before the breach was discovered.
- Disaster management—Equifax was widely criticized for not notifying the public right away when the breach was discovered. In fact, time and again, companies that experience significant hacks tend to botch the extremely important job of communicating status updates and being proactive to help those affected. Transparency after a breach is critical. Legal and PR teams need to be prepared with an action plan that is immediately executable. MSSPs can help develop and execute this plan, especially from the perspective of fixing the technical problem before further damage can ensue.
With breaches dominating headlines on a regular basis, MSSPs can offer an expert hand and a proven approach to bolstering customer infrastructure and reducing the stress and cost of running a digital business.
Bonus: Addressing the cybersecurity talent shortage and growing threat of attack with managed services white paper. Download here.