Managed Security Services (MSS): A Decade of Lessons Learned

Over the last decade, the cybersecurity industry has transformed in a virtually endless number of ways, and the momentum doesn’t seem to be slowing down anytime soon. The introduction of artificial intelligence and, in turn, automation, coupled with a growing list of available security solutions, as well as changes in computing and networking, has led many managed security service providers (MSSPs) falling behind when it comes to effectively managing today’s highly-sophisticated cyber threats. Let’s take a look at some of the most important lessons learned by MSSPs over the past 10 years, and gain a better understanding of how service providers can apply these lessons to their own businesses moving forward.

The Rising Use of Artificial Intelligence

For many reasons, artificial Intelligence is one of the leading drivers behind the digital threat landscape’s rapid evolution. On one end, organizations are turning to more AI-driven solutions to increase efficiency and take advantage of digital transformation within their business. On the other, cyber criminals are increasingly leveraging artificial intelligence to develop and carry out advanced, multi-vectored attacks at machine speed. This allows them to take advantage of multiple vulnerabilities while simultaneously evading detection. These types attacks run the gamut from automated, opportunistic attacks to targeted campaigns spanning extended periods of time.

Additionally, as the number of internet-connected devices on a network increases, so does the number of incoming threat alerts and the evitable rise in alert fatigue. As a result, MSSPs must consider strategies that allow them address the growing volume, variety and velocity of data to stay ahead of security threats. With AI, MSSPs can more efficiently sift through a large number of threat alerts to identify potential problem areas and determine the best plan of action for mitigating the risk. Service providers can also use AI and automation to accelerate response time, with the potential to cut it down from days or months to just a few minutes. For these reasons, it’s critical that service providers gain an understanding of artificial intelligence technologies and the capabilities that they enable.

The Automation of Security

As an extension of artificial intelligence, automation in cybersecurity has also contributed to the widespread transformation in the industry. In many aspects of their business, organizations are turning to automation to help manage larger workloads and streamline operations. However, cyber criminals have also been quick to apply automation to their tactics, allowing them to carry out an overwhelming number of automated methods around creating and disseminating various cyber threats.

Service providers must consider how they can apply automation in order to keep pace with attackers as they continuously exploit known vulnerabilities, while also introducing new threats into the landscape. By integrating automation, service providers can work to mitigate the risk posed by automated cyberattacks with faster response times, more comprehensive visibility, and simplified network management. Automating security can also help to minimize human error and reduce the likelihood that a threat is missed or overlooked, as well as help to create streamlined response workflows.

Diminishing Returns of Mature Platforms

With what seems like an ever-growing list of available security solutions, many organizations have inadvertently created more work for their IT security teams by introducing a number of disparate security solutions. Contrary to popular belief, having a larger team, budget, or number of solutions does not necessarily mean more protection. In fact, the opposite is more likely to be true as it becomes more and more difficult for teams to manage so many moving parts. Digital Transformation and the resulting expansion of attack surfaces and complexity, make it harder than ever before to manage today’s networks. Indeed, the widespread recognition that cybersecurity is not a DIY exercise, has led to virtually every enterprise outsourcing some security function to a service provider – giving rise to SOC-as-a-Service, Manage Detection and Response services, SIEM-as-a-Service, all the way to co-managed and fully managed security services. Today, security teams have to manage a complex RACI matrix that spans internal solutions and multiple parter-provided products and services. Successful MSSPs are investing in capabilities specifically suited to meet their market segment’s requirements rather than being all things to all people. Smart investments in broad, integrated and automated capabilities backed by AI, are becoming definitive differientiators for MDRs and MSSPs.

Traditionally network and security operations have been separate operating silos – organizationally, technologically and even, culturally different. With a wide range of non-integrated solutions stacked on top of each other, NOC-SOC integration has historically been very challenging. This structural lack of visibility significantly increases the chances of mistakes and risks being overlooked. This is especially critical on network edges - the nexus of the control and data planes. This is where gaps in visibility often lead to misconfigured devices not being identified, vulnerabilities left unpatched, and anomalous behavior not investigated. MSSPs will do well if they focus on helping customers reduce complexity and close gaps to protect all network edges across the LAN, WAN, data center and cloud edges.

The lack of built-to-purpose product integration, also causes systemic problems. Indeed, it can be difficult, if not impossible, to get the different systems to communicate with each other effectively since many are not designed to work with other solutions. Instead, service providers must consider how they can consolidate from point products to platforms and streamline workflows, to reduce the number of tasks that their team is required to manage on an ongoing basis. Swivel chairing from one management console to another is simply no longer feasible. Consolidation reduces complexity and cost by lowering the number of products supported, while correspondingly reducing training and maintenance expenses.

Final Thoughts

The digital threat landscape is evolving at a rapid rate and growing more complex and risky, as organizations accelerate digital transformation and cyber criminals increasingly make greater use of artificial intelligence, automation, and a highly efficient darkweb marketplace. In order to keep up, managed security service providers must consider how they can take advantage of emerging technologies, solutions, and trends. When it comes to MSS, many of the lessons we know today have been learned the hard way. By understanding the challenges that have arisen in recent years - as well as how they were successfully overcome - service providers can take proactive steps to adapt their businesses and service offerings to better align with the needs and challenges of today’s complex networks.

Author Jonathan Nguyen-Duy is VP of field CISO’s at Fortinet. Read more Fortinet blogs here.