The Value of MSSPs and Threat Intelligence

In recent years, the range and severity of cyberattacks against organizations across a range of business sectors have increased exponentially, leading to systems breached, data stolen and operations severely impacted. According to a 2017 research report by McAfee, new malware samples hit an all-time high in Q3, increasing 10% over the previous quarter and ransomware variants were up 36%. However, in spite of the growing number of threats, ensuring strong defenses are not always the highest priority for a significant percentage of companies, as time to market and other business / competitive pressures tend to override security concerns.

Author: AlienVault VP Global Channel Sales Mike LaPeters

Successful incursions can have lasting repercussions that effect a company’s bottom line, long-term brand value and customer confidence. As a result, businesses are increasingly forced to recognize that they need to improve their security capabilities. But for many, this remains a complex and ongoing challenge, partly due to limited IT budgets and a lack of trained security personnel.

As a result, organizations of all sizes are choosing managed security service providers (MSSPs) to provide cost-effective services to ensure that they’re protected before, during and after a cyber-attack. For example, an effective MSSP can focus on hardening IT infrastructure and enforcing solid security policies before an attack. Once an attack has been launched, a security provider can help detect an incursion, and then block it to prevent further damage to targeted systems.

Analysis conducted after an attack can identify gaps and vulnerabilities for an organization to address. An MSSP can also recommend and provide a range of additional services, including:

  • Installing authentication protocols to govern access to sensitive data, networks and IT systems
  • maintaining 24/7 intrusion detection and firewall monitoring
  • collecting and analyzing event monitoring data to detect anomalies
  • monitoring network traffic to identify new and evolved intrusion attempts
  • initiating backup and recovery procedures in the event of an attack

Taking Security to The Next Level

In addition to offering effective point solutions, it’s crucial for MSSPs to deliver comprehensive services as a true value-add to their end customers. This includes providing an extensive knowledge base in terms of threat profiles and offering context so that organizations can maximize their defenses and choose the best course of action to respond to an imminent attack.

“There may be more advanced types of incidence response, such as providing advice or context on the different types of attacks that are taking place,” observed Sacha Dawes, Senior Product Marketing Manager at AlienVault. “Again, it’s about obtaining as much contextual data as possible to determine how to respond to an incident and what needs to be done to minimize disruptions, mitigate impact and maximize the response to ensure that things are up and running again as soon as possible.”

As cyberattack methods continue to evolve, organizations need to be able to adapt to those changes as well. According to Symantec’s Internet Security Threat Report, more than 57 million new malware variants were observed in 2016. Threat intelligence can play a crucial role in protecting a company’s assets and staying one step ahead of potential losses, because it provides companies with actionable information that they can use to detect and respond to emerging and evolving security threats.

In an effort to cope, many businesses today maintain multiple disparate point solutions. Today, 66% of companies report using five or more security products. However, increasing the number of solutions only adds complexity, requiring more resources to monitor and manage. The process can also be time-consuming, especially if there are numerous maintenance contracts to be fulfilled along with applying updates across all these products.

In the current digital business environment, IT budgets are being squeezed and leaders are often asked to deliver more with less. They often lack sufficient resources to research and prepare for the specific types of threats they face, whether it’s in the financial, retail, healthcare or energy sectors. Simply adding more security solutions isn’t the answer.

Moreover, a lack of integration between their various security solutions can pose significant barriers. Competing products from different vendors don’t necessarily work well together. There are even scenarios where different products from the same vendor lack smooth integration and require significant IT time and resources to configure.

Simply adding another management product to effectively maintain all these different solutions isn’t the answer. Lastly, the lack of standardized, scalable security offerings can pose real limitations for many organizations.

Enter the MSSP

Given this extremely difficult situation, with multiple security point products, and integration challenges, as well as a need to integrate threat intelligence, MSSPs aligned with certain integrated solutions are ideally positioned. Effective MSSPs provide the capabilities to adapt to a multitude of threat scenarios by mapping into customer needs and offering the ability to scale as needed.

Making the Transition

Organizations of all sizes are realizing the benefits of having in place an additional layer of protection and the advanced security skillset that an MSSP provides. Ultimately, MSSPs deliver a unique combination of experience and expertise, 24/7 availability and cost savings. Even if you are a Managed Security Provider rather than an MSSP, the transition is straightforward.  It’s quite possible for Managed Service Providers (MSP) to expand their capabilities and offer security services as MSSPs.

In many ways, MSPs are always looking to grow services that are not only necessary and valuable, but are also profitable and predictable. Examples of possible security capabilities can include patch management, antivirus, web and network protection as well as disaster recovery (DR) after a data breach. Already having key aspects of a managed services infrastructure in place can help MSPs make a seamless transition.

“There are a lot of things that MSP / MSSPs can help customers with as consultants, being their trusted advisor, and just knowing about what practices need to be put in place in terms of monitoring and making sure their systems are secure,” says Dawes.


MSSPs are an ideal solution for many customers, given the complexity of security technologies as well as the need to integrate threat intelligence in the solution. MSPs can transition to get into the MSSP end of the business with a bit of specialization.

Mike LaPeters is VP global channel sales at AlienVault. Read more AlienVault blogs here.