XDR and Automation: MSSPs’ Not So Secret Weapon

To win security business, Managed Service Providers (MSP) need to solve the evolving security needs of their clients while demonstrating value. In our most recent Internet Security Report, the WatchGuard Threat Lab team revealed that 74% of malware detected during the first quarter of 2021 could be classified as zero-day. This was a high-water mark (so far) that indicates polymorphic, evasive malware that bypasses signature-based protections is not just common, it is ubiquitous. Worse still, according to Infocyte, it takes the average midsize business 798 days to detect threats dwelling in their environment.  Businesses, no matter their size, are under siege by increasingly sophisticated threats and determined threat actors.

Managed Security Service Providers (MSSP) can play a critical role in bringing the necessary skills and resources to organizations looking to improve their security posture and augment their own security capabilities. By outsourcing the responsibility to a solution provider, these businesses hope to get security they need, while gaining the peace of mind that they can focus on growing and innovation. Security for them isn’t the goal, it’s simply a challenge. They rely on you to help them navigate whatever may come.

In the face of unprecedented threats Extended Detection and Response (XDR) solutions are in high demand. XDR aims to make security teams more effective by coordinating normally siloed security solutions for improved protection, detection, and response capabilities. This presents an opportunity for services providers able to provide XDR services, as 50% of businesses are interested in having their XDR fully managed by an MSSP.

XDR aims to make security teams more effective by coordinating normally siloed security solutions for improved protection, detection, and response capabilities. XDR solutions help MSSPs keep up with the evolving security needs for their clients, while giving them the ability to consolidate security vendors to reduce costs and unlock efficiencies. XDR also provides MSSPs with a clouds eye view of their clients attack surface by correlating threat data across networks, clouds and endpoints. A key output of this approach is the ability to apply automation and artificial intelligence to augment your security team, helping them do more, in less time.

Here are three areas of automation that make XDR so effective:

  1. Telemetry Correlation and Scoring –Staying on top of threats requires persistent, advanced security that goes beyond endpoint antivirus. Sophisticated malware is no longer rare, it’s widely available on the dark web. Evasion techniques are now common. By automating telemetry correlation across users, hosts, networks and applications, you can expose stealthy threats and minimize alert confusion. And, with correlated threat scoring, you can take the guesswork out of the process.
  2. Intelligent Threat Triage – The average tech team spends over 286 hours a week on threat indicators that turn out to be false positives. AI trained to identify patterns humans may miss can provide tremendous value and allow you to automate the process of triaging suspicious threats.
  3. Accelerated Response– Automation capabilities make it possible to immediately take action at different points in the security stack. By correlating response between the network and endpoint, for example, infected endpoints can be isolated and prevented from connecting the network via VPN or otherwise. This buys the MSSP time to clean and repair the device, while preventing lateral movement.

With threats on the rise, demand for managed XDR promises to grow. Check out the recent MSSP Alert webcast Expanding from MDR to XDR to learn how XDR positions your MSSP to analyze, prioritize, hunt and remediate threats to your customers’ businesses.

Video link

Guest blog courtesy of WatchGuard Technologies. Read more WatchGuard guest blogs here.