COMMENTARY: There is a new group battling cyber attackers on the front lines to fight off the latest sophisticated attacks. I’m talking about managed security service providers (MSSPs), which, despite their best efforts, are fighting a losing battle due to significant weaknesses in the area of detection and response. In fact, even those using the best tools are finding themselves inundated with false alarms, resource limitations, and increasingly stealthy attacks that are putting their customers in a very risky position.
MSSP Alert Perspectives columns are written by trusted members of the managed security services, value-added reseller and solution provider channels or MSSP Alert's staff. Do you have a unique perspective you want to share? Check out our guidelines here and send a pitch to [email protected].
When it Rains, it Pours
According to Microsoft’s Digital Defense Report 2024, customers face 600 million cyberattacks daily. That equates to more than 219 trillion attacks annually. That’s a lot for any business. But what if you’re an MSSP with 50 clients? All it takes is for one customer to be the victim of a successful attack that evades your Endpoint Detection and Response solution, ultimately leading to significant data loss and possibly a total shutdown. That’s devastating for the client, but for an MSSP, it could tarnish your reputation to the point of extinction.The good news is that businesses have made major investments in cybersecurity tools. The bad news is that sufficient investments have not been made around Threat Detection and Response (TDR) or the art of identifying, mitigating, and responding to cyber threats—and doing so effectively and efficiently.Several factors fuel the need for TDR, beginning with the incredible growth and sophistication of attacks and attackers. You can thank AI for this. AI alone has amplified the frequency of attacks while making them far more difficult to detect. A great example is phishing. It’s reported that AI-generated phishing emails deliver a 54% click-through rate, compared to just 12% for human-written phishing attempts. Add other evolving threats, such as fileless malware and zero-day attacks, and protecting clients becomes problematic.Adding to the challenge are false positives. Currently, IDS, SIEMs, and EDRs are churning out more false positives than ever, and that’s overwhelming teams that are already understaffed and insufficiently budgeted.Why a Preemptive Defense Strategy?
As I touched on earlier, at the heart of this issue is the failure of traditional detection and response models, to put it bluntly, detect and respond. This failure ties back to their very design—TDR is designed to react to attacks when the right signs emerge. Like the alarm system on your home. But what happens when attacks don’t show any of the classic signals? They avoid detection.This helps explain the growing talk about preemptive defense. Unlike the traditional reactive offerings, preemptive cyber defense is a prevention-first approach to stopping ransomware and advanced cyber threats before they disrupt a business—blocking exploits, neutralizing ransomware, and eliminating dwell time altogether. For MSSPs, this shift is game-changing. It reduces alert overload, minimizes analyst fatigue, and delivers faster, cleaner protection to clients.But that’s just the start. Preemptive defense approaches eliminate weak links. Like a chain, a business’s defense is only as strong as its weakest link. In this instance, the weakest link is a company’s continued reliance on security investments that are limited in scope and do not span their complete environment. When you consider the current threat environment, where attackers exhaust efforts to find a weakness, this approach asks for trouble. Another advantage is consistency. In the world of cybersecurity, inconsistency in areas such as enforcement, training, and technology adoption is problematic. With a preemptive approach comes uniform security policies, centralized management, and consistent threat intel across all customers, which results in stronger resilience and easier oversight.Then, there are long-term savings. When you purchase a solution, wallets should focus less on the upfront costs and more on the savings that come every time the system mitigates an attack and avoids costly downtime—according to research from Nordlayer, the average cost of downtime is $9,000 per minute or $540,000 per hour. That’s across all industries. And don’t overlook the reputational damage that comes with an incident, where trust and loyalty are quickly eroded and customers jump ship to the competition. Add it all up, and the savings that come with preventing the breach is a bargain.And let’s not forget about compliance. Pressure to comply with key regulations such as HIPAA, PCI DSS v4, and many others has never been higher. By covering all the bases I’ve touched on above, a preemptive approach ensures that companies are in compliance with all key regulations.What Comes Next?
Before acting, I should point out that, in most cases, preemptive defense investments are not a replacement for traditional elements that an MSSP may have in place. While these may be ineffective against many of the latest attacks, such as zero-day threats, they remain vital to your overall defense. Now, as you begin investigating preemptive cyber defense solutions, you’ll find that there are many components to choose from, including Automated Moving Target Defense (AMTD). AMTD uses polymorphism, deception, and evasion to obfuscate targets, dynamically changing attack surfaces to confuse and stop potential attackers and potentially costly Attacks. Additional elements to consider include Attack Surface Management, Predictive Threat Analysis, Automated Security Scanning and Testing, and Adaptive Exposure Management (AEM). Whatever course you take, one thing is for sure. Counting on a reactive approach to protect a business in today’s attack climate will be a losing battle. With preemptive approaches, businesses can diffuse threats BEFORE they gain a foothold and cause massive disruption. In addition, businesses can alleviate your teams, who, rather than juggling alerts or recovering from breaches, can spend more time doing what they do best, levering the new levels of visibility that come via real-time monitoring to identify high-risk software, shadow IT, and misconfigurations and ensure the ongoing protection and health of matters most, the business.MSSP Alert Perspectives columns are written by trusted members of the managed security services, value-added reseller and solution provider channels or MSSP Alert's staff. Do you have a unique perspective you want to share? Check out our guidelines here and send a pitch to [email protected].
