Content, Security Program Controls/Technologies

Research: Outsource Managed Cybersecurity to MSSPs

Many information security professionals are leveraging managed security services providers (MSSPs) to combat internal and external cyber treats, which is reflected in a recent survey conducted by cybersecurity company Trustwave.

The Trustwave "2017 Security Pressures Report" indicated 34 percent of information security professionals said they have partnered with an MSSP to extend an organization's security coverage against sophisticated threats.

In addition, the report revealed 33 percent of information security professionals stated they have partnered with an MSSP to adopt, implement and operate hard-to-use security technologies, and 31 percent have worked with an MSSP to help compensate for a skills shortage.

Cybersecurity Pressure Is Increasing

The 2017 Security Pressures Report explored the pressure in-house information security professionals face and the drivers behind that pressure, and key findings included:

  • 53 percent of information security professionals said they are facing increased pressure to protect their organization.
  • 46 percent noted boards of directors, owners and C-level executives are the most common sources of information security pressure.
  • 42 percent named reputational damage to themselves and their organization as their biggest fear after a cyberattack or data breach.
  • 30 percent ranked customer data theft as the most worrisome outcome of a cyberattack or data breach.
  • 29 percent stated they believe advanced security threats are the biggest threat to information security professionals, followed by shortage of security expertise (15 percent).

The report also indicated cybersecurity pressure is becoming more personal – something that may cause problems for information security professionals and organizations alike.

How to Become an MSSP

Becoming an MSSP requires a complex mix of cybersecurity technology and talent, according to Gartner.

In the Gartner "2017 Magic Quadrant for MSSPs," the technology research firm indicated managed security services include the following capabilities:

  1. Monitored or managed firewalls and multifunction firewalls, or unified threat management (UTM) technology.
  2. Monitored or managed intrusion detection and intrusion prevention systems (IDPSs).
  3. Managed or monitored security gateways for web and email traffic.
  4. Monitoring and/or management of advanced threat defense technologies, or the provision of those capabilities as a service.
  5. Security analysis and reporting of events collected from IT infrastructure logs.
  6. Reporting associated with monitored/managed devices and incident response.
  7. Managed vulnerability scanning of networks, servers, databases or applications.
  8. Monitoring or management of customer-deployed security information and event management (SIEM) technologies.
  9. Distributed denial-of-service (DDoS) mitigation via a remotely managed service.

As cybersecurity pressure on information security professionals increases in organizations around the globe, the demand for MSSPs may rise as well.

Markets and Markets has projected the global managed security services market will expand at a compound annual growth rate (CAGR) of 14.6 percent between 2016 and 2021. Also, the market research firm has estimated this sector will be worth nearly $33.7 billion by 2021.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.