Managed security service providers (MSSPs) are likely to be in the spotlight over the next few years as the scale and sophistication of cyberattacks increase at alarming rates.ย In its latest report, the SA Banking Risk Information Centre found thatย cybercrime costs the South African economy R2.2-billion a year. Data points to notable increases in phishing, impersonation fraud, mobile malware and ransomware attacks.ย ย
But the MSSP model โ and CISOsโ expectations of whatย valueย an MSSP shouldย deliverย โ will have to evolve. Staying stuck in a reactive stateย withย poor visibility and a lack of appropriate response capabilitiesย means many organisations are simply waiting for the inevitable system breach to inform how and where they should bolster defences.ย ย ย
MSSPs old and newย
Traditionally, MSSPs were used by organisations as an outsourced partner for certain IT security functions. Within this model, MSSPs would provide some level of security monitoring, vulnerability risk assessment, threat intelligenceย and general support with compliance requirements, such as Europeโs GDPR and South Africaโsย POPI Act.ย ย
The value proposition was clear: by outsourcing some functions, the organisation couldย better manage and contain costs without having to attract and retain certain key skills.ย But too often it left organisations reactive: change would onlyย occur after the fact (once systems have been breached orย compromised).ย
Today, anย evolvingย threat landscape andย heightened risk of being targeted by cybercriminalsย makes passive security management obsolete.ย CISOs want full visibility over theย entireย security landscape in real time, andย demandย the ability to respond quickly and effectively to any emerging threats.ย ย
This is partly because securityย has becomeย a boardroom-level issue: most companies will experienceย aย form of cyberattack at some point, and itโs not uncommon for CISOs โ especially those in high-risk industries such as banking โ to reportย to board members following a breach.ย ย
Maintaining stakeholder trust in the wake of a breachย requiresย disclosure over the extent of the breach,ย which systems were affected, and what measures are being taken to restore full business productivity.ย A traditional, reactiveย MSSP model isย simplyย inadequate.ย
ย The MSSP/MDRย modelย
Aย newย MSSP modelย –ย augmented with Managed Detection and Response (MDR) capabilitiesย –ย is emerging as a viable alternative to the older delivery model. MDR is a fairly new discipline within cybersecurity that focuses on activelyย searchingย for threats andย providingย appropriate response measures to eliminate the threat,ย includingย steps to avoiding similar issues in future.ย ย
What does this look like in practice?ย Letโs say the MDR team detects malware on some production systems.ย The MSSP will launch an investigation, and then work with MDR to determine the best corrective measures for repairing theย issue as quickly as possible, and suggest additional measures to avoid similar incidents in future.ย When MDR detects something that is more operational in nature, the MSSP can remediate the issue and resolve any associated risks without client involvement,ย freeing up valuable time.ย
Whenย organisations use the same provider for both MDR and MSSP requirements, there are additional gains in efficiencyย andย cost-savings. There is also less risk of alert fatigue, which is a common problem with many of the SIEM technologies. Byย combining MDR and MSSP, the provider can alleviate pressure on the clientโs side by combining tech (MSSP) and alerts (MDR) with corrective action.ย
It also gives organisationsย the opportunity to add more stringent requirements to service-level agreements. For MSSPs, most service-level agreements relate less to security and more just to maintaining system uptime.ย Thereโs little ownership on the part of the MSSP to fix problems.ย
While itโs attractive to expect MSSPs to just automatically cover every aspect of the security landscape, thereโs only so much an MSSP can do until an event occurs that creates visibility of certain gapsย inย the security controls.ย MDR assistsย by raising the visibility of every security event and helping to uncover gaps in the security controls that are unique to the client environment andย which, under normal circumstances,ย would remain undiscovered by the client and service provider.ย
Adoptingย an evolved MSSP offering that combines forces with managed detection and response capabilitiesย givesย organisationsย greater visibility over their systemsย andย enable them toย quicklyย address and repair vulnerabilitiesย whileย continuously deliveringย greater value over time.ย
Organisations should ask whether their MSSPย still deliver value and innovation while making their lives easier. If not, itโs time for a change.ย