This is the first article in a 3-part series focused on the rise of risk management over traditional threat hunting provided by MSSPs through Managed Security Services (MSS).
As we come closer to wrapping up 2018, it is time to talk about the state of Managed Security Services (MSS) and what lies ahead in terms of next-generation security services.
First, a small recap: traditionally, MSS Providers (MSSPs) have focused on monitoring customer environments for detecting intrusions by scanning logs from various sources such as network firewalls, switches, laptops, desktops, servers, applications, etc. When threats surface or attacks occur, security analysts would trawl through these logs to investigate and piece together the incident through a lot of manual processes.
This approach worked well for quite some time until more recently: the attack surface today extends beyond what we can call “conventional IT infrastructure” – organizations no longer just have the usual IT infrastructure.
Today, they have various operational technologies that are networked, right from ATMs to power plants, manufacturing infrastructure, and assembly lines. All of these are now open to attacks – critical, crucial, and very important parts of the business now need to be the scope, not just IT.
In this larger scope, simply monitoring logs is not enough. With this ever-expanding attack surface, the amount of data is growing exponentially, and these sources are increasing in numbers by leaps and bounds. Correlations between events are no longer simple enough or even predictable - they are more complex than ever, and way more unpredictable.
It is no longer about managing intrusion, it is about managing risk.
The next generation of MSS would help drive up security in organizations, with reduced costs, increased accuracy, and have an emphasis on proactive security rather than reactive security.
It is crucial to be proactive when it comes to threat prevention, and mitigating threats at lightning speeds when they do happen.
In order to tackle this ever-changing landscape, the traditional MSS perspective needs to shift: indicators of an attack can come from myriad sources, so analysts need to be on the lookout for not only telltale signs within logs (or any other related sources, for that matter), but also for human behavior. Humans being the weakest link in a security scenario is not a new reality – but it is a more relevant thing now than ever before in today’s super-connected business infrastructure.
Also known as User-Entity Behavior Analysis, mapping human interactions with systems provides key insights and patterns towards preventing and investigating attacks. By understanding how employees interact with business systems, organizations can predict malicious patterns that can help them put a stop to an attack before it may happen.
With the increased growth of the Internet of Things (IoT) and Operational Technologies (OT), the nature of data sources has also changed significantly.
Being able to analyze various data streams such as video footage, temperature sensor data, pressure monitors or assembly line system feeds over and above logs is vital in monitoring and managing risk in today’s business processes. By leveraging technologies such as artificial intelligence and big data, these data sources can be processed in a more automated, efficient, and effective manner.
As the amount of data increases, so do false positives. The next generation of MSS platforms must have ways to deal with this – helping analysts weed out false evidences from the truth.
This efficiency also helps reduce costs and improve the return on security investment (ROSI) in organizations.
Related Post: Cybersecurity Budgeting 101: How to Optimize Your Security Spend for Maximum ROI
The criticality of the decision-making when choosing the right MSSP cannot be understated. Your choice will decide how much your organization will remain secure, vigilant, and cost efficient when it comes to security. The MSSP you should choose must have a converged security risk management approach in their delivery of value to your business.
Before choosing an MSSP for your business, you will have to make sure that the MSSP can protect your current environment and is scalable enough to grow with your evolving business needs and manage your risks along the way.
Questions you may want to ask:
It is important that your MSSP has precise answers to these questions, is familiar with the ever-increasing cybersecurity landscape and is ready to address your needs with an innovative solution that can grow with you.
Companies today need MSSPs that can handle security the way it is today (and the way it will be in the future), not the way it was conventionally done.
At, we are constantly working to stay ahead of the curve and our converged services are always forward looking – we work with organizations to help them stay safe, stay protected, and stay focused on their business without them having to worry about security.
Our ArkAngel platform is designed to evolve with the times by being a holistic risk management platform that enables us to deliver cutting-edge managed security services – for a safer today and a secure tomorrow.
Get in touch with us today to see how we can provide your organization with true value when it comes to risk management – beyond just IT.
