Reinventing Managed Security Service Providers (MSSPs)

The world of cyber security continues to evolve and grown. There are numerous threats that we need to consider in today’s continuously on and connected environment. Nclose provides you with reassurance and facilitates regulatory compliance by delivering a comprehensive list of vulnerability assessment and penetration testing services. We are excited to be working with the Nclose team to grow their brand presence and learning more about the cyber security and systems space.

Read one of their latest featured articles where Paul, from their team explores the reinvention of the Managed Security Service Providers (MSSPs).

The reinvention of the MSSP

by Paul Grapendaal, Head of Managed Services at Nclose

Managed security service providers (MSSPs) are likely to be in the spotlight over the next few years as the scale and sophistication of cyberattacks increase at alarming rates. In its latest report, the SA Banking Risk Information Centre found that cybercrime costs the South African economy R2.2-billion a year. Data points to notable increases in phishing, impersonation fraud, mobile malware and ransomware attacks.

But the MSSP model – and CISOs’ expectations of what value an MSSP should deliver – will have to evolve. Staying stuck in a reactive state with poor visibility and a lack of appropriate response capabilities means many organisations are simply waiting for the inevitable system breach to inform how and where they should bolster defences.  

MSSPs old and new

Traditionally, MSSPs were used by organisations as an outsourced partner for certain IT security functions. Within this model, MSSPs would provide some level of security monitoring, vulnerability risk assessment, threat intelligence and general support with compliance requirements, such as Europe’s GDPR and South Africa’s POPI Act.

The value proposition was clear: by outsourcing some functions, the organisation could better manage and contain costs without having to attract and retain certain key skills. But too often it left organisations reactive: change would only occur after the fact (once systems have been breached or compromised).

Today, an evolving threat landscape and heightened risk of being targeted by cybercriminals makes passive security management obsolete. CISOs want full visibility over the entire security landscape in real time, and demand the ability to respond quickly and effectively to any emerging threats.

This is partly because security has become a boardroom-level issue: most companies will experience a form of cyberattack at some point, and it’s not uncommon for CISOs – especially those in high-risk industries such as banking – to report to board members following a breach.

Maintaining stakeholder trust in the wake of a breach requires disclosure over the extent of the breach, which systems were affected, and what measures are being taken to restore full business productivity. A traditional, reactive MSSP model is simply inadequate.

The MSSP/MDR model

A new MSSP model – augmented with Managed Detection and Response (MDR) capabilities – is emerging as a viable alternative to the older delivery model. MDR is a fairly new discipline within cybersecurity that focuses on actively searching for threats and providing appropriate response measures to eliminate the threat, including steps to avoiding similar issues in future.

What does this look like in practice? Let’s say the MDR team detects malware on some production systems. The MSSP will launch an investigation, and then work with MDR to determine the best corrective measures for repairing the issue as quickly as possible, and suggest additional measures to avoid similar incidents in future. When MDR detects something that is more operational in nature, the MSSP can remediate the issue and resolve any associated risks without client involvement, freeing up valuable time.

When organisations use the same provider for both MDR and MSSP requirements, there are additional gains in efficiency and cost-savings. There is also less risk of alert fatigue, which is a common problem with many of the SIEM technologies. By combining MDR and MSSP, the provider can alleviate pressure on the client’s side by combining tech (MSSP) and alerts (MDR) with corrective action.

It also gives organisations the opportunity to add more stringent requirements to service-level agreements. For MSSPs, most service-level agreements relate less to security and more just to maintaining system uptime. There’s little ownership on the part of the MSSP to fix problems.

While it’s attractive to expect MSSPs to just automatically cover every aspect of the security landscape, there’s only so much an MSSP can do until an event occurs that creates visibility of certain gaps in the security controls. MDR assists by raising the visibility of every security event and helping to uncover gaps in the security controls that are unique to the client environment and which, under normal circumstances, would remain undiscovered by the client and service provider.

Adopting an evolved MSSP offering that combines forces with managed detection and response capabilities gives organisations greater visibility over their systems and enable them to quickly address and repair vulnerabilities while continuously delivering greater value over time.

Organisations should ask whether their MSSP still deliver value and innovation while making their lives easier. If not, it’s time for a change.

If you are going to be at CISO Africa this coming week, be sure to pop past the Nclose sand and chat to the team. Martin Potgieter, Technical Director at Nclose, will also be presenting to the conference delegates on Incident Response.

Martin Potgieter, Technical Director at Nclose, will also be presenting to the conference delegates on Incident Response at CISO Africa 2020.

We look forward to seeing you there!

Leave a Reply

Your email address will not be published. Required fields are marked *