The cyberthreat landscape is constantly evolving and businesses can struggle to keep up. For every threat patched or blocked, two more seem to pop up in its place.
In response, many MSPs offer preventive security services to protect the IT infrastructures of their clients. However, clients are finding that preventive measures are insufficient when faced with today’s sophisticated cyberthreats.
To provide the level of security required, a growing number of MSPs are beginning to investigate ways to add detection and response services to their offerings. The combination of preventive services with detection and response services delivers a proactive security measure that can help a client business stay one step ahead of cybercriminals.
Providing proactive security
MSPs have a range of options when looking to expand their portfolio to include around-the-clock threat detection and response services. Some have even gone to the extent of becoming Managed Security Service Providers (MSSPs).
The build-your-own option
To operate as an MSSP, an MSP will need to establish a Security Operations Centre (SOC), however this is something that can be quite challenging.
For starters, MSPs will need to invest in necessary tools such as a Security Information and Event Management (SIEM) platform that can capture the log feeds from various sources. Secondly, building a team of security analysts and technicians who is available 24/7/365 to monitor and triage incidents that the system has picked up.
This is not a cheap exercise. If a typical SOC analyst’s annual salary is approximately $100,000, to provide 24/7 SOC coverage, at least six of them will be required. That means there will be a yearly spend of $600,000 just for staffing. When you add the cost of on-going training and tools, the annual cost to run a SOC can reach $1 million a year.
The outsourcing option
Another option for MSPs is to outsource the 24/7/365 detection service to an established MSSP. This can help an MSP to expand its security service offering, however it must ensure it is still adding value on top of what the MSSP can offer.
The partnering option
A third alternative is for an MSP to partner with a trusted vendor with a managed SIEM or managed extended detection and response (XDR) services that is backed by a team of round-the-clock SOC experts.
Taking this path will allow an MSP to readily expand its security service offering without burdening its existing resources, investing in costly infrastructure, or staffing for 24/7 coverage.
Taking a multilayered approach
Regardless of the chosen strategy, MSPs that are serious about providing security services must take a multilayered, integrated approach that encompasses all the potential threats to their clients’ networks.
To achieve this, they must offer proactive protection of the two biggest threat vectors: email and endpoints. Providing solid protection in these areas will mean creating a solution portfolio that combines preventive security solutions with a 24x7 threat monitoring capability.
This isn’t always an easy task, but forward-thinking solution providers can make it easier through strategic partnerships. By selecting best-of-breed partners, an MSP can broaden its offering and deliver effective security services to clients.
One element that will need to be in place is eXtended detection and response (XDR) technology. XDR collects and correlates data across multiple security layers to provide faster threat detection and better response times.
This helps to solve the problem of disparate and fragmented threat data generated by disconnected platforms within an enterprise. It is particularly important as more resources are shifted to the cloud and employees continue to work remotely.
Once in place, an XDR platform sifts through the ‘noise’ and pinpoints which incidents require attention. A typical SOC can receive millions of events each month, but between the XDR platform and the security expertise, these events are whittled down to the ones that matter.
While most attacks still originate via email, the traditional method of centrally managed security via firewalls and email filters is no longer sufficient. Managed endpoint protection is needed to ensure only trusted end users, devices and access points can access sensitive data and applications.
In addition, MSPs also need to leverage artificial intelligence and machine learning. These systems adapt to emerging threats while minimizing human error in detection.
The threat landscape is going to continue to evolve and organisations will be looking to their MSP for support. By either creating their own SOC, partnering with an established MSSP, or forging a link with a trusted vendor, an MSP will be well positioned to deliver what their clients require.