You don’t have to look far these days to see that cybersecurity has become one of the key issues that MSPs (managed service providers) are currently called upon to address right now – especially for small and medium-sized businesses. Yet today’s MSPs often face significant challenges when it comes to delivering managed security services that provide the comprehensive “prevent, detect and respond” capabilities their clients need. And that’s often because they’re cobbling together single-function technologies from multiple vendors and struggling to operate them efficiently or even effectively.
The truth is it takes more than just a package of independent tools to deliver a successful managed detection and response (MDR) service. Still, the cybersecurity market is flooded with point solutions that promise to provide a silver bullet for a very narrow scope of security, such as email security, application security, endpoint protection, network traffic analysis and so on. But most companies don’t have the resources or specialised skillsets to cobble those solutions together, manage the integrations and then build the expertise necessary to optimise the outcomes for each of them. And the vendors selling those technologies often leave their customer to “figure it out” on their own.
To provide the protection that today’s cybersecurity landscape demands, an MDR service must include a unified security monitoring platform that covers both the network and endpoints, leverages machine-learning automation and is driven by a well-staffed security operations centre (SOC). That becomes an especially relevant factor in light of the industry’s current shortage of qualified cybersecurity practitioners. No one can afford to manage and maintain an MDR solution that has been pieced together from multiple vendors. And its similarly unrealistic to think that MSPs can adequately master all the third-party technology on the market today.
In today’s world, it’s become crucial to work with a partner who can deliver “cybersecurity convergence” that unites security information and event management (SIEM), endpoint detection and response (EDR), and behaviour analysis in a single platform.
A greater payoff
Of course, as an MSP, you may find yourself working with an MSSP (managed security services provider) to offer your clients a broader, more feasible solution. MSSPs are typically well positioned to help resolve the issues that emerge when combining multiple solutions from multiple vendors. They do it by bringing consolidated, right-sized tech of their own (SIEM and EDR, for example), balancing power and practicality.
In other words, some MSSPs can offer a full range of compatible cybersecurity capabilities on a single platform – which can even include a 24/7 SOC-as-a-service. So, in turn, you can offer small-to-medium sized businesses an opportunity to take advantage of the technology and security skills that are typically available only to larger companies, without forcing them to extend their budgets to pay for the high-level personnel and extensive technology necessary to maintain an in-house SOC. At the same time, you can deliver an unmatched ability to deliver on the promise of MDR and regulatory compliance management.
There is, however, more to protecting small businesses than just hardware and software. First, MSPs really need to become familiar with the NIST cybersecurity framework; not just the NIST compliance frameworks, but the best practices that should provide the backbone of any conversations around what a company’s cybersecurity strategy should look like. And second, MSPs need to pay extra attention to their own cybersecurity measures. There are multiple Dark Web studies showing that plenty of threat actors are targeting MSPs.
The reasons are obvious. A single MSP can provide attackers with entry to dozens – or even hundreds – of businesses. Attracted by the economies of scale, it didn’t take much for attackers to realise that targeting MSPs offered a far greater payoff than going after one vulnerable SMB or municipality at a time. The situation is akin to using a huge net to haul in thousands of fish once, instead of casting a line to bring in just one fish at a time.
Recognising those risks, it should come as little surprise that a significant percentage of customers have said they would consider suing their MSP if it’s been breached. That means MSPs definitely need to pay extra attention to their own cybersecurity measures.
Now, with many businesses having sent their employees to work from home, the risk is even greater. Many of those businesses had protected their employees’ workstations with solutions that required them to be connected to the corporate network. Many of these solutions rely on a hardware appliance that is still sitting in the office or data centre – not protecting these employees. Also, many employees are using personal computers for work as a result. These computers were never in-scope of their corporate cybersecurity operations. These two factors – corporate assets leaving the corporate network and personal devices accessing corporate data – has greatly increased the risk of a data breach. This is where agent-based managed security services that deliver both SIEM and EDR capability can provide much needed remote workforce threat detection.
The moral of the story is this: Cybersecurity is an arms race, which has resulted in an impossibly fragmented market of “tools” for the good guys, leading to greater dysfunction and risk because there are too many independent, well-intentioned but narrowly focused solutions out there – and too few staffers to manage them.
Cybersecurity convergence unites the necessary technology on a single platform, co-managed by the MSP and a 24/7 dedicated SOC to ensure optimal cyber-threat protection in a practical and cost-efficient manner.
As IT business leaders set their eyes on supporting and securing a remote workforce – while dealing with new IT challenges and dedicating time to supporting their businesses – they’re also focused on advancing innovation and productivity measures to combat their unavoidable financial difficulties. Now, more than ever, the IT security community must look to cybersecurity consolidation, convergence and simplification as the keys to tackling the issues that matter most to their organisations.
Guy Cunningham, Senior Vice President of Channel & Alliances, Netsurion