Skip to main content

How managed security can close the cybersecurity skills gap

(Image credit: Image Credit: Andrea Danti / Shutterstock)

Recent studies are continually linking an organisation's lack of staffing and skills to its ability to fend off cyberattacks.

Market research firm Vanson Bourne interviewed 775 IT decision makers involved in cybersecurity within their organisations last year, and found one in three say the shortage makes them prime hacking targets, while one in four say it has led to reputational damage and the loss of proprietary data via cyberattack.

The ongoing skill shortage problem has been clear for some time, so in April of last year, a report from SC Magazine was published to highlight it. The survey found that of the IT security professionals surveyed:

  • 64 per cent of respondents agreed that they lack the time to manage all the security activities
  • 49 per cent reported a lack of internal staff to address IT security challenges
  • 48 per cent said they lacked the IT security budget needed to meet those challenges

IT departments are under constant pressure to ensure the safety of their IT networks, while attacks are evolving and emerging at a rapid pace. The increasing complexity of the threat landscape has spawned more complex security technologies to combat those threats. It can be challenging to hire and keep the skills set needed for complex IT security solutions in addition to the requirements of regular monitoring and analysis. 

According to Gartner, “Organisations struggle to deploy, manage and use an effective combination of expertise and tools to detect threats, especially targeted advanced threats and insider threats.”

One such technology that requires expertise along with the time and processes to successfully use it is a Security Information and Event Management (SIEM) solution. This type of tool has a reputation for being a big company technology that requires a large up-front investment and ongoing operational and maintenance expenses to achieve any ROI.

But a properly deployed SIEM solution provides plenty of benefits, from PCI DSS and HIPAA compliance, to detecting the first evidence of a threat or other anomalous behaviour on the network.

SIEM is a key technology in a company’s security arsenal that should be considered an essential tool in defending against intrusions. In short, it is responsible for ingesting the logs generated by all the systems and devices in the infrastructure, and then sorting through them. Anything from a firewall to a server that creates log data is analysed by the SIEM. The log data is fed into the SIEM and then evaluated against a previously created ruleset to determine if there any anomalies – unusual activity that can indicate an attack – and then creates red flags for those that need to be brought to the IT staff’s attention. The SIEM can prioritise these anomalies, sort them, and finally generate alerts for the future based on the data.

It is difficult and expensive to hire and retain a skilled IT security team that has the bandwidth and capability needed to monitor and analyse the alerts and reports produced by SIEM technology. Further complicating this task is that teams must be able to recognise the real threats from the data and know the appropriate remediation steps required to mitigate them.

Hobson's Choice

The shortage of skilled professionals forces a Hobson’s Choice on IT managers between choosing out-of-the-box security offerings or simply outsourcing to managed security service providers (MSSPs). Neither is an ideal solution. Without talent and process discipline, an out-of-the-box offering won’t give you the return on security investment (ROSI) that you’re looking for. 

How about outsourcing? Does it mean ceding control to a third party? Many enterprises don’t want to deal with the cost of losing control, and outsourcing providers offer cookie-cutter, one-size-fits-all solutions, which may not meet a specific enterprise’s needs.

If you’re an IT professional that is facing those problems, and you need to bring “more muscle” to your team, but only on an as-needed basis, there is an alternative solution. A co-sourcing model allows you the access to an expert team of people that can handle things, like making changes to the network, or providing recommendations on remediation. So, enterprises can have access to the expertise and resources they need to run an effective security program without ceding control. In-house teams can focus on a company’s infrastructure rather than having to become experts in a particular vendor’s products and the ever-changing world of IT security.

Managed Detection and Response (MDR) services combine expertise and tools to provide 24/7 monitoring and alerting, as well as remote incident investigation and response that can help to detect and remediate threats. For the best outcome, these advanced toolsets should be outsourced to a managed security firm specialising in this type of service—which includes expert threat researchers that constantly look for new activity that could point to a hacker trying to steal data from your systems.

Technology alone is about 15 per cent of the solution in preventing breaches. Expert analysts and robust, disciplined, and documented processes are the remaining 85 per cent. You don’t have to just buy technology. You can buy the outcome you want—protection for your network and IT assets from the modern cyberthreat landscape. 

Ideal MDR solutions combine technology, expert skills and robust process discipline delivered by a 24/7 security operations centre (SOC). These features provide organisations with the ability to achieve a level of fully-faceted protection from cyberthreats at an attainable price point.

The growth of these types of services is expected to increase and continue to cater to small and mid-sized businesses, so that they have an affordable option for information security solutions. The field is evolving, everyone is constantly looking for new ways to offer managed solutions to this market. One of the most recent service additions in the industry is a honeypot server. A honeypot is comprised of multiple virtualised decoys strategically scattered throughout the network to lure bad actors and sniff out attacks. A honeypot provides the highest value intelligence, identifying suspicious activity specific to the customer’s own environment to proactively hunt down and stop threats.

A.N. Ananth, CEO, EventTracker
Image Credit: Andrea Danti / Shutterstock

Ananth is co-founder/CEO of EventTracker, an architect of the company’s SIEM solution, and a leading expert in IT compliance with 25+ years of experience in IT control and operations.