Matt Lawrence, Head of Defense Security at JUMPSEC, highlights the challenges organizations face when detecting and responding to cyber threats, and how to ensure maximum value from MSSP.
Our industry faces a shortage of skilled and experienced professionals, which puts pressure on companies to find and retain qualified and reliable security personnel.
The emergence of specialized cybersecurity and managed consultants (MSSPs) is backed by organizations that value the lower investment cost and greater expertise that these companies can provide. Outsourcing removes the problems associated with inexperienced talent, yet MSSPs also struggle with employee retention, analyst fatigue, and ever-increasing staffing costs.
Many organizations today are at risk of transitioning to toxic work environments characterized by long and indivisible working hours and excessive workloads. To combat this, we must work towards better business models that ensure sustainable service delivery.
To succeed, it is essential for service providers to find a way to attract high-level talent and avoid the growing trend of analyst disappointment and burnout. To help with this, here are seven Main principles for MSSPs that aim to help address current challenges facing buyers and providers of cybersecurity services.
1: Enhancing people with technology
Both human-centric and product offerings have significant limitations, which contribute to low service standards and unsustainable operating practices.
Today’s most effective models keep smart human workers at their heart. Failure to take advantage of technology will cause outsourcing providers to continue to be left behind. The use of intelligent automation and advanced technology is essential to simplify the “manual” effort and focus time and resources on the areas that matter most. However, this approach is only possible if…
2: Be realistic and find out what’s important
The industry has an unhealthy obsession with “100% detection,” which is a symptom of a failure to understand what an effective cyber defense might look like.
It is impossible to achieve 100% prevention or detection. Stretching resources too thinly by expecting analysts to process the excessive number of alerts required for the 100% discovery illusion makes them less effective just by encouraging erratic behaviors.
Instead, organizations should focus on building a strong baseline of defensive controls with a set of environmentally friendly disclosures. This should include relevant detections of commonly used TTPs, as well as, in context, detections tailored to the ways in which attackers are likely to traverse the environment.
3: Reply to the front foot
Detection makes no sense without the ability to do something about it – but response remains a glaring capacity gap for many organizations and service providers.
Our experience managing and responding to real-world cyber attacks has provided first-hand knowledge of how unprepared organizations fail to effectively handle security incidents. From poor decision making under stress and ineffective communication channels to untested backup, recovery and redundancy procedures, most organizations cannot respond effectively.
This problem is compounded in that most typical MSSPs prioritize detection over response. Threat containment and eradication is not always included in the service offering. Often times, this is returned to the customer or a third party. When a response is included, it is often slow-moving, hampered by the absence of common operating procedures and poorly articulated roles and responsibilities (as well as the issue of general lack of resources). No third party can adequately fill this gap, and there is no substitute for strong rules of the game and a well-trained internal team when responding to an incident.
4: Avoid dependency and enable progress
One of the biggest misconceptions in cybersecurity is that if you outsource to a suitable provider or purchase the right “silver solution” product, the problem goes away.
MSSP is only as effective as the security baseline of the organizations you work with. The second principle (being pragmatic and finding out what’s important) stresses the importance of a pragmatic and realistic approach to detecting threats. This becomes more difficult, even impossible, if the client has an impenetrable network riddled with vulnerabilities and misconfigurations. An MSSP that is willing to accept the risks of defending a fundamentally insecure organization – while maintaining standard service level agreements – does not act in the interests of its clients or employees.
We must help customers improve themselves and leave them safer than when we started working with them, and raise awareness and appreciation for the importance of effective cybersecurity across the organization. Without this, it is difficult for any MSSP to succeed.
5: Be visible and transparent
When responding to client incidents, we often encounter situations where the client has noticed signs of malicious activity before being notified by MSSP. Sometimes MSSP fails to find evidence of maliciousness at all (despite, in some cases, clear indications of a persistent ransomware attack).
The main problem here is that the communication and visibility that many MSSPs provide is poor. This can lead to a false sense of security and the idea that “there is no good news”, which can lead to loopholes being lost in discovery until a compromise occurs.
It is important that customers have confidence and evidence that your solution is as effective as we say. This means continually testing and verifying that defenses remain effective – taking into account both emerging attacker’s TTPs and network changes that may interfere with configuration of detections.
It is beneficial to use a mixture of offensive and defensive specialist consultants. This symbiotic relationship enables defenses To be constantly updated to reflect the latest attacker TTPs. While crimes They can be continually improved to circumvent those controls – allowing defenses to be strengthened before an attacker can overtake them in the wild.
6: Be flexible and adaptable
Most organizations have already invested in security tools, products, and services. Likewise, no two organizations will have the same digital infrastructure and processes. Despite this, most MSSPs are looking to use a standard, technology-stacked deployment approach – even when investments made by the client may already offer the same benefits if used correctly.
Before making deployment decisions, it’s important not to get tied to a particular technology stack and always think about what’s already on the customer’s network. Most organizations fail to extract maximum value from their products and services. Harnessing it as part of the service will ensure that it is used to its fullest potential, avoiding the need to duplicate historical investments.
7: Embed continuous improvement
In addition to encouraging customer development and advancement, we want to do the same for ourselves. The ISACA 2022 The report cited limited opportunities for progress and a lack of support as major factors driving analysts’ dissatisfaction. We believe that the best way to offer development opportunities is through continuous innovation – finding more efficient ways to do core tasks. This means spending more time working on more progressive initiatives.
With an ongoing commitment to “making ourselves obsolete”, the MSSP can open up even more exciting opportunities to work alongside clients. This means looking for incremental improvements, no matter how small, without waiting for major shifts or upgrades – while increasing increments.
In short, MSSPs need to work smarter and treat existing industry professionals better by creating more sustainable systems to maximize their performance and stop analyst fatigue.
#Ways #Maximize #Effectiveness #MSSP