The role of the security function at companies of all sizes is managed is many different way, but the process can become fragmented when handled in-house. Scott Dodds, CEO, Ultima, explains how in the current climate, Managed Service Providers (MSPs) can add value, especially when it comes to moving to the cloud.
Many organisations are now seeing a need to digitise operations and are moving to the cloud in large numbers. While this addresses a specific need to scale a business and improve efficiencies, if it is not managed correctly with the necessary security infrastructure in place, the pay-off will be poor visibility and a lack of control over what is happening in the cloud environment.
Outsourcing a business’s security function to a MSP could provide the ability to scale, deliver greater compliance and greater efficiency of cybersecurity solutions – benefits that could all add up to a lot more than just a cost-saving if managed correctly.
But how easy is it to effectively outsource the security function?
What is your current security performance like?
To understand how effective the MSP route for your security function would be, take some time to assess your current needs. Traditionally, in-house threat intelligence would do a true-up of a workload environment once a month or quarter. In its most generic form, a true-up means to match or adjust and raise issues to management. This works fine in an on-premises service, but when you are in the cloud scaling up and down quickly you can end up creating a void if the true-ups only occur infrequently.
As a result, we’ve found that a quarter of all organisations lack critical patches, yet many often don’t realise. This is because a traditional patching service is manual and the patches on servers on virtual machines are only identified once a review is done or worse, when an incident happens.
A common scenario when moving to the cloud is to keep existing security solutions, layering it over the top as best as possible. This gives some form of protection, but visibility over the whole environment is reduced because the cloud works in a very different way to on-premises. Put simply, a traditional security stance or solution won’t work in this instance. So, what other options are there?
Understanding the role of an MSP
Many businesses enlist the help of a MSP but often find that the company provides little value beyond incident alerting. It doesn’t adapt quickly enough to the evolving threat landscape.
It’s worth finding an MSP who has a Managed Detection and Response (MDR) toolset which operates on an outcome-focused approach. This will deliver the actionable insight organisations need to proactively detect current and emerging threats and respond rapidly to incidents. An MDR service supplies the tools needed to detect and respond to threats as well as the people to deploy, configure and monitor them.
An MSP with an MDR toolset will assess the network environment and leverage the different technologies that fit with its specific needs. It will combine multiple toolsets, including Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) tools, providing a bespoke suite of products according to the environment; whether that’s public or hybrid cloud or on-premises.
But the benefits of outsourcing to an MSP extend beyond its toolsets. So, what can MSP offer that traditional security services can’t?
A bespoke service for the whole network
A good MSP will combine cloud security best practice with automation to provide a wrap-around service for the whole network environment. This means you get a bespoke security solution with appropriate MDR. An MSP should initially assess and monitor a customer’s environment for incidents or security-related bad practice and make recommendations on how to fix them. It should score the current security performance to draw a line in the sand as to how the organisation is doing. And this isn’t for traditional servers alone, it should assess all the other components that the cloud uses – something that traditional security services don’t cover.
The next step is to configure an EDR or AV/Next Gen AV solution and centralise all logging into one dashboard that can be easily accessed by the organisation and provider. The dashboard is indispensable for in-house security teams, especially if they are used to manual methods of identifying what is happening across the estate. It’s time intensive and difficult to see what data is coming in and going out, including key destinations and any malicious activity detected in the last 24 hours – all the detail a CISO would want to know about at a high level. The dashboard centralises all the information so they can see what is happening in a simplified format across the board.
Patching, patching, patching
Often de-prioritised in favour of more pressing activities, patch management as a discipline plays a crucial role in an organisation’s ability to fend off threats, while improving stability and functionality. A good MSP will be able to provide a detailed Managed Patch and Compliance Service. They will provide critical updates to security hot fixes, and will keep all your servers, applications and endpoints patched in accordance with a pre-defined schedule and ruleset; allowing you to focus on other areas of your business.
Reduce cloud management time
Not only does a good managed service reduce the threat footprint facing the organisation, it also reduces the time it takes to manage a cloud environment. Patches, checks and incident reporting is automatically taken care of and in-house teams are constantly kept up-to-date.
A key benefit of an MDR solution is that members of an in-house security team are not weighed down by irrelevant alerts. This can amount to hundreds of hours saved across the whole organisation.
Leverage the latest technology
With the threat landscape constantly evolving, it’s important to ensure that detection capabilities keep pace. MDR leverages the latest security tools and threat intelligence to ensure that an organisation is prepared to respond to current and emerging cyberthreats. It uses the best-of-breed network and endpoint monitoring technologies to provide extensive threat visibility across on-premises and cloud environments and to identify any known and unknown threats.
Unfortunately, our research shows more than 60% of companies don’t have endpoint detection and response (EDR) or next-gen anti-virus on their end devices. For some, they don’t know they need it, for others they are tied into long licences with companies that don’t offer EDR yet.
The next-generation of EDR software focuses on tactics, procedures and behaviour-based detection with inbuilt Machine Learning on machines and in the cloud which is based on signatureless detection – this is necessary to detect and stop most threats we are now seeing.
How to choose the right MSP
Outsourcing to an MSP with MDR, EDR and patching solutions is much more cost effective when bringing together a suite of products that service a variety of elements. The cybersecurity sector is very dynamic with lots of changes and acquisitions happening. Best practice would be to choose an MSP who understands the market and uses best-in-breed solutions.
Click below to share this article