Time For MSSPs To Step Up To Task Of Enterprise Security Management
By Faiz Shuja, SIRP Labs
It’s no secret that there are always plenty more cybersecurity job vacancies than experienced professionals to fill them. There just aren’t enough people with the right cybersecurity qualifications to go round. This shortfall in human resource together with the rising complexities of securing IT networks against increasingly sophisticated cyberattacks is giving the criminals the edge. As a result, it is estimated that more than half of global companies are more likely to be susceptible to attacks.
As if things weren’t difficult enough already, the situation has been exacerbated by the COVID-19 pandemic which has forced people to work from a less secure home environment. At the same time, it causes inconvenience and delay for those studying and training to join the industry.
The shortage of skilled professionals looks set for the foreseeable future. It presents Managed Security Service Providers (MSSPs) with a huge opportunity to step up and offer much-needed cybersecurity skills and technology to help businesses stay safe. To do this effectively MSSPs are choosing to automate much of the security incident and response process. Automation lets them optimize their services without being overdependent on finding additional human resources.
Too Much Work, Not Enough Staff
The latest figures about the number of additional professionals needed to bridge the cyber skills gap throws the challenge facing businesses into sharp relief. The (ISC)2 Cybersecurity Workforce Study shows that the number of trained professionals working in cybersecurity needs to more than double to meet current requirements. The global shortfall amounts to four million workers. With no indication that anywhere near enough recruits will be found any time soon, businesses everywhere will continue to struggle to find enough staff for their IT security teams and Security Operations Centres (SOCs).
The good news for MSSPs is that not only does this provide them with a growing market, but they also can make for more attractive places of employment for security admins and analysts than in-house SOCs. The work tends to be more varied, offering the chance to experience protection services for a range of businesses. This can appeal to experienced security professionals wanting a more challenging and stimulating work environment.
The pressure on in-house SOCs is amplified by a rising tide of threat alerts emerging from Security Information and Event Management (SIEM) platforms. The average SIEM at a midsized enterprise can produce several thousand alerts each day, far too many to resolve manually. According to our research, almost a third (29 percent) of security analysts believe missed alerts due to high volumes are a significant, even serious, problem.
There is also the consideration that security analysts are being hampered by having to use 12 security tools on average (rising to 50 different platforms at the biggest enterprises) in their day to day roles. Pivoting between each one, sometimes on different machines is another drain on their already limited time.
An MSSP’s competitive edge lies in its capacity to deliver a cost-effective and efficient service that’s better than anyone else’s. They can only achieve this if their processes and resources are far above anything available in-house.
Given that professional cyberskills are at a premium they must look to productivity and efficiency savings through process automation. One option is to deploy a Security, Orchestration, Automation, and Response (SOAR) platform. A SOAR infuses threat alerts from a wide range of security tools, including SIEM, into a single platform. The latest platforms will automatically assign a risk-value to different alerts, allowing security analysts to determine at-a-glance where to prioritize their investigations.
With a SOAR an MSSP can deliver 24/7 services with less staff to their clients. Lower-level alerts and false positives are dealt with automatically day and night. It frees up security analysts to focus on the more interesting incidents. Better still, unifying the output from multiple security solutions into one easy to use interface saves analysts from constantly switching their attention from platform to platform when tracking down and mitigating potential security risks.
The Opportunity To Expand
Automation, therefore, gives MSSPs a valuable edge in offering a package of managed security services comprising technology, processes, and people. It also can help them go one step further to help in-house SOCs who want to save costs by outsourcing this aspect of the business, known as SOC-as-a-Service.
Traditionally the only way to manage the cybersecurity operations for an organization is for the MSSP to send in its team to familiarize themselves with the infrastructure. A SOAR, by contrast, quickly infuses information feeds from the incumbent technology, allowing the MSSP’s team to hit the ground running.
Right now, MSSPs have a tremendous opportunity to grow their management of enterprise cybersecurity, but the choice of technology is critical. With a risk-based SOAR platform behind them, MSSPs will be able to provide a cost-effective service that will drastically improve the defense posture of their clients. Done right it’s a model that can easily be replicated across multiple clients.
About The Author
Faiz Shuja is Co-founder and CEO of SIRP Labs.