Don’t get stuck in “analysis paralysis” trying to find the right managed security services provider. Insights from Forrester help you evaluate managed detection and response (MDR) services.
Cloud migration is essential, and cloud security is too. Forrester compiled their cloud migration security best practices into one report.
Do you need a survival guide to find the right Managed Security Services Provider (MSSP)? Don’t get stuck in “analysis paralysis.” Forrester Research and Masergy joined forces to help IT professionals navigate the world of outsourced security services and managed detection and response solutions. The following is a summary of a webinar with Masergy V.P. of Security Craig D’Abreo and Forrester Principal Analyst and featured speaker Jeff Pollard, who offer insights and recommendations for enterprises seeking to understand the MSSP market and how to evaluate providers.
Today’s threat landscape is a highly asymmetric battlefield that heavily favors the attacker. To survive, most organizations need security partners with a comprehensive solution set including advanced machine learning as well as incident response plans backed by 24/7 continuous monitoring. But the security services market has become so saturated that it can be difficult to decide who should be trusted to protect your most important asset–your company data. Choosing an MSSP can also be daunting, because the selection process is about more than just the features of a given cybersecurity solution. It’s a contract to deliver services over a number of years, and once selected, you’re committed to learn to work with your MSSP.
While most enterprises are familiar with managed security services that provide 24/7 monitoring and distill masses of security system log (syslog) alerts down to a small number of action items and follow-up tasks for IT teams, many professionals are still familiarizing themselves with managed detection and response services (MDR). MDR expands the scope of security monitoring services by helping customers not just identify the top-priority alerts but also respond to them, taking real action.
MDR is advantageous for one simple reason–it helps enterprises cover more ground. While it is perhaps obvious, it deserves the call out: It covers detection and response, driving to incident resolution. Instead of budget battling between investments in detection, prevention, and response, MDR covers it all. You have both detection and response capabilities within the service and technology suite.
Even with traditional security monitoring services augmenting their efforts, IT departments still struggle to stay afloat. Executives continue to find their teams overtasked and understaffed, according to Forrester’s Data Global Business Technographics® Security Survey.
The goal with managed detection and response is that someone is taking an active role inside your environment and performing actions that you have given them permission to perform. That’s very different from traditional services, which simply monitor alerts and create a prioritized list of action items.
The continually overtasked IT team is one of the key reasons MDR is an industry on the rise. Enterprises have been interested in as-a-service solutions, and many purchased technology that they simply couldn’t support from a personnel and skill sets perspective. With the rapid expansion of the security industry offering endpoint visibility and control, enterprises began realizing the need for the extra security coverage; however, many couldn’t run those technologies on a 24/7 basis. Therefore, investments were underutilized and not optimized. As these dynamics collided along with the recent rise in cybersecurity and ransomware attacks, the stage was set for MDR. Enterprises were asking their partners for more help, and providers were more than willing to serve those needs. Adding response tasks to their list of offerings is often a natural extension of their business model.
Given that partners are now being trusted to act on behalf of enterprise IT teams, executives should deepen their evaluation criteria and look for additional characteristics in their service partner.
“I’d say if you’re spending less than 10% of your IT budget on security, you’re blissfully ignorant. If you’re spending 11-20% or 21-30%, you’re starting to become more aware of what’s happening.”
-Jeff Pollard, Principal Analyst, Forrester
While no amount of spending will ensure total security, a Forrester report provides helpful insights in demonstrating how much IT spend is likely NOT enough. A study titled Security Budgets 2018: Uncertainty Trumps Normalcy finds that companies that spend between 0-10% of their IT budget on security have low situational awareness and poorer visibility into their security posture.
As the scope of traditional security services expands, so too does the framework of service offerings. Today’s comprehensive detection and response solutions are more holistic ecosystems. Take Masergy’s MDR solution as an example:
“You’ll notice a theme throughout the entire Masergy Managed Security Services platform—we take in various sources of security data and the goal is to correlate that information with other pieces of data coming into the platform,” said Craig D’Abreo, V.P. of Security at Masergy. “We believe this is an extremely important piece of any advanced security infrastructure.”
“We didn’t have a specific security signature looking for this activity. This all came up as a result of behavioral analytics. Masergy’s deployed sensors revealed the anomalous behavior. It allowed us to determine something suspicious was going on,” recalled D’Abreo. “This case is a great example of how people, process, and technologies must work together to build the most effective detection and response program.”
“CASB solutions provide very helpful data containerization capabilities that can be used to prevent situations like these,” explained D’Abreo. “Job functions may require employees to view certain files with sensitive information, but when it comes to copying and pasting that information into other third-party systems, technology should stop the user. With data containerization, you can do just that.”
“There’s really no way to organically monitor security activity within cloud infrastructures,” added D’Abreo. “This is why our customers deploy Cloud Workload Protection in every single one of those instances within their virtual private cloud environment. Not only can you run vulnerability scans against each of the instances, but you can also set up very specific configurations for security monitoring.”
Service partnerships have become the common approach used to survive and mitigate cybersecurity risks today. Backed by professional teams, IT leaders are better positioned to deliver on tactical security demands and supply their organizations with the specialized talent needed to respond to evolving security threats. MSSPs act as an extension of the enterprise IT team, underlining the importance of making a wise selection. In the end, managed detection and response is more than just securing an endpoint or monitoring a network. Security partners are active defenders of intellectual property and should be experienced responders committed to the mission of service.