Vibin Shaju, Presales Director – EMEA, Trellix, discusses the value of extended detection and response (XDR) for managed security service providers (MSSPs).
Two years on from our planetwide migration to the cloud, the unease experienced by IT and security teams lingers. Consumers demand more and better digital experiences. Employees demand more flexible working conditions.
The C-suite demands more value and lower costs. And all of this takes place in an atmosphere of skills and resource gaps. On top of all this, everyone from the customer to the board expects delivery of their wish-lists in absolute security. But mounting evidence suggests security teams are not confident in their ability to meet these requirements.
In a global report by Trellix, companies revealed how unprepared they were in battling digital predators, especially when it came to the use of shared data. More than 90% confirmed they were in possession of such data but that it was incomplete and often did not give adequate details of attacks or their effects. This nervousness about the threat landscape can be felt everywhere. A recent PwC report found around 43% of Middle East organizations expected a “surge in reportable incidents” in 2022.
Security teams need help from several quarters. First, their organizations must change their culture to accept that cybersecurity is everyone’s responsibility. And second, IT and business stakeholders must recognize that handling the entire security function in house is no longer viable. Today, in the age of cloud, managed security service providers (MSSPs) are increasingly the answer to under-resourced and beleaguered teams.
MSSP challenges
MSSPs are also the answer to gaps in strategy. For example, Trellix’s report revealed one in 10 global organizations to be without a security strategy, and many must lean on third-party support to identify the perpetrators of attacks. But it is important to note that these vulnerabilities can extend to MSSPs themselves.
MSPs in general have been the source targets of supply-chain attacks such as those on Kaseya and SolarWinds. So, if MSSPs are to take their place as the go-to solution for plugging skills and resource gaps, they need to think about their own strategies to contend with an increasingly sophisticated threat landscape. And they need to consider how they will sift through the variety of tools currently vying for the title of ‘Cyber Panacea’.
To be an effective partner for the region’s embattled security teams, an MSSP must be able to independently and automatically identify and react to threats without complex SOAR integration. It must be able to convincingly demonstrate how its own back-office and customer-facing systems are protected from advanced persistent threats (APT). And it must link to third-party threat assessments that are made available to the end customer.
The endpoint detection and response (EDR) system used by the MSSP must provide actionable directions when threats are found, so customers can take their own timely steps to mitigate the effects of incursions.
Even for MSSPs, the securing of digital experiences against cyberthreats is challenging. In reality, policy and human commitment must come together with next-level technology to create an enterprise-wide environment of ‘living security’, where all roles and business units participate in defending the digital estate.
On the technology side, extended detection, and response (XDR) is the ideal complement to human agency in building a living-security model. It goes beyond EDR to drive automated responses without complex integration into SOAR for many reactions, delving into telemetry and log data from devices, applications, and shared sources.
The ‘living security’ proposition
For MSSPs to add value, their inter-human coordination (internally and with partners and customers) must come together with their XDR capabilities to create a shared-information ecosystem that can thwart today’s sophisticated threats. To be an effective business partner, MSSPs must be able to offer clients a unified security posture that accounts for post-COVID hybrid setups.
It must allow the organizations it serves to peer into every digital nook and cranny, from the endpoint to the cloud. Security teams that have 4K resolution across their domains will be better placed to see the previously unseeable and take timely action to prevent damage.
XDR used as part of a living-security environment enables faster, more accurate decisions through automation and correlation analysis across multiple vectors. Security teams can go on the offensive for a change, and SOCs, no longer encumbered by a deluge of false positives, can target their efforts more effectively.
An open, interoperable XDR platform backed by a cooperative hive of human ingenuity allows the integration of the toolsets everyone needs to arm themselves against digital adversaries. XDR and living security form a hybrid threat posture that learns, adapts, and empowers people to be proactive in their own protection.
XDR has been gaining popularity in the industry. But many organizations that engage with an XDR vendor are left with buyer’s remorse. This is because many vendors sell the technology as a one-shot, unified, integrated platform that can do it all.
For MSSPs, the assumption that a single-pane, catchall sentinel can be deployed to watch over all their clients’ infrastructures is erroneous. XDR is still evolving. The living-security approach is one of the best ways to accelerate this evolution. The more data sources and cross-vendor cooperation we cultivate, the more value XDR will be able to add.
MSSPs are on a mission to shield their clients from the cyber battlefield – to fight the fight on their behalf. XDR and living security bring them the right weapons for the job. An end to alert fatigue. Faster, more accurate detection. More effective remediation. Greater visibility and control. XDR and living security are to an ideal MSSP what an ideal MSSP is to its clients – a cost-friendly boon to productivity and effectiveness.