In 2017, we predict that the Managed Security Services Providers market will continue to grow as security vendors start to offer their own security services.
A short disclaimer: yes, we are aware that this isn't an eye-popping prediction as every single year, since the acronym MSSP was put in place, this market continues to grow. We cannot ignore, though, the fact that this growth trend will continue throughout 2017, to a point where security companies will need to enable managed services themselves or integrate and sell their products mainly via MSSPs. Beyond the stats on this growing market (expected to exceed $17 billion in 2016), we witness this on a daily basis with customers where they simply cannot manage security on their own.
Cyber security is a complex topic, outside the traditional realm of IT, and requires specific knowledge and skill-sets. In addition, Incident Response processes take time that companies don’t typically have. It should then come as no surprise that many organizations typically have problems keeping pace with security needs. Not only is it difficult for them to change the IT culture to one that embraces a security strategy, but they also run into another problem where people that have the skill-sets are reluctant to join companies where security is not part of the core business. Many people with a cyber-security background prefer to be part of the “action” and would rather work in an enterprise such as a bank or Managed Security Service Provider (MSSP) where they can challenge themselves, apply their specialized knowledge and up level their skills.
What requirements should organizations request their MSSPs to deliver?
- A strategy for security best practices within the company. The strategy should be practical, taking into consideration the business operations and requirements. For example, the MSSP should be aware that unplugging a worker’s laptop once a threat is found on the device could mean lost productivity and an impact on financials. While most MSSPs won’t provide strategy implementation and its continuous review there are numerous consultants that can do this. For example, the consultant should be able to train employees on basic security hygiene practices – from phishing to password policies. The consultant should not only train on the security best practices but also ensure that password policies are in place, and in fact are enforced. While this won’t eliminate attacks, it will reduce the attack surface.
- Knowledge of security regulations. Certain regulations require that organizations deploy anti-virus in their environment. To ensure that the business complies with the regulation, the MSSP should be able to provide the business with that checkbox.
- Understanding of the security landscape. An MSSP that’s knee-deep in security knows that no matter how many defenses are placed at the front door, a cyber-attacker will find its way in through a window. To address advanced threats, the MSSP should also put solutions in place under the assumption that the organizational environment is already compromised.
- Forensics capabilities. With the given notion that advanced attacks will penetrate the organizational environment, the MSSP should also have forensics expertise that allows them to get insight into the full evidence trail of the attack. The advantage of this knowledge is two-fold: first, forensics brings an understanding of the attack that allows for the tweaking of other deployed tools based on threat analysis. Second, the forensics team can quickly apply the newly-gained knowledge to prevent the threat from carrying out its action on another device.
- Remediation capabilities. Once the threat is prevented and analyzed, the MSSP should be able to contain the threat and even remove it from the system.