With more and more organisations looking to a Managed Service Provider (MSP) for help with cyber security, what must MSPs be able to do and provide to compete in this area? Here are some best practice tips for any MSP hoping to address growing demand for outsourced cyber security.
1 Look at security in context
First off, it’s important to gain a full understanding of the security landscape, the make-up of an organisation and the outside influences that can impact the way its security is currently managed.
The structure of in-house IT security teams varies across different businesses, with many roles potentially involved – CISO, risk and compliance groups, security ops centre, threat intelligence teams, malware analysis teams and so on. This complex division of responsibilities may work, but what happens when one element fails?
It is also the case that the pandemic may have had an impact on a company’s security function beyond the increasing prevalence of cyber-attacks. Redundancy rates reached a record high of 14.2 per thousand in the three months leading up to November 2020, which could have a direct and an indirect impact on security. Direct, if specific security roles are deemed redundant, and indirect, if IT resource is relocated to plug a gap elsewhere.
2 Assess security pain-points
When security is managed across a diverse workload, it is common for general vulnerabilities to persist – for example, we’ve found that a quarter of all organisations lack critical patches.
This is challenged further when moving to the cloud. A common scenario is for the organisation to keep existing security solutions, layering the cloud over the top as best they can. This gives some form of protection, but visibility over the whole environment is reduced because the cloud works in a very different way to on-premise.
Traditionally, the in-house team would do a true-up of that environment once a month or quarter. This works fine in an on-premise service, but when you are in the cloud scaling up and down quickly you can end up creating a void if true-ups are infrequent.
3 Understand the threat landscape
To compete in today’s challenging security environment, a solution provider must offer much more than incident response. Managed Detection and Response (MDR) toolsets operate on an outcome-focused approach, so solution providers need to think beyond detecting and responding to threats and consider deploying people to configure and monitor them too.
An MSP with an MDR toolset will assess the network environment and leverage different technologies based on its specific needs. It will combine multiple tools sets including Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) tools, providing a bespoke suite of products according to the environment, whether that’s public or hybrid cloud or on-premise. This approach is essential when dealing with a diverse organisational structure where an out-of-the-box solution will not be fit for purpose.
4 Lead the way in security
A good MSP will combine cloud security best practice with automation to provide a wrap-around service for the whole network environment. This involves assessing and monitoring a customer’s environment for incidents or security-related bad practice and making recommendations on how to fix them. It should score the current security performance to draw a line in the sand showing how the organisation is doing – and not just for traditional servers. It should assess all other components that the cloud uses – something that traditional security services don’t.
5 Patch, patch, patch
Given that a significant proportion of external breaches are due to unpatched vulnerabilities, a poor patching regime can have catastrophic consequences on systems, personally identifiable information and intellectual property. Just look at the repercussions of recent Microsoft Exchange vulnerabilities. In attacks observed by Microsoft, attackers used these vulnerabilities to access on-premises Exchange servers, which enabled access to email accounts and allowed installation of additional malware to facilitate long-term access to victims’ environments.
A good MSP will be able to provide a detailed Managed Patch and Compliance Service. This will include critical updates to security hot fixes and will keep all servers, applications and endpoints patched in accordance with a pre-defined schedule and ruleset.
6 Keep pace with evolving threats
With the threat landscape constantly evolving, it’s important to ensure that detection capabilities keep pace. MDR leverages the latest security tools and threat intelligence to ensure that an organisation is prepared to respond to current and emerging cyber threats. It uses best-of-breed network and endpoint monitoring technologies to provide threat visibility across on-premise and cloud environments and to identify any known or unknown threats.
7 Leverage endpoint detection and response (EDR)
The cybersecurity arms race is increasingly clandestine; the more robust our security solutions are, the cleverer attackers become. They are now more prepared to dwell for longer and use more advanced and persistent tactics to work out how to gain more information. Their aim is to gain domain admin and ransomware a whole corporate network. So how can we beat them?
The next generation of EDR software focuses on tactics, procedures and behaviour-based detection, with inbuilt machine learning on machines and in the cloud, based on signatureless detection, which is necessary to detect and stop most threats.
Unfortunately, our research shows more than 60% of companies don’t have EDR or next gen anti-virus on their end devices. Some don’t know they need it; others are tied into long licences with companies that don’t yet offer EDR.
The cybersecurity sector is very dynamic, with lots of changes and acquisitions. To compete successfully requires a deep understanding of the market and organisational challenges and a portfolio of best-in-breed solutions.