Security. How do you manage it in today’s complex environment? Managed Security Service Providers (MSSPs) say they have the resources and expertise to help companies and agencies operate more securely by providing integrated and constant monitoring of security devices and systems.
MSSPs (not to be confused with managed security providers — MSPs — that deliver broad IT operations and infrastructure management services; see this Fortinet piece on the difference), are outsourced security specialists that provide security as a service offering. An MSSP’s sole mission is to improve safety by directly seeking out, identifying, and dealing with threats. Typically, they can handle an organization’s security either on-site or externally.
An MSSP may offer a broad suite of security capabilities and services, such as intrusion detection, firewalls, and VPN (virtual private network) oversight; or it may “specialize” in one or a few core focus areas. “The majority, however, will manage a businesses’ infrastructure and monitor the systems for any threats - even remotely via the cloud - and can implement their own tools to ensure an organization is protected as well as it can be.” These tools range from “simple antivirus software to VPN management.” Upgrades and system changes also fall under the purview of MSSPs.
Theoretically, the “24-7” monitoring by an MSSP saves money on the amount of personnel required to monitor cyber vulnerabilities, allowing businesses and other organizations to outsource their security services. MSSPs claim to fame is that they serve as protection from cybersecurity threats, a “round the clock watchdog,” if you will, which might mean providing software and services to protect data or assembling a group of security experts to design a comprehensive response to attacks when they do occur.
MSSPs provide a level of continuous security that is meant to be comprehensive, given that open-source technology, with its various risks, is now more widely utilized across private and public sectors (see the July 2023 CYRIN Newsletter). If “the devil is in the details,” when it comes to cybersecurity, then the premise and promise of MSSPs is to pay acute attention to those details, particularly as they may be related to malicious attacks that have potentially far-reaching or even catastrophic consequences.
Clearnetwork (which is an MSSP), in a blog post on their site, lists many of these benefits including having access to an expanded security team and rapid security response, both of which are vital when responding to potentially malicious actors.
Pulitzer-prize winning technology journalist Byron V. Acohido, who has been covering cybersecurity since it became a dedicated catchphrase and then an entire industry (i.e., when Bill Gates recognized its importance), reported in The Last Watchdog, that MSSP services are becoming increasingly popular as the digital world evolves. In fact, “companies are on track to spend $77 billion on MSSP services by 2030, up from $22 billion in 2020.” This spike was linked to COVID-19 and the uptick in remote digital work environments where cybersecurity became an issue in the public and private sectors.
In some ways, MSSPs act as good baseline security; if a cyberattack does take place, it is a basic best practice for third parties to step in and protect that data as a “back up” system, which is a first level of insurance in terms of protecting data. Some of the best known MSSPs, like AT&T, IBM, Verizon, Accenture, Lumen and Wipro, mentioned in this Cybermagazine piece, place emphasis on that round-the-clock protection as well as on compliance management, another top issue, particularly for companies in critical infrastructure areas that have regulatory oversight.
However, MSSPs, like any system dedicated to safeguarding security, can be a double-edged sword, as they come with their own unique set of potential vulnerabilities.
According to Chris Bihary, CEO and Co-founder of Garland Technology, in a blog post on Garland’s site, emphasizes that “before diving into the risks associated with hiring an MSSP, it’s important to understand that MSSPs do not completely eliminate your security costs—for example, you’ll still need an in-house CISO or similar security team member for the MSSP to report to and coordinate with. MSSPs offer security expertise; but they are meant to supplement your own security team, not replace it.”
Bihary goes on to say that a big disadvantage for many companies is letting someone take care of sensitive data, including personal customer information. For many companies the risk is just unacceptable. One way to handle that is with a detailed service level agreement that spells out confidentially and legally protects companies in case of a data breach.
Many companies are hesitant to hand over control of cybersecurity. At least when security is in-house, you have some confidence that you can guarantee customer data. Once you hand over some or all of that responsibility you start to lose control. As Bihary points out, “while MSSPs are hired for their security expertise, it can still be a daunting task to relinquish all defense responsibilities to an external provider.”
Open-source technology is being utilized more than ever and cyberattacks that target the software supply chain have increased as well, both in frequency and complexity, and this impacts response times and strategies. This also places a great deal of pressure on MSSPs to manage these vulnerabilities as open-source demand grows.
In this rapidly changing environment, MSSPs are confronted with their own set of problems including “rapidly evolving threat landscapes, a global talent shortage, scalability and flexibility, compliance and regulatory requirements, and continuous context switching.”
In addition to better and more comprehensive training programs, ongoing attention to professionalization and discussions of voluntary versus compulsory compliance will continue to evolve with the larger risks of the cyber universe. After all, nation states are always trying to undermine our interests, and the professional, integrated approach offered by MSSPs (with the security caveats mentioned above) provides a baseline or united approach for defending against hackers.
A December 2022 article from Forbes reminds everyone that “knowledge is power,” and greater training in “incident detection and response management” for the next generation of cybersecurity concerns, is a must and continues to rapidly evolve. Businesses cannot leave security “to chance.” Hackers and a reliance on open source are here to stay, so monitoring the role and power – and potential benefits and risks of MSSPs - will continue to be relevant and important for the industry.
At CYRIN we know that as technology changes, a cybersecurity professional needs to develop the skills to evolve with it. The people who run our most sophisticated systems, the military, have continued to entrust us with training some of these specialized cyber warriors. For the military, for educators, for the private sector, we continue to evolve and develop solutions with “hands-on” training. This hands-on approach is the most effective training and is crucial to attracting and keeping the critically needed people who defend our systems. Our courses teach fundamental solutions that integrate actual cyber tools from CYRIN’s labs that allow you to practice 24/7, in the cloud, no special software required. These tools and our virtual environment are perfect for a mobile, remote workforce. People can train at their pace, with all the benefits of remote work, remote training, and flexibility. Cyber is a team effort; to see what our team can do for you take a look at our course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN. Take a test drive and see for yourself!