Security Roundup: Advanced MSSP Services, Seceon, Health Care Threats and More

Managed detection and response (MDR) services are fueling significant growth in managed security services.

Edward Gately, Senior News Editor

December 21, 2018

9 Min Read
Security Roundup
Shutterstock

The new year will unleash even more cyberthreats, increasing competition and more pressure on MSSPs to deliver more advanced security services.

Further adding pressure to traditional MSSPs is the growth of the managed detection and response (MDR) category. MDR services are fueling significant growth in the managed security services (MSS) space and typically offer higher margin than traditional MSSP device-management services.

The result? MSSPs globally are maturing their models to offer more of these high-value services and grow the bottom line.

We spoke with Meny Har, vice president of product at cybersecurity company Siemplify, about the need for MSSPs to incorporate security orchestration, and endpoint detection and response (EDR) in their architecture.

As the number of necessary security sensors and alert volumes continues to rise, so does the number of MSSPs being created and brought to market, he said. There is a clear need for service providers to look at improving the quality and breadth of their service offerings to address the new threat landscape, as well as to find distinctive and unique capabilities to help differentiate themselves, he said.

Har-Meny_Siemplify.jpg

Siemplify’s Meny Har

“This is emphasized even more by the lack of skilled analysts that are currently available,” Har said. “EDR and security orchestration, automation and response (SOAR) platforms are key to allowing service providers to address any scope and depth of service they need, as well as differentiate themselves and provide dynamic, value-added service[s] to their prospective customers, all while requiring a lesser number of skilled analysts.”

One of the main objectives of a security orchestration platform is to bring together disparate security tools, he said. As EDR tools have become more popular, adding an integration to an EDR of choice to your security-orchestration platform has become increasingly simplified, even in a service provider’s managed service/multitenant environment, he said.

“The integration itself is quick and painless, and support for most existing EDR exists out-of-the-box,” Har said. “Advanced knowledge of the EDR itself – for example, query language – is needed only for the most advanced use cases and needs. The cost of bringing together security orchestration and EDR tools is essentially only a minimal effort on top of the EDR deployment in the [MSSP’s] customer environment.”

The more mission-critical your service, such as moving from alerting to remediation, the more “high-touch” it needs to be, he said.

“For example, a customer may be OK hearing music on the phone for 30 minutes if they need a firewall change, but not when they are hit with a ransomware account,” Har said.

As you look further into response, make sure you understand the customer process and risk tolerance for taking action on the network, he said. If you’re just sending alerts (the traditional MSSP model), everything is very similar, but when you’re remediating and taking action on the customer’s own network, some customers might want to approve the action, which can be tied directly into the playbooks and processes in the security orchestration platform, he said.

SOAR platforms and EDR tools are “very complementary” to one another and a powerful combination for a security operations center (SOC), Har said. EDR is a “powerful tool for endpoint detection and visibility, as well as a perfect conduit for context, response and remediation,” he added.

By combining both technologies, SOCs, for both enterprise and managed service providers, can:

(continued on next page)

  • Harness the deep context that the EDR can provide for every alert the SOC sees, and provide the analyst or automation process with key information to determine the validity and severity of threats, and weed out false-positives.

  • Perform advanced investigation into a detected threat in a simple and intuitive fashion (experienced and inexperienced teams alike) utilizing the dedicated workbench and visualization capabilities that a SOAR provides.

  • Respond to and remediate threats in automated or semi-automated fashion.

  • Increase efficiency by reducing the number of analysts and their skill level required to provide their specialized service.

Seceon Adds New Cybersecurity Features for MSSPs

Seceon has introduced new features for its aiMSSP offering that give MSSPs the flexibility to offer tiered MSS and MDR services, and “empower large services providers to turn into master MSSPs,” the company said.

New capabilities include: multi-tier and multitenancy architectures that provide a shared services environment with end-to-end data separation and reporting; drillable dashboards that allow MSSPs to visualize and analyze data contributing to key performance indicators; and log analytics and archiving, which allows MSSPs to deliver custom MDR and MSS packages.

Pandey-Chandra_Seceon.jpg

Seceon’s Chandra Pandey

Chandra Pandey, Seceon’s founder and CEO, tells us that as enterprises embrace MSS and MDR services, MSPs and MSSPs are seeing a “great revenue-generating opportunity that will directly improve their top and bottom lines.”

“However, in order to take advantage of this new service-growth opportunity, it requires MSPs and MSSPs, especially those who serve SMB market, to develop deeper expertise in not only cybersecurity matters, but also how to host, manage and support the technology stack required to offer those services,” he said. “This is where larger MSSPs and telecom/broadband service providers see an opportunity to be master MSSPs to provide end-to-end technology stack as well as SOC services to the MSSPs.”

aiMSSP allows master MSSPs to on-board MSP partners and customers from day one, Pandey said.

“In fact, some of our major partners who are already using the upgraded aiMSSP are already onboarding new partners and customers every day driven by ease of install, operational efficiency and automation,” he said. “Solutions offered by other cybersecurity vendors are not built to serve multitenancy use case in a clean fashion. They typically require MSSPs to install and set up multiple software applications together for each of their enterprise customers. Whereas, Seceon aiMSSP’s architecture enabled us to integrate multitenancy functionality directly into the solution; hence, MSSPs will be able to provision and turn up new customers within hours rather than days and weeks compared to other solutions.”

Kaspersky Lab: Ransomware Aggressively Targeting Health Care

New data from a Kaspersky Lab survey of health-care employees in North America reveals that one-third of those who are aware of a ransomware attack on their organization say it has happened more than once.

These employees span a variety of roles ranging from doctors and surgeons, to administration and IT staff. Additional findings include:

  • More than one in six health-care employees is aware of a ransomware attack on their organization in the in the past five-plus years.

  • Eighty-five percent of Canadian and 78 percent of American health care workers aware of a ransomware cybersecurity attack on their organization claim to have experienced as many as five attacks.

  • Twenty-seven percent of health-care IT employees admit that their employer experienced a ransomware cybersecurity attack within the past year.

Cataldo-Rob_Kaspersky-Lab.jpg

Kaspersky Lab’s Rob Cataldo

Rob Cataldo, Kaspersky Lab‘s vice president of enterprise sales, tells us as health-care organizations look to boost employee confidence in cybersecurity and strengthen their protection, it’s important for cybersecurity providers to assess the type of strategy in place. There’s an opportunity for them to offer better protection or be a resource for intelligence, employee training and more.

“For example, if they find the organization has a compliance-driven program – one meeting the requirements of IT regulations – instead of a security-driven program, there is an opportunity for the organization to become more security-driven,” he said. “Security is risk-based and compliance is meeting the regulatory requirements of the organization.”

A strategy led by compliance will not always include …

… protection against the variety of cyberthreats that exist today, Cataldo said. Having antivirus software installed is a good start, but a multilayered approach to security is often necessary to fully protect an organization’s environment.

“A security-driven, multilayered approach would include endpoint security, but add proactive risk assessments and response, active monitoring and analysis of a network in a SOC, threat intelligence and more.” he said.

Employees understand that health-care organizations are a key target for cyberthreats, but there is a lack of communication and understanding that their employer is taking cybersecurity seriously, Cataldo said. Partners can work to educate these types of businesses – from IT administrators to the C-suite – on best practices for their cybersecurity strategy, including training for employees, and services and software that will better protect and arm health-care businesses, he said.

Last-Minute Cybersecurity Predictions

As the year draws to a close, cybersecurity companies are looking ahead to trends that are likely to materialize in the months ahead.

Abreu-Pedro_ForeScout.jpg

ForeScout’s Pedro Abreu

Pedro Abreu, Forescout‘s chief strategy officer, said new roles will evolve in cybersecurity as human-machine collaboration will be critical to stay ahead of adversaries.

“The cybersecurity skills shortage has been an ongoing challenge across all industries,” he said. “Automation and machine learning have allowed some organizations to offload time-consuming tasks and retool a portion of their workforce. We predict that we’ll see improved collaboration between humans and machines – intelligence automation (IA) – that will not only address the skills gap, but also result in stronger cybersecurity practices and programs. And consequently, we’re going to see additional roles for those in the cyber field.”

Also, malicious actors will leverage buildings automation systems in a major public ransomware attack, Abreu said.

“Building automation systems and other advances in technology are driving the rapid adoption of smart buildings,” he said. “Making a building intelligent can offer numerous benefits and savings, but also introduces new risk, and as adoption continues, we will see not just an increase in the volume of malicious activity, but an increase in the severity and damages.”

Beri-Sanjay_Netskope.jpg

Netskope’s Sanjay Beri

Sanjay Beri, CEO of Netskope, said 2019 will usher in more cybersecurity consolidation.

“Following the recent IBM and Red Hat acquisition that took place in 2018 and what this deal signified for the open-source industry, we will see a trend of ongoing cybersecurity consolidation next year,” he said. “In 2019, smaller security vendors will be snapped up because of several factors — for talent … for a company’s underlying technology, to boost sagging toplines of legacy security or networking vendors trying to modernize themselves, and more.”

Furthermore, some traditional large public security players have become stagnant due to their legacy on-premises, box-oriented architectures, and are primed to be “gobbled up by private equity firms, being split up (especially those with both consumer and enterprise business units), or a combination of both,” Beri said.

Read more about:

MSPs

About the Author

Edward Gately

Senior News Editor, Channel Futures

As senior news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like