How Google Cloud SecOps can help solve these 6 key MSSP conundrums
Dan Kaplan
Content Marketing, Google Cloud Security
Editor's note: This blog was originally published by Siemplify on October 6, 2021.
The COVID-19 pandemic accelerated many organizations’ timelines to transition to the cloud and advance their digital transformation efforts. The potential attack surfaces for those organizations also grew as newly distributed workforces used unmanaged technologies.
While some organizations thrived, the transition further exacerbated many of the key challenges many security teams already were facing, such as an overload of alerts, the need for more detection tools, and security skill shortages.
The COVID-19 pandemic has also played a role in increasing SecOps automation, or is expected to in the near future, according to 76% of respondents in a Siemplify report from February 2021.
Managed security services providers (MSSPs) and managed detection and response (MDR) vendors have emerged as big winners because of their ability to help organizations overcome these challenges while providing agility, scale and cost savings. Outsourcing arrangements also free up customers to eventually gain the internal knowledge that they were originally lacking, which led to calling on a provider to help fill the gaps in the first place.
This is promising news for the MSSP space and ensures likely continued strong growth, but it doesn’t do away with obstacles they face to meet increasingly demanding customer expectations. As a result, not all security service providers are created equal.
In a competitive marketplace, one way to shed a sometimes-spurious reputation and stand apart from rivals is through ensuring your security operations are optimized and delivering maximum outcomes for customers. To accomplish that, providers must overcome six modern MSSP obstacles:
1) Increasing Customer Acquisition Costs
With the proliferation of security technology options, customers’ security stacks are more diverse than ever before. To compete, MSSPs must be willing and able to sufficiently support a broad set of technology that often results in higher acquisition costs, as well as increased training requirements for security analysts.
2) Lack of Centralized Visibility
MSSP analyst teams who manage and monitor a large customer base often lack visibility into the allocation of resources, which hinders their ability to balance productivity and risk. This visibility void often extends to the customer as well. Clients are yearning for greater visibility into their expanding network, more transparency around what is happening within it, and the ability for a third-party provider to do more than merely notify them about a threat. Customers care about positive outcomes from their providers, which means finding and stopping adversaries—and helping get their business back on its feet as quickly as possible.
3) Multiple Delivery Models
The range of MSSP delivery models is increasingly diverse and includes always-on outsourced SOC, managed SIEM, MDR, and staff augmentation, as well as numerous hybrid models. These various models are converging—a single MSSP may provide multiple models in various configurations, adding cost and complexity to operations.
4) Meeting SLA Commitments
MSSP analyst teams who manage multiple systems and interfaces across =a diverse set of clients strain to meet rigorous SLA expectations.
5) Round-the-Clock Operations
To meet customer demands, MSSPs work around the clock, requiring multiple shifts and handoffs. It’s crucial to maintain consistency in response from one analyst to the next, and variability in staff knowledge and capability places added pressure on analysts. Driving consistency in processes and workflow to ensure optimal handling of alerts and incidents is paramount to balancing productivity and risk.
6) Personnel Turnover
Shortages and high turnover of personnel add to the challenges of managing a 24/7 operation. Meanwhile, reliance on manual processes and the need to retain expert knowledge further intensifies the pressure.
The Power of Automation and Orchestration
MSSPs are engaged in a constant struggle to ensure their existing security team keeps up with growing customer expectations. Due to an ever-expanding digital footprint, heavy investment in detection, and a growing list of security tools to monitor, the industry is at a tipping point.
SIEM and SOAR can help MSSPs under pressure by detecting and ingesting aggregated alerts and indicators of compromise (IOCs) and then executing automatable, process-driven playbooks to enrich and respond to these incidents. These playbooks coordinate across technologies, security teams and external users for centralized data visibility and action—for both internal analysts and external customers.
For more information on how an automated and integrated SecOps suite can help you, visit chronicle.security.