Managed Security Services: In demand as never before
by Tina Siering
The threat of cybercrime continues to come to a head and there is no end in sight to the permanent threat situation. According to a study by Bitkom Research, nine out of ten companies in Germany were victims of data theft, espionage or sabotage in 2022. This resulted in damage of around 203 billion euros. But these purely financial losses do not stop there for most organisations: since a cyberattack often results in a disruption of business operations, companies also have to fear considerable damage to their image among business partners. Not to mention the serious breach of trust with those customers whose data has been stolen. In view of the serious cyber security situation, the topic of IT security is now at the top of the agenda for companies all over the world.
An own Security Operations Centre (SOC) is usually not worthwhile
However, it is usually difficult for small and medium-sized enterprises (SMEs) to set up their own Security Operations Centre (SOC) - not only for technical reasons, but also for monetary and personnel reasons. A SOC is an extremely resource- and cost-intensive department that requires a large number of highly specialised IT experts. IT experts that are hard to find on the labour market in times of a shortage of skilled workers.
Even if a medium-sized company manages to build up a small SOC team for a 24/7 service, the successful detection of possible cyber attacks sometimes remains questionable. Especially when using SIEM solutions, employees face the challenge of analysing very large amounts of data in such a way that - correctly interpreted - they recognise attack patterns at an early stage. The focus here is on reacting quickly in the event of a successful cyber attack. After all, only if cyber attacks are averted before major damage is done to the company does the operation of a SOC pay off.
One problem here is that too many alerts often cause employees to become overworked. In addition, many teams have to work with a vast number of different software agents, which can be very tiring and stressful (agent fatigue). This inevitably leads to slow reaction times, so that complex or time-critical cyber attacks are detected too late.
The solution: outsourcing to a Managed Security Service Provider (MSSP)
So what to do when cybersecurity cannot be implemented internally due to a lack of specialised staff, low budget and high staff workload? One thing is certain: doing nothing is definitely not the answer. "You should understand as soon as possible that the issue cannot be sat out, because cyber risks have come to stay," Holger Müller, CTO and Lead Architect for Administration, Education and Healthcare at Cisco, emphasises in a LinkedIn post.
A popular and efficient way out of the predicament is outsourcing: companies that do not have the necessary resources for their own SOC outsource their cybersecurity to a managed security service provider (MSSP). The external IT service provider provides the company with an experienced team of experts who henceforth take care of monitoring the IT systems and networks.
Outsourcing IT security to a Managed Security Service Provider has the following advantages, among others:
- An MSSP provides expert security monitoring around the clock within a very short time and is still significantly more cost-effective than an internal SOC.
- Since the MSSP takes over time-consuming routine activities, your IT department can concentrate on the core business again.
- An MSSP uses the latest security technologies, offers cutting-edge expert knowledge and has an experienced team of IT specialists.
- Services are usually flexibly scalable and billed at a flat monthly service fee, ensuring full cost control.
With cyber attacks on the rise, external security services are in high demand, which is also reflected in the growing range of managed service providers (MSPs). According to a study by the US cyber security company Datto, 97 percent of the MSPs surveyed already offer managed security services. At the top of the list of services is email security, followed by password policy management, security framework & compliance audits and managed firewall.
Here's what to look for when choosing a managed security service provider
Before hiring a managed security service provider, you should clarify a few points with the provider in advance. Since the MSSP assumes responsibility for the operation of a SOC, among other things, a correspondingly professional implementation must be guaranteed. The exact service descriptions and service level agreements, processes, liability, runtimes and NDAs should therefore be precisely defined in advance.
In addition, you should pay attention to the following services when selecting an MSSP:
1. Proactive response
A good MSSP should not only detect and report attackers in time with the help of comprehensive security concepts, but also support you in response measures and recommend courses of action.
2. 24/7 operation
Ideally, the MSSP works around the clock for your IT security and is always available during your operating hours. Therefore, inquire about the operating procedures as well as the number and location of the analysts before commissioning.
3. Cost efficiency
Compared to the costs that would be due for operating your own SOC or for the lengthy recovery process after a successful cyberattack, MSSPs offer a very good cost-benefit ratio in a direct comparison.
4. Cyber threat hunting
One of the most important tasks of an MSSP is the active search for security threats (cyber threat hunting). This threat hunting should include a contextual view of potential threat actors and their tactics, techniques and procedures: Indeed, security analysts assume the worst
The security analysts assume a worst-case compromise of the network and that one or more end devices are likely to be affected. For this purpose, network communication is continuously monitored. The strength of threat hunting thus lies in the detection of these Advanced Persistant Threats (APT). In these sophisticated attacks, the attacker moves unnoticed in the network over a longer period of time in order to spy on information, manipulate systems and/or leak data.
5. Special technology
With the help of a software component, it is necessary to correctly classify the detected compromises and, if necessary, evaluate them as Indicators of Compromise (IoC). IoCs are characteristics and data that with a high degree of probability indicate unauthorised system access, such as unusual network activities, entries in log files or started processes.
By using a managed detection and response (MDR) service, a company outsources cyber threat hunting competencies to an external cybersecurity service provider.
With the Active Cyber Defense Service (ACD), Allgeier secion offers such a service, a solution installed in the customer infrastructure to detect unusual network communication. Trained IT security analysts take over the 24/7 monitoring
for the detection of incidents (incident detection) and check whether there are deviations from defined standard communications that indicate a security-relevant incident.
In the event of an alarm, Allgeier secion's Active Cyber Defence team decides how to prioritise the registered incident. The experts immediately interpret the risk situation at hand and draw up further recommendations for optimising your IT protection measures.
Conclusion
Small and medium-sized enterprises in particular are increasingly lacking the specialists and know-how to adequately meet the numerous challenges of the volatile cyber threat landscape. Managed security services are therefore becoming increasingly popular, so that the range of services offered by managed service providers in the area of security is now extremely diverse.
Companies achieve a particularly high level of security with the help of service providers who defend against cyber attacks with proactive early attack detection. Allgeier secion offers the Active Cyber Defense (ACD) service for this purpose: The "Managed Detection and Response" solution (MDR) proactively searches for attack activities in your network and notifies you as soon as action is required.
Read more about Active Cyber Defense here.