Trends Affecting Managed Security Service Providers

Given the very public explosion of ransomware, and an ever-growing list of other cyber threats, IT services providers are increasingly looking for ways to meet the insatiable demand for cybersecurity. In this Q&A article with Jonathan Nguyen-Duy, we look at some of the trends and challenges facing the MSSP community.

How has the cost and shortage of security talent empowered the MSS domain?

There are two forces driving the growth of MSS – complexity and cost. The complexity of threats and regulations continues to grow, with no change in sight. On the cost side, there is a seemingly ever-expanding shortage of even basic security skills, and an even larger gap for experienced security professionals. Businesses of all sizes are realizing that maintaining in-house security capabilities is becoming more and more difficult, with no reasonable expectation for improvements in performance or protection. As a result, outsourcing to an MSSP is becoming an increasingly attractive option as the cost of finding, retaining, and training scarce security talent mounts.  MSSPs offer predictable costs and performance – allowing enterprises to focus on their security objectives and governance.

What is fueling the growth in the managed security services market?

Digital transformation from the IoT edge to the cloud is increasing the complexity of enterprise network, and expanding the potential attack surface, as the traditional perimeter further disappears in the next wave of distributed network segmentation and virtualization. Compounding this expanded attack surface is the rise of new threats, like ransomware and IoT-based DDoS, as well as the continued success of older exploits – some older than decade.  Across multiple industry and law enforcement studies, there appears to be little sign that as an industry we are showing any appreciable improvement in combating the success of hackers, hacktivists, script kiddies, organized crime, and nation state actors. Yet, these same studies also point to the fact that most attacks can be mitigated through simple to intermediate controls. The real challenge is that security teams are simply overwhelmed by the sheer volume of events and the complexity of monitoring ever-expanding networks and ecosystems that span traditional data centers, private clouds, public clouds, and hybrid environments.

In addition, security teams are grappling with the challenges of supporting new vendor devices, BYOD, and shadow IT issues.  Third party technology integration is another huge development and support burden for many enterprises. The resulting complexity is fueling the demand for MSSPs. Data sovereignty requirements around the world add to this complexity, making it very difficult for global enterprises to maintain Security Operations Centers (SOCs) in multiple countries.

Current security approaches require a balance of event monitoring, device management, and incident response, as well as Governance, Risk, and Compliance functions.  In-house solutions are struggling to keep pace with the avalanche of security events detected by SIEM tools and the ever-growing list of compliance requirements. We are fast approaching the point where in-house security is no longer practical. Indeed, many enterprises are assessing whether security is even a core competency. With the exception of the Global Fortune 2000, and government agencies that face advanced, nation-state level threats, most businesses facing opportunistic attacks and compliance requirements might be better served by Managed Security Services Providers (MSSPs).

How does an MSSP partner stand out in an increasingly competitive market?

For an MSSP to stand out as a true partner, it must be able to demonstrate the ability to enforce the same levels of controls and compliance requirements as in-house solutions. It must also be able to support the management, orchestration, and reporting of security services across traditional enterprise networks along with IoT and cloud architectures – all via a single pane of glass that includes self-service, customizable trouble ticket management and reporting. The MSSP should also be able to demonstrate global capabilities while providing services customized to regional requirements – including data sovereignty and local language support.

In essence, a partner must demonstrate that it can execute the security requirements better and cheaper than the client, but also in a manner that can be customizable and scale as the client moves through their digital transformation.      

What are some of the essential traits of an MSSP partner?

• Shared multi-tenant, SIEM-based, and multi-instance analytics solutions
• Support for remote and onsite SIEM/analytics management
• Support for basic monitoring/management along with advanced threat hunting
• Support of best-in-class products as well as proprietary technology
• Vendor independent expansive partner ecosystem
• Support compliance requirements, i.e., Common Criteria, NIST CSF, SANS, etc.
• Support of security requirements for all environments, from IoT to cloud, and across both network and security environments (NOC/SOC)
• Flexible pricing options, from event-based to flat-fee pricing
• Integrated customer portal with customizable, self-service reporting and ticket management
• Global SOCs with local language support
• Global organic digital forensics capabilities
• Global malware research and threat intelligence capabilities

What are the key Do’s and Don’ts when architecting an MSS architecture?

The key issue is to map the proper MSS architecture to the appropriate market.  For the Global Fortune 2000 and government agencies, an MSSP architecture must accommodate a wide variety of onsite and remote capabilities for detecting and mitigating advanced threats and campaigns. The challenge is to balance the need for scale via multi-tenant capabilities with the multi-instance needs of large enterprise data analytics for advanced threats. Large enterprises and government agencies typical require dedicated analytics platforms to process the huge volumes of data required to detect advanced threats, such as customized malware and insider threats. They also require customizable and self-service access to event and incident log data for compliance and incident response.

Mid-market companies, on the other hand, are primarily concerned with compliance and security against opportunistic attacks, along with a range of known and advanced threats that can be addressed via simple to intermediate controls. This market is all about scale and predictable costs.

How does your portfolio stand out from the crowd?

The Fortinet Security Fabric revolutionizes MSS -enablement because it reduces the complexity of threat management, compliance, and IT development. The Fabric Readiness Program ensures that all products are pre-integrated out of the box – thereby reducing the complexity of third party integration development and support and accelerating deployment/time to market. The Fabric supports both hardware and virtualized security devices – from the IoT edge to the cloud – at the hypervisor to VM layer.

The Fortinet Security Fabric provides control, integration, and easy management of security across an organization’s entire distributed network ecosystem. It also closes any gaps that were most likely introduced when disparate security products were added, data centers migrated, and/or networks expanded. 

Once deployed, the Security Fabric allows security to dynamically expand and adapt as more and more workloads and data are added, and at the same time, seamlessly follow and protect data, users, and applications as they move back and forth between IoT, smart devices, and cloud environments located throughout the network. 

The Fortinet Security Fabric is built around three key attributes:

• Broad: The Security Fabric covers the entire attack surface. Security can be applied to the network, endpoints, access, applications, and cloud.
• Powerful: The Security Fabric uses security processors to reduce the burden on infrastructure, delivering comprehensive security without affecting performance.
• Automated: The Security Fabric enables a fast and coordinated response to threats. All elements can rapidly exchange threat intelligence