Protecting your digital ecosystem requires teamwork, coordination and communications
As the pace of digital transformation and technology adoption continues to increase, most businesses have rightly decided that there is no way to manage the complex needs of a modern connected organization without 3rd party assistance. The old argument of in-source versus out –source has been replaced with right-source and the highest performing organizations are increasingly finding themselves reliant on a web of both full time employees and external parties working together to extract every ounce of productivity out of unprecedented technology based tools.
Recently in The Monitor, we’ve started exploring the differences between MSPs (Managed Service Providers) and MSSPs (Managed Security Services Providers).
Our guidance has been simple and direct: Where at one time all you needed for your IT operations and infrastructure was an MSP with a Help Desk to deal with network, connectivity, software, and user issues; today, with barbarians at the gate 24/7/365, you need to make an additional investment in MSSP services whose mission is the safety and cybersecurity of your entire digital ecosystem. In doing so you put the needs of your organization in the hands of those most qualified to protect and optimize its technology investments.
There is seldom a “one size MSP+MSSP fits all” solution. We urge you to be cautious if approached by a vendor offering both operational and cybersecurity protections under one roof.
The Most Important Actions You Can Take to Leverage Your IT Investments
There are, however, opportunities to leverage investments that you’ve made (or should be making) in both an MSP and MSSP, and in the process, secure better ways to operate, protect and manage the entire scope of your digital ecosystem.
The single most important action you can take to leverage your investment in IT services is to have active plans, processes and policies in place that ensure that your MSP and MSSP are in constant communication and on the same page when it comes to responding to cybersecurity threats.
While these two different types of organizations have different missions in terms of how they participate in your IT program, those missions intersect when a cybersecurity alert detected by your MSSP escalates to the point where a remediation action is required. That action should be built on a remediation plan with clearly identified roles and responsibilities that you, your MSP and your MSSP agreed to use as a roadmap.
This is particularly true for a zero-day event, where the possibility of needing to disinfect hardware, take critical servers offline, or even shut down your entire IT operations may be required to prevent a disaster. In this situation, the MSSP provides notification of the event, its criticality, updates, and follow-ups after patches from a vendor are published, while the MSP executes quick response tactics, including interfacing with users, to shut the doors against the possibility of further damage.
Managed Service Providers/Managed Security Service Providers Common Denominators
Leveraging the investments you make in MSP and MSSP services starts with making sure that each vendor’s scope of services share the following common denominators: (1) a commitment to protect the profitability of your company or organization resulting from cyberthreats or attacks, and (2) an obligation to protect output of your network and the digital interactions you have with internal and external stakeholders.
Given the variety of different technologies and applications you use to operate and manage your business, putting these assurances into effect is not an easy task, but in today’s environment, a fundamental one.
4 Keys to Leveraging and Aligning Your Investments in Managed Service Providers and Managed Security Service Providers Services
There are four actions, spearheaded by your IT Department or company senior management, for aligning your investment:
1) MSP and MSSP Communications – on a continuing basis, your company, and both your MSP and MSSP need to communicate and discuss the cybersecurity threats that have been identified via continuous monitoring and standards based assessments; which of those has been escalated to a remediation action, proposed solutions and patches for gaps in cybersecurity defenses, potential upcoming threats, and best practice based recommendations from each the MSP and MSSP.
2) MSP and MSSP Planning – instead of reacting to cyber threats, a plan should be in place that at a minimum, defines the roles and responsibilities of you and your providers. This is especially important when it comes to Incident Response as the worst time to plan for a crisis is when you’re in the middle of one.
3) MSP and MSSP System monitoring – a key function of your MSSP is 24/7/365 monitoring of your digital ecosystem focused on cyber threats to your environment. Monitoring and the communication of monitoring results is one of the most critical keys for early identification and response to cyber threats.
4) Adherence to planned remediation processes – a key part of the panning process is to have planned remediation processes in place, along with training about how to initiate, manage and monitor those processes.
Connect with Us to Start Better MSP and MSSP Coordination Efforts
We welcome a chance to discuss your cybersecurity posture and how your cybersecurity efforts are being coordinated with your IT managed services program. Let’s schedule a no cost, no obligation discussion to identify the strengths, weaknesses, and threats present in your digital ecosystem and opportunities for achieving better levels of protection and effective, efficient, and rapid response and remediation in the case of a cybersecurity event.
Call me at 716-847-2651 today, or submit a contact form, here. Let’s put something on your calendar.
View full article
Did you ever wonder what it’s like to work on the front lines of the cybersecurity battlefield …. what the war room looks like … how battle cries and alarms are sounded … how troops are mobilized and dispatched to take on enemies at the gates and on the walls?
In my last post, I discussed the differences between Managed Service Providers (MSP) and a Managed Security Service Provider (MSSP). I hope that I’ve made a compelling case for why your company or organization may need both. In this post, I do a deeper dive to take you behind the scenes of a typical day in the life of a MSSP Cybersecurity Analyst to bring those differences to life in a vivid way.
Inside the Managed Security Service Provider Control Center … an Alarm Goes Off
Imagine, if you will, a team of contracted Tier 1 SOC Analysts sitting at their workstation, surrounded by monitors tracking internal and external movements within your IT network, when an alarm goes off that’s an indication of mischief.
Immediately, the Analyst will log the alarm, use their training to do an assessment of the criticality of the alarm using a 15-step checklist to determine if a quick and aggressive response and remediation is warranted. To provide some perspective, DataSure24 sees about 150 alerts per day per Analyst over the entire scope of clients we are monitoring.
Within 10 minutes, the alarm will be deemed either harmless or harmful, and if the latter, escalated immediately to our Tier 2 SOC Analyst. If it’s relatively harmless, the incident is still tracked but not treated with same urgency.
Later that Morning at the Desk of the Tier 2 SOC Analyst
On an average month, we see about 18,000 alarms and of those, about one out of every 100 of alarms gets escalated to a Tier 2 SOC Analyst.
Within minutes, that Analyst will initiate a significantly deeper investigation, using our proprietary predictive algorithms, research, team discussions, and instinct to identify the exact nature of the intrusion and best possible responses.
Companies that use an MSSP will generally have a previously developed Cybersecurity Response and Remediation Planning which is then put into play. That plan is executed coolly, professionally and swiftly by the SOC 2 Analysists in conjunction with the client’s IT team. On average, once an alarm has been escalated to a Tier 2 Analyst, the time from assessment to response and remediation is less than an hour.
A Managed Security Service Provider’s Response to a Zero Day Attack
Three to five times a year, every company may experience a Zero Day Attack launched by hackers and cybercriminals.
According to Norton, the term “zero-day” refers to a newly discovered software vulnerability. Because the developer has just learned of the flaw, it also means an official patch or update to fix the issue hasn’t been released.
So, “zero-day” refers to the fact that the developers have “zero days” to fix the problem that has just been exposed — and perhaps already exploited by hackers.
Once the vulnerability becomes publicly known, the vendor has to work quickly to fix the issue to protect its users.
But the software vendor may fail to release a patch before hackers manage to exploit the security hole. That’s known as a zero-day attack.
If a zero-day attack is detected via monitoring by a Tier 1 Analyst, escalation takes on a sense of greater urgency and requires greater speed before what may be a small breech turns into a major headache, resource drain, financial loss, and reputation damage. While neither a Tier 1 or Tier 2 Analyst can patch the weakness, they can put a pre-determined Incident Response Plan into effect, and work with the client’s IT team to isolate, protect or even shut down critical servers and other hardware.
As you might imagine, it’s a bit more hectic and stressful both in our Mission Control room and at the client’s site when zero-day attacks occur, but teamwork and professionalism generally go a long way to short circuit an attack of this type before a software patch is applied. The human element in place, always monitoring, can be the difference between a catastrophe and a ‘dodged a bullet’ scenario.
Later That Day, It’s Time to Catch Up on a Few Reports and Do a Vulnerability Scan or Two
A day in the life of a DataSure24 Tier 1 or 2 SOC analyst is a lot more than just sitting around, drinking coffee and waiting for an alarm to ping!
They’re also preparing and delivering monthly reports to clients showcasing alarms caught and resolved, actions taken regarding elevated alarms and responses, zero-day attack incidents, and news or updates from the world of cybersecurity that merit a watchful eye.
There are also specialists hard at work doing contracted vulnerability scanning work, trying to identify and exploit security weaknesses, including phishing employees to determine their levels of awareness and compliance with company IT security policies. Generally, these network vulnerability scans reveal hundreds of vulnerabilities, most of which are easily resolved, but it some cases a significant vulnerability will be discovered or a trend indicating a security lapse identified. At that point, Network Vulnerability Analysts and other members of the MSSP team will develop a plan and identify resources that should be directed to executing remediation strategies, policies or actions.
Our team is always looking for ways to improve ourselves, from upgrading our technologies to continued and consistent training in our specialized environment. Staying globally aware of Cybersecurity current events is a linchpin of our daily routine.
Meanwhile, On Your Calendar of Daily Activities
I hope that this brief overview into the life of a Cybersecurity Analysts provides the additional insight and guidance you need to make an investment in MSSP services happen. At a minimum, 24/7/365 cybersecurity monitoring has become a “must” and a necessary part of doing business.
I am available for a no cost or obligation discussion of the pros, cons and costs of MSSP services, including a deeper dive on how these services work can with your current IT department or MSP.
Complete and submit a contact form, here. Let’s put something on your calendar.View full article
Don’t make a mistake and put the security and future of your company at risk
It’s not an exaggeration to say that you may be putting the future of your company at risk if you don’t know the differences between a Managed Service Provider (MSP) and Managed Security Service Provider (MSSP). While there may be some crossover of functions between these two types of outsourced services, the fact remains that it’s highly likely that you will need to invest time, resources and budget for each.
MSP vs MSSP: Comparison of Missions and Functions
Perhaps the simplest way to understand the variation between these two different types of providers is as follows. MSPs operate in the world of IT network management – keeping your infrastructure up to date, troubleshooting problems users are experiencing, and maintaining IT operations. MSSPs operate in the world of cybersecurity and the detection, prevention and remediation of cyberthreats that have the potential to ruin a company’s reputation and pocketbook – kind of like an ever vigilant and on guard police force.
Key differences include:
Managed Service Provider (MSP)
Managed Security Service Provider (MSSP)
· Ensures IT systems are operational, reliable, available and useful for employees and customers
· Key focus is on administrative functions of an IT system and network, and typically serves as a company’s outsourced IT department
· Costs based on a fixed fee model - per device, per user or some combination
· Characterized by tools and technologies like remote monitoring and management and troubleshooting / ticketing systems or a help desk
· Generally, will not provide clients with a complete cyber security posture, but will offer a minimum level of security services, like firewalls and anti-virus software.
· Mission critical: ensure that IT systems are up and running and that data remains available for employees and customers.
· May include offerings from other providers like application service providers (ASPs), Web hosting companies and network service providers (NSPs).
· 24/7/365 cybersecurity monitoring primarily focused on IT security with key objectives of preventing, detecting and responding to threats across IT infrastructure, network and applications
· Serves in a consulting and advisory role, providing cybersecurity insights to help make proactive changes to policies and procedures in order to prevent security incidents that might result in breach, data loss, or any other incident that could negatively impact a business.
· Requires expertise for aligning security with IT compliance frameworks and ensures that people and systems are safe, secure and compliant.
· Includes deployment of a Security Operations Center – a physical facility staffed by analysts responsible for real time investigation of network and logs, hunting for threats, creating alerts for incidents, and executing plans for remediation.
· Requires a deep understanding of client’s current policies and regulatory compliance issues that affect the company and its data.
· MSSP requirement: implementing complex security procedures to ensure that the system and each employee is protected through the latest advances in security and compliance methods.
· In other words, the primary focus of an MSSP is to provide the ultimate cybersecurity protection through around-the-clock monitoring to determine any potential security breaches
Should You Hire BOTH a Managed Service Provider (MSP) and a Managed Security Service Provider (MSSP)?
The answer in a nutshell, is YES.
While some MSPs claim they can bring security functionality to their clients, the truth is that many offer only the most rudimentary and easily defeatable security services. Their measurement of success is not upon how many threats they have detected and foiled, but upon other metrics like downtime and user satisfaction.
MSSPs measure their success with a vastly different set of standards, using different tools, methods and technologies in executing their mission. They’re responsible for keeping up to speed on the nature and risk exposure you may have from new (and existing) cyberthreats, and for managing, maintain and responding to threats using state of the art tools and technologies that typical MSPs cannot bring to the table.
Structuring a Managed Security Service Provider Contract
If you are interested in learning more about what a MSSP can do for your company or organization, contact our managed security services team here or call (name) at (number) today. We’ll have a no cost or obligation discussion on the scope of MSSP services you might require for your industry or situation, as well as the fee structures that are typical of an MSSP engagement.View full article