Finding a cyber security partner today is not as easy as it used to be.
In the past, organizations primarily needed a security partner for simple prevention-based tasks. Perimeter monitoring. Log management. Detection of known, signature-based threats. Most cyber security threats and malicious actors were known and operated in a predictable manner. While cyber security was not necessarily easy, it was (comparatively) routine, and many providers were able to perform all necessary cyber security activities.
But times have changed, and fast. In recent years, cyber security threats have grown in volume and complexity. Organizations have digitized, moved to the cloud, embraced automation and mobile computing. Network perimeters are orders of magnitude larger and more porous than they used to be. Cyber criminals constantly create brand new, complex, and hard-to-detect threats.
The result: organizations have adopted new security objectives. They can no longer focus on protecting a known perimeter from known threats and bad actors. Instead, they must increasingly focus on rapidly detecting and responding to unknown threats— often after those threats have already breached their network.
This shift away from prevention-based security objectives, and towards detection and response-based security objectives, is a major evolution in the cyber security industry. Few security partners have kept up with this evolution, making it increasingly challenging to find the right next-generation security partner to protect your organization from next-generation threats.
Why Finding a Next-Generation Security Partner Has Become So Challenging?
It would be much easier to find an effective security partner in today’s market if traditional security partners—such as MSSPs—had simply evolved their service offerings to keep pace with the detection and response-based objectives of modern cyber security. But few traditional security partners did so. Instead of innovating, they maintained their standard service offerings, and took the easy way out by putting together a disparate set of technologies from the market to appear as if they had evolved into true next-generation security providers.
Many MSSPs have simply changed their branding to make it seem like they offer detection and response services, without investing in the underlying technology and expertise required to meaningfully upgrade their forensic capabilities to detect breaches, investigate unknown attacks, and to deploy an appropriate response to successful threats. As Gartner noted in their recent Managed Detection and Response Services Market Guide, “Clients should be wary of claims from traditional MSSPs on their ability to deliver MDR-like services. Delivering these services requires technologies not traditionally in scope for MSS, such as endpoint threat detection/response, or network behavior analysis or forensic tools.”
If MSSPs and other traditional security providers had simply invested in evolving their security solutions to keep pace with their evolving threat landscape, then organizations would have many trusted options to choose from. Unfortunately, this is simply not the case, and few traditional MSSPs can provide the true detection and responses required to keep their clients’ safe from today’s threats.
“New” Security Services are Not Necessarily Better Security Services
Taditional security providers pretending to offer next-generation services are not the only players making it challenging to select an effective security partner. Many non-security service providers are adding security services to their portfolio as an upsell. Some of these new players in the managed security market include:
- Entrenched Players: For example, telecoms who offer bandwidth and connectivity solutions, and are adding managed security to those solutions.
- Products with Services: Companies that sell IP, software, hardware, or the like, and are now attempting to wrap security services around their product.
- Boutiques: That focus on a hyper-limited set of security services.
- Consultancies: Including the big-4 providers, who primarily focus on enterprise projects, but are branching into offering security services as well.
While these security service providers may appear to offer next-generation capabilities as an “add on” to existing contracted services, their detection and response capabilities need to evolve to be able to effectively address the current threat landscape.
Selecting the Right MDR Provider: A Guide
Neither traditional MSSPs nor MSSPs claiming to be next gen offer an effective option to meet today’s security objectives. This leaves only one option for the many organizations who cannot afford to develop their own internal security capabilities to next-generation levels— they must partner with a dedicated Managed Detection and Response (MDR) provider who has built their core service offerings around providing next-generation detection and response capabilities (and not simply tacked them on to follow trends).
Yet even evaluating these providers and selecting the most appropriate provider for an organization’s unique needs, presents its own set of challenges, as MDR providers come in many different sizes, and offer varying service portfolios.
To assist organizations looking to select the optimal security provider to meet their new detection and response security objectives, we recently put together a Buyer’s Guide to Managed Detection and Response, which you can access by clicking here.
Jaipal Kolapurath heads the India West Region for Paladion, a leading AI-Driven Managed Detection and Response provider. For the last 8 years, Jaipal has helped several Fortune 100 and Fortune 500 companies in India and the ASEAN region build resilient cyber security programs. Before Paladion, Jaipal spent 14 years with IT Consulting and Services firms enabling digital transformation.