What’s Holding Managed Security Service Providers Back?
As CEO of Logpoint, Jesper is an expert on business and cybersecurity innovation.
Managed security service providers (MSSPs) enable organizations to outsource their security operations cost-effectively. Rather than devoting spend to building and maintaining an in-house security operations center (SOC), organizations can obtain such services from the MSSP and benefit from their scalability and expertise.
However, to obtain their business, MSSPs must compete effectively by delivering real-time managed detection and response SOC services. All indications are that they are currently struggling to do that.
We conducted a survey of MSSPs and found that 65% thought their SOC operations might be losing time due to inefficient processes, creating an increased risk to their customers through slower incident response times. Some SOCs were not integrated with other technologies, for instance, and only 25% were using automated playbooks or procedures for alert response—meaning the vast majority were manually reviewing their system alerts.
Consequently, over half (57%) said the gap between mean time to detect (MTTD) and mean time to respond (MTTR) was below expectations. It’s a gap being widened by SOC operations failing to automatically feed threat intelligence to security solutions such as endpoint detection and response (EDR), firewalls and user management—delaying detection and response further. Moreover, a third of those questioned (35%) said they did not have the best processes or tools for building detection patterns, preventing them from identifying emerging threats.
Forward-Thinking
There is a clear understanding of where MSSPs are today versus where they want to be, with most stating they intend to create new services over the next 12 to 24 months—including EDR, network detection and response (NDR), managed computer security incident response team (CSIRT), security orchestration and response (SOAR), managed detection and response (MDR), and SOC for small and medium-sized businesses. In order to roll out such services, MSSPs need to reassess their business processes now and explore how they can implement automation and orchestration.
Automation sees technology used…
