Managed Security Services In The Age of Advanced Threat Intelligence 

Uploaded on 2024-02-21 in TECHNOLOGY--Resilience, FREE TO VIEW

In recent years, the Managed Security Services Provider (MSSP) market has developed considerably. In particular, service providers have been increasingly embracing advanced technologies that can triage and reduce alert fatigue, increase accuracy and broaden access to complex automation solutions to smaller organisations that they can’t manage themselves.  
 
This is in contrast to legacy approaches whereby MSSPs focused on staff augmentation for organisations that lacked the skills and people to build their own security teams, even though this didn’t necessarily improve effectiveness and was more akin to expensive outsourcing. Today, however, numerous managed detection and response (MDR) services have come to the market, making advanced detection and response capabilities more widely available. One of the major drivers of this trend is the growing importance of threat intelligence, which enables enterprises to get ahead of attacks and proactively plan ahead instead of merely reacting to alerts and incidents as they unfold.

The problem is, however, that managing and making sense of threat intelligence has proven difficult for many security teams, especially smaller ones. 
 
Indeed, Gartner suggests that there are relatively few organisations out there that have an accurate picture of their own threat landscape, and in particular, security and risk management leaders struggle to understand the threats that represent real concerns for their organisations. 
 
Part of the challenge is that there is now a plethora of threat data available from open-source feeds, commercial providers, industry associations, and internal security processes. This can translate into problems for organisations trying to aggregate, correlate and prioritise potentially huge volumes of information into a single source of truth. 
 
Yet, this is a crucial capability given that threat intelligence depends on communicating the relevant data to the right people at the right time, so they can act upon it swiftly. In some cases, the challenge can overwhelm SMEs and their security teams because it relies on the use of complex technologies that are geared towards large enterprises and their threat intelligence analysts. 

Bridging the Gap: How MSSPs Are Making Threat Intelligence Accessible & Actionable for All   

So, where can organisations turn to deliver on their threat intelligence objectives? One option is the use of Threat Intelligence Platforms (TIPs), which give users the ability to automatically extract relevant indicators from threat feeds, perform enrichment to add contextual information and integrate this insight with existing security controls. The problem here is that many security teams find them too expensive and complex to deploy, while conventional TIPs don’t easily integrate with other SOC orchestration, automation and collaboration tools. 
 
This is where today’s MSSPs can step in to meet this increasingly important need by helping customers manage threat intelligence, sift through the noise and deliver concise, actionable threat alerts.

By leveraging their proven shared resources model, MSSPs are much better placed than individual organisations to invest in scalable TIP platforms, expert analysts and effective collaboration tools to bridge the gap between threat intelligence data and actionable insight. 
 
In practical terms, by offering threat intelligence-as-a-service, MSSPs can meet the needs of organisations looking to detect and mitigate emerging threats, vulnerabilities and indicators of compromise that could put their networks and systems at risk. Moreover, by identifying potential threats and vulnerabilities before they are exploited, customers can significantly reduce the likelihood of serious security incidents and the major costs that can result. 
 
In addition, industry-specific information sharing and analysis centres (ISACs) have an important role to play and, today, operate across a range of sectors, from financial services and energy to healthcare and automotive, among others. ISACs can help aggregate threat intelligence and other security data from multiple sources for their members based on recognised threat level protocol (TLP) classifications. Among the more advanced ISACs, bidirectional sharing is also emerging, allowing members to share real-world intel for the benefit of the entire community. 
 
This hub-and-spoke approach to intelligence-sharing can now also be seen in other contexts, with MSSPs bringing like-minded organisations together across industries as diverse as healthcare, manufacturing supply chains and sport. What they have in common is the need to receive proactive threat intelligence and benefit from a collective defence model. 
 
Ultimately, the goal of threat intelligence is to ensure organisations have the tools to make better and faster decisions based on timely and contextual data.

MSSPs are ideally placed to meet this need, and by making proven technologies and data sources available to a wider market, they can help strengthen cybersecurity protection, safeguard assets and maximise resilience in the ever-evolving cyber risk ecosystem. 

Avkash Kathiriya is Sr. VP - Research and Innovation at Cyware

Image: ThisIsEngineering

You Might Also Read:

Cybersecurity In Managed Cloud: Best Practices For Keeping Your Data Safe:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 


 

« Top Three Types of Data Security Technology
A Goal Without A Plan Is Just A Wish »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MetaCompliance

MetaCompliance

MetaCompliance is a cyber security and compliance organisation that helps transform your company culture and safeguard your data and values.

Cura Software Solutions

Cura Software Solutions

Cura Software Solutions (formerly Cura Technologies) is a market-leader in Governance, Risk and Compliance (GRC) enterprise applications.

Cambridge Intelligence

Cambridge Intelligence

Cambridge Intelligence are experts in network visualization and finding hidden trends in complex connected data. Applications include cybersecurity.

ObjectSecurity

ObjectSecurity

ObjectSecurity is a leader in authorization policy automation. With OpenPMF, you can manage application security policies for access control and auditing.

SecureMetric Technology

SecureMetric Technology

SecureMetric is one of SE Asia’s leading players in the field of digital security with a focus on Software Licensing Protection, 2-Factor Authentication, Advanced Identity and Access Management, Publi

CERT.lu

CERT.lu

CERT.lu is an initiative to enhance cyber security practices and techniques, and support security professionals in Luxembourg.

Authomize

Authomize

Authomize aggregates identities and authorization mechanisms from any applications around your hybrid environment into one unified platform so you can easily and rapidly manage and secure all users.

Humming Heads

Humming Heads

Humming Heads offers a complete solution to fight the advanced threats that target a company's endpoints and servers.

ThreatReady Resources

ThreatReady Resources

ThreatReady reduces an organization’s risk by delivering cyber security awareness training based on the latest, state-of-the-art learning science to effectively drive long-term cyber-safe behavior.

Greenberg Traurig (GT)

Greenberg Traurig (GT)

Greenberg Traurig, LLP (GT) is a global law firm with offices in 40 locations in the United States, Latin America, Europe, Asia, and the Middle East.

SHe CISO Exec

SHe CISO Exec

SHe CISO Exec is a sustainable global training and mentoring platform in information security and leadership.

Red Sky Alliance

Red Sky Alliance

Red Sky Alliance (Wapack Labs Corp) is a cyber threat intelligence firm that delivers proprietary intelligence data, analysis and in-depth strategic reporting.

SAM Seamless Network

SAM Seamless Network

SAM Seamless Network is a cybersecurity technology platform that protects the connected home, by tackling cyber security threats at the source.

IT-Seal

IT-Seal

IT-Seal GmbH specializes in sustainable security culture and awareness training.

Mindaro Insurance

Mindaro Insurance

Mindaro is adding the crucial piece of the cyber security puzzle that protects your organization from the financial ramifications of cyber attacks.

Iron EagleX

Iron EagleX

Iron EagleX deliver engineering solutions in cloud computing, big data, cyber, and machine learning technologies to US Government customers.