OK, in Part 1 of this post, I mentioned that when I meet businesses people and discuss security, I receive questions like:
- “Why do we need a Managed Security Services Provider in the current and oncoming cloud era?”
- “Does cloud make it more or less important than before?”
- “How can a third party MSSP manage our applications and infrastructure better than the people who designed and built them?”
And I went on to explain that all the things mentioned above make using an MSSP more important than ever. Because the battle against cybercrime is like being at war. And to fight a war, it is important to have a strong ally by your side. That is what a good MSSP will become.
The bad guys have allies. So you’ll need one, too.
Just as in the real world we live in today, the alliances between forces that seek to do harm can be hard to see. But they are there. For example, sources report the POS malware used against Target appears nearly identical to crude but effective “crimeware” code sold on cybercrime forums. Called BlackPOS, it’s a specialized malware designed to be installed on POS devices where it can record all the data from swiped credit/debit cards. By leveraging “crowd developed” exploits, the bad guys have nearly limitless resources waging their war. And there’s increasing evidence that state sponsored attacks are occurring more frequently. Some of those highly funded methods could easily be leveraged against businesses like yours.
As in most wars, some of the most devastating attacks are not directly obvious. Covert, silent activities that infiltrate without detection are the most dangerous and emotionally unsettling. Many tech leaders lie awake at night wondering if such a threat has already infiltrated their systems, slowly and silently compromising their company’s brand, trustworthiness and financial security. Recognizing such threats requires systems capable of correlating logs and communications flows using complex and still evolving algorithms.
Managed Security Services Providers: Your allies in the war against cybercrime
Sir Winston Churchill once said, “There is at least one thing worse than fighting with allies – and that is to fight without them.” This is especially true when referring to the fight against cyber threats.
To see if you need an ally in this war, ask yourself these questions:
- Do you have the in-house capabilities and resources to fight this alone?
- Do you have the tools and capital assets to equip these resources?
- If so, do they have the bandwidth needed to divert their attention from other essential day-to-day and strategic activities to dedicate themselves to cybercrime?
- If not, do you have the budget to source new resources and tools?
- Do you have the time required to ramp-up the resources and needed integration of tools? And does your executive team / Board of Directors have the patience to allow you to do this?
- Are your existing resources too close to the problem (testing for the risks they know, but possibly missing the unknown risks)? Is your staff staying current on the latest emerging risks?
- Are you prepared for any false starts associated with rapidly increasing your core security capabilities?
- Can you keep up with the rapidly change battlefield, new vulnerabilities, additional partners, industry trends, and technology trends like BYOD?
- Are you big enough to do this 7/24? Do you need multi-locations in case one is breached?
- Do you have the relationships necessary to form a network of allies willing to rapidly share intelligence about attacks?
- Do you have the clout to partner with local, state and federal authorities to leverage their intel, resources and expertise?
- Do you have the lab resources necessary to analyze this intelligence, perform behavioral analysis, and translate it into actionable information?
- Do you have time and money to invest in the continual security training that’s needed?
- Do you know enough about your infrastructure and associated vulnerabilities to respond to an attack without pulling in the resources that need to perform issue remediation?
- What’s the best use of your valuable technology subject matter expects? Supporting a partner with their expertise, or retraining them in completely new security skills?
The bottom line on MSSPs
Another favorite quote is, “If you’re not going to be there, then don’t show up.” In other words, if you can’t dedicate yourself to providing the required level of performance, then don’t waste your time and resources checking the boxes. Instead, find another method to achieve the desired goal.
The reality is, in all but the most disciplined companies, good security policies, procedures and practices are underfunded and intrinsically expected to be in place. While the cost of leveraging an external managed services solutions ally is a fraction of attempting to deliver those capabilities internally for most companies.
Why, in this day and age, would anyone choose to fight without one?
I would welcome your thoughts on that or any questions raised above.
Image Credit: securityintelligence.com
Ready to increase your security measures?
Experts predict that almost 80% of organizations will suffer at least one harmful attack. How can you prevent a breach from occurring before your business becomes a victim? With Threat Monitoring and Defense, you get 24 x 7 security monitoring and protection to identify and manage threats before they become disruptive, costly data breaches.