Security has never been out of the public eye, but lately, it seems, it has rarely been out of the headlines. Is it time for organisations to admit that they simply cannot keep pace with the volume, velocity and variety of threats now faced? Is it time for enterprise to hand over responsibility to a managed security service provider?
A Managed Security Service (MSS) provider can add value to an organisation that has staffing limitations or lack the skill set required to bring threat intelligence to BAU security operations.
In addition, organisations that must align to strict identification and remediation of known threats will see value from a MSS as SLAs for threat detection will be clearly defined in MSS contracts. However, a Managed Security Service provider loses much of the business context of an organisation’s operations.
Also, MSSs are generally poor at identifying the “unknown – unknowns” as their service relies solely on event data from systems such as Firewalls, AV and Intrusion Detection Systems.
Low and slow attacks that generate low levels of event data are often missed by MSSs and behavioural analysis and mapping of identity governance to event data capabilities are limited in MSS providers.
Finally, by not storing event data in-house, the ability to perform analytics on all your security data is rendered impossible.
Unlike the traditional perimeter or signature based security solutions used by the MSS provider’s backend SIEM, Advanced Security Analytics solutions enable analysts to discover “interesting” or “anomalous” behaviour without being dependant on having foreknowledge of the attackers’ specific instances of malware or attack steps.
In short, MSS providers should bring value to organisations in identifying known threats and limiting the burden on security operations however ceding ownership of event data to a MSS will greatly lessen your organisations’ advanced / unknown threat detection and behavioural analysis capabilities.
Want to know more? Please do not hesitate to contact us here