“May you live in interesting times.” In the realm of cybersecurity, interesting times can be both full of upheaval and change as well as optimistic opportunities for security service providers.
Interesting or not, these are certainly busy times for Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs). The cyber threat landscape is changing and expanding quite rapidly, making their services more critical than ever.
Enterprises in every industry are looking to these service providers for the resources, skills and expertise that they don’t have in-house or can’t find or afford to hire. For companies that offer the right kinds of security services and good value for the customer, opportunities abound.
From my perch as head of engineering for a security platform company, I pay close attention to the cyber threats we all face. Maybe it’s the curse part of interesting times, but the threat landscape is changing quite rapidly, putting extra pressure on those of us who protect all types of businesses against these threats.
The primary reason for the rapid change in the threat landscape comes down to the attack surface getting ever bigger, which makes it much easier for attackers to “browse” around for a soft target and much harder for protections to span all assets. The burgeoning attack surface largely has to do with the voracious appetite that organizations have for taking their workloads off traditional infrastructures and putting them in the cloud.
Cloud computing has played havoc on traditional perimeter defenses and made it a real challenge to protect data when it’s no longer in the on-premise datacenter. What’s more, the threat landscape is only going to continue to expand as organizations bring millions of devices online via the Internet of Things. Each “thing” grows the attack surface, and unfortunately, many such devices are poorly secured, making them very attractive targets for cyber attackers.
The threat landscape is changing, but so is the security tools market
The good news is that security tools vendors are always pushing the envelope to try to stay at least a step ahead of attackers with their ever-evolving tactics, techniques and procedures (TTPs). Lately the big trend has been toward “Machine Learning this…” and “AI that…” and it’s gotten to the point where ML/AI is table stakes for a good security tool that must learn from what it’s observing and adjust to match the attackers’ TTPs.
Perhaps an even better trend of late is that cooperation among security tool developers is beginning to occur across the industry. As the head of a software engineering team, I have my sights set on how we can leverage the broader community as well as how we can contribute back in some way. The bad guys band together, so it’s time for the good guys to play as a team too.
What to have in the security toolbox
The way to fight these cyber threats is with an effective security toolbox. Looking at the breadth of the security industry, the threat areas that must be covered, and the complexity of protecting enterprise environments, it’s clear to see that there’s no “silver bullet” and a variety of tools are needed.
Even more important than the tools themselves is the security model that companies use to protect their digital assets. The security industry has long preached that a “defense in-depth” or “layered security” model is what’s needed to protect an enterprise.
However, recent trends have shown that this model is outdated because it makes the assumption that companies must protect themselves from “the outside” and that internal people and systems can be trusted. The increase in breaches (and very publicized breaches at that) indicate that perhaps it’s better to implement a security methodology that assumes that no one and nothing should be trusted.
This philosophy is largely outlined in the Zero Trust security architecture, which puts a perimeter around very specific applications, data, users and resources.
The Zero Trust security model is gaining adoption for specific needs – for example, very sensitive financial applications – but most companies today are still quite dependent on the layered security approach. That said, here are the kinds of tool categories that security providers should be advocating to their customers:
MSPs/MSSPs can thrive in these interesting times
Security service providers can thrive in these times of vast change by delivering security value, plain and simple. Security is complex and it’s difficult to understand. The MSPs and MSSPs that will come out on top are the ones who understand – and truly care about – their customers’ security problems and fears, and who focus on building a solid solution to quell their customers’ risks.
This advice might sound simple, but so many security providers get this wrong and too many times the customer is left waiting to see what security value their money produced for them.
