Sponsored Feature Most experts agree cybersecurity is now so complex that managing it has become a security problem in itself.
Hackers targeted weaknesses in isolated systems such as email, office applications or Windows PCs and so it made perfect sense to protect them with dedicated layers of security.
The result has been tool and system sprawl as ever more layers have been needed to protect new technologies such as web applications, IoT, and mobile devices from a constant barrage of threats.
One of the simplest ways to measure this phenomenon is to look at the number of security tools organizations use to protect themselves, which according to one recent estimate has reached 50-60 for medium-size organizations and north of 130 each for larger enterprises.
Growing complexity, skills shortages, and rising costs have resulted in huge growth in the managed security service provider sector over the last decade.
The principle driving this is simple: outsource some, or all, of the security management problem to a third party and pay for this as a predictable operational cost rather than capital expenditure.
A separate argument is that the once everyday task of threat detection and response has become too demanding and specialized to be carried out by in-house security teams which must also balance this function with their everyday security tasks.
An MSSP founded in 2003 to address this expanding corporate cybersecurity problem is SecurityHQ, which today has Tier 3 security operations centers in the UK, the Middle East, the Americas, India, and Australia.
At the heart of its proposition to customers is its integrated security service, Managed Defense.
This includes traditional MSSP MDR/EDR/XDR protections, as well as Managed Firewall and Managed Endpoint Protection, Managed Data Security, Threat & Risk Intelligence, and email security.
The company offers cloud protection through its Managed Protection for AWS, Managed Microsoft Sentinel and other specialized services such as its innovative SOAR-based Contain-X incident automation response system, a user behavior analytics add-on, and digital forensics and incident response.
One of the company's senior cyber security managers, Sam Mannox, agrees that for many organizations, using an MSSP has become the only way they can access advanced security capabilities in an affordable way.
According to Mannox, the main threat types are phishing attacks and credential theft as well as fake invoices/invoice fraud campaigns.
Stopping these sounds like a basic form of security but remains as critical as ever.
Ransomware is the biggie, a constant threat which often results from a simple credential compromise.
Through it, attackers can impersonate a legitimate user or account ID, bypassing whole layers of expensive network security in ways that organizations struggle to detect.
Attackers will still leave clues to their presence, some of which will turn up in a security console as an alert.
The whole process is managed through SecurityHQ'sIncident Management & Analytics Platform by the company's SOC analysts, which also helpfully gives customers a visual overview of an incident workflow and the actions that arise from this.
According to Mannox, the biggest problem in security is still a tendency for organizations to ignore problems they can't see or haven't bothered to look for.
Eventually, they risk being found out, more so if the security team is small.
This Cyber News was published on go.theregister.com. Publication date: Wed, 13 Dec 2023 09:13:04 +0000