MSP Security Changes Coming Soon
If the global pandemic weren’t enough, MSPs will be facing new changes in the coming months and years pertaining to internal (and external) security practices and technologies. What does this mean for your MSP security practice? We will explain.
It should be no secret that cybercriminals have used the global pandemic to increase and shield their nefarious activities over the last 12 months. While bad actors were quite active leading up to the pandemic, since the outbreak, these cybercriminals have simultaneously ramped up their attacks while at the same time using the pandemic as cover. After all, what better time to launch cyberattacks than during a global pandemic.
As the world begins to get vaccinated and a post-pandemic norm settles in, the cybercriminals will undoubtedly continue their activities, leaving organizations and MSPs to prepare for what is coming next. But, what should the MSPs anticipate?
Next-Gen MSP Security
The days of having only a firewall are over. I think we all know this. Firewall management has been a standard managed services offering from MSPs for years. Still, policy-based firewall protections are no longer sufficient to protect MSPs (and clients) from the dangers lurking out there.
SIEM (security information event management) has been a great supplement to firewall and other endpoint management technologies. Still, the SIEM tools have traditionally required people (in a SOC) to unleash those benefits. With cybersecurity unemployment maintaining record lows, growing a SOC practice can be challenging for many MSPs, both from a cost perspective and finding the talent.
This brings us to XDR.
XDR for Managed Services is relatively new and still making its way throughout the enterprise community, not to mention the MSP community. Extended Detection and Response may not mean a lot to you right now, but that will change soon. First, let’s establish some definitions to help you better understand what is coming.
Endpoint Detection and Response (EDR) was coined by a Gartner analyst back in 2013. Aimed to enhance the existing endpoint devices commonly used by MSPs to protect themselves and clients, these devices needed additional analysis to exploit the benefits fully. https://blogs.gartner.com/anton-chuvakin/2013/07/26/named-endpoint-threat-detection-response/
While EDR has focused primarily on the endpoint (no surprise here), SIEM products have gone beyond the endpoint and gather data from multiple network devices and correlate that data. If you are wondering, that event correlation and response has traditionally been performed by people. As you may already guess, the problem is that there aren’t enough people around to perform sufficient 24/7 monitoring, management, and analysis. This lack of human resources is particularly acute within the mid-market and SMB communities, including MSPs servicing those markets.
What is XDR?
Extended Detection and Response enables the MSP to “extend” the capabilities of the endpoint devices they use and review, analyze, correlate, and respond to security events without having to rely solely on a fully staffed SOC or NOC. Technically different from what a SIEM product does, SIEM and XDR combined are the future of managed services best practices.
The future for MSPs is in the adoption of those “managed SIEM” and XDR/EDR/MDR solutions, extending the capabilities of the MSP beyond their existing NOC/help desk staff by including automation and machine learning. At the very least, MSPs will be expected to incorporate these technologies into their toolsets, even if they do not deliver these as services to their clients. What does this mean specifically?
MSPs will soon be expected to have these next-generation security solutions pointed inward at their own IT resources, even if they are not using these technologies to deliver managed security offerings to their clients. My own opinion is that most MSPs ought to look at adding these technologies, safeguarding the MSP organization, and providing them as managed services to customers who could benefit from them.
The benefits of adding SIEM and XDR technology are numerous for MSP and clients alike. MSPs, however, will address a critical scalability issue with XDR and SIEM solutions without having to rely on staffing up with costly cybersecurity personnel additions.
If you are already down this path, keep it up, you are doing the right thing. If you haven’t started to acquire these technologies, start now.