By now, every business leader should have made cyber security a top – if not THE top priority for their organization. The reason is simple: Most can’t afford the cost of a breach. Between the direct cost and longer term impacts from damaged reputation, potential litigation, and more, breaches come with a massive price tag – more than $4 million on average, according to IBM’s research. For SMBs, a breach can be even more damaging. In fact, 60% say they would be out of business within six months following a breach.
The problem is IT environments are becoming increasingly complex, driven by digital transformation, increased use of cloud applications and, of course, this new generation of hybrid and remote workforces. To top it off, bad actors are constantly evolving their tactics to stay ahead of security tools, increasing the security imperative.
Most businesses, though – especially SMBs – don’t have the resources or expertise to effectively manage their security needs, which is why the demand for security services from their MSPs is growing – and why MSPs are adding security to their service portfolios. It’s a natural evolution, considering MSPs are already managing their clients’ other IT needs.
I recently caught up with Kevin Nejad, CEO of Vijilan, who explained why effective security has become a challenge and how MSPs can deliver effective security solutions to their clients. Kevin will be speaking on how MSPs and their clients can take a modern approach to data security next week in Ft. Lauderdale, Florida, as part of a three-day security track within MSP Expo. Here’s what Kevin had to say.
Is there any recent news from your company you would like to highlight?
It’s been a challenge for MSPs to speak the value of SIEM and SOC to their clients. We have recently launched ThreatInsight, our SIEM/SOC as a service sales tool. With ThreatInsight, our MSP partners get complete insight into their client's environment to showcase the value of cyber monitoring and gain access to valuable reporting features for $99/month. We have also recently partnered with The ASCII Group to provide exclusive benefits to ASCII members in the U.S. and Canada! We have also launched a new program with IT by Design to provide managed XDR. It's designed for MSPs that need both NOC and SOC services.
How have the past two years changed your company?
As the cyber security landscape continues to evolve, so do we. Vijilan has made many strides to keep up with the ever-changing security field. As previously mentioned, we are offering our SIEM/SOC as a service for $99/month as we saw a need for MSPs to showcase the value of cyber monitoring to SMBs without breaking their budget. As many as 70% of organizations still don’t have a comprehensive security monitoring services in their security stack. We have also changed our pricing model to better suit the needs of MSPs and their clients. We have also recently added new marketing and sale collateral to enable our partners to sell cyber monitoring services.
What’s changed in the security space? How have attack methods changed and how has the security community adapted?
We are seeing organizations being more proactive in monitoring their environments for security breaches. For the first time in history, most MSPs and their client are proactive in contacting law enforcement of potential security incidents. Cloud application adaptation has increased significantly. Cross-visibility into all technologies whether they are on-premises or in the cloud has become critical.
What’s the biggest security challenge businesses face?
We are seeing most of our clients attempting to gain visibility across all their technolgies and assets, whether on-premises or in the cloud. The Detection and Response (DR) goes beyond EDR into Extended networks.
Adapting in-house managed SIEM and SOAR for most organizations has been a huge challenge. SOAR and SIEM, according to IBM’s Cost of a Data Breach Report 2021, states that it has accelerated the incident response with existing security tools. Automation technologies, including AI that’s built into most EDRs, significantly reduces the average time to identify and react to a data breach.
Organizations that had more than 60% of their employees work remotely (in response to the COVID-19 pandemic), had higher-than-average costs of data breaches. UEM, IAM, has helped gain insight into BYO X (e.g., tablet, laptops, desktops, mobile devices, etc.).
To what extent has business leaders’ understanding of security changed? Has that been reflected in their investment in/adoption of security solutions?
We are seeing MSPs including security monitoring in their security stacks. In 2021, there was an increase of 80% of MSPs adding SIEM and SOC to their security stacks side-by-side with backup and disaster recovery tools, email security, EDRs, and vulnerability assessment.
Why is it so difficult for businesses to effectively secure their technology environments?
Most organizations have implemented very comprehensive security practices. One, in particular, is the layered approach to security by design. The challenge is the consolidation of information that’s generated from all these technologies into a single platform that gives them security insight – Security insight that crosses all their technologies and platforms.
Do MSPs have the expertise to support their clients’ security needs? What do they need in order to support their clients effectively?
MSPs have tremendous leverage over their clients’ IT teams when it comes to security. They are at the forefront of technology and are exposed to so many different vendors and technologies. The challenge is finding a vendor that specializes in one specific area of security and is considered an expert, to get them out of whatever situation they might be in.
Can MSPs take a single-vendor approach to security, or should they work with multiple security partners?
Single vendor is a dangerous approach for several reasons. At the same time, having multiple vendors can either create overlaps in certain areas or areas that get exposed.
What we are seeing is that vendors cannot specialize in so many different areas and be great at it. Just like having multiple components to protect operations on multiple levels from a layered security approach, you should be overly cautious when partnering with organizations that claim to provide a complete security solution. For example, when you want to show the world that you comply with security policies, you hire a 3rd party to perform the audit. So, the provider that sells a product cannot do the security audit. The security monitoring and auditing should be done by an agnostic third party.
The same goes for end customers? Should businesses be using multiple security solutions?
Most SMBs that don’t have the human capital to manage multiple components in their security stack, rely on their MSPs. The best approach is a hybrid model, where businesses work in collaboration with their IT solution providers to design multiple strategies and resources to identify, contain or eradicate a security threat
What’s the biggest security challenge MSPs face?
Just like any other organization, having remote workers being the new NORM, and MSPs are finding it challenging to support remote workers in a secure fashion cost effectively. It's a challenge, just like any other organization, to demonstrate the value of the increased costs to their clients. There has been an increase in the use of SaaS tools by their clients, but MSPs don’t always manage these tools.
There is a significant push to consolidate all the technologies used by the MSPs into one, so MSPs don’t have to jump from one screen to another. Gaining security visibility across all their technology would be ideal. As it stands today, MSPs have to juggle between so many different platforms to see a cyber attack.
What’s the best way for businesses to approach ransomware and other security threats?
If businesses rely on their backups in order to recover from a ransomware attack, it means one of their controls has failed or is non-existent. In addition to best practices, such as network segmentation, MFA, frequent back-ups, we want to make sure you have very good monitoring at all levels.
How can MSPs and their clients remain diligent when it seems bad actors are always a step ahead?
MSPs need to reduce the dwell time (he time when an attacker first enters the network to when they are removed). The challenge is measuring the time to recovery. Small businesses would best benefit by relying on their MSPs because they run a 24/7 SOC and NOC, whether it’s through their own operations or partnership in other SIEM and SOC vendors. They can quickly detect and eradicate before the damage is done.
What’s your approach to security and helping MSPs and their clients keep their data, networks, and applications safe?
Our approach, until a few years ago was to include select critical devices, such as firewalls and domain controllers. We are now suggesting logging everything – include every device, user, and cloud application – to give visibility across all their technologies. We stand by the MSPs and their customers when they are going through a breach.
What are you hoping to achieve at MSP Expo? Why should attendees make sure they visit your booth?
Our MSP partners had a hard time speaking the value of SIEM to their customers, so we developed a sales tool that can be deployed in 10 minutes, and it can ingest logs from every imaginable device or technologies. It shows the number of activities that are occurring in the environment. MSPs can do this for all their customers without incurring significant costs. The purpose of this sales tool is to give MSPs and their customers security insight.
What will you be discussing at MSP Expo? Why should your session be on the list of must-attend sessions at this year’s conference?
MSPs want to generate more revenue for their businesses, have peace of mind that none of their customers would go out of business because of a security breach. That’s the bottom line. Vijilan became the first company, EVER, to provide SIEM insight in a turnkey fashion. Meaning you can see what SIEM can produce without committing to any long-term contract or financial commitment. We are introducing ThreatInsight.
Our partners have rolled out ThreatInsight into the remaining clients that were not using SIEM. We are seeing our MSPs partners having 90% success rate in rolling out SIEM and SOC to all their customers.
For the latest information about the MSP cyber landscape, join MSP Expo 2022, delivering four days of education and networking specifically focused on the MSP community, including one full track dedicated to security. MSP Expo 2022 takes place June 21-24, 2022 in Ft. Lauderdale, Florida and is collocated alongside the other #TECHSUPERSHOW events, including ITEXPO, Future of Work Expo, IoT Evolution Expo, The Blockchain Event, and more.
Edited by Erik Linask