360-degree protection requires exposure management, as well as detection and response, to discover and validate asset vulnerabilities before bad actors find them.
The idiom “mind your P's and Q's” is about paying attention to the details, and it certainly applies to cybersecurity. The finer details involved in managing diverse cybersecurity technology can be lost if managed security service providers (MSSPs) miss the mark. And they surely will if the services are not fully integrating the appropriate offensive and responsive protections to meet customer needs.
We all know the number of bad actors and cyberattacks is rapidly increasing, as is the sophistication of their attacks. Keeping a strong defense against these growing threats is a difficult task for any organization, particularly with the huge gap in the number of skilled cybersecurity practitioners needed to meet the demand. Hiring and keeping qualified experts to meet an organization’s security needs is not easy, and the costs, expenses, and ability to keep up diverse cybersecurity technologies is a never-ending task.
MSSPs and MDRs are on the rise
Managed security service providers can close those security gaps, while lowering costs and streamlining processes. Choosing an MSSP to manage cybersecurity protections can benefit organizations large and small. Another fast-growing sub-segment of the MSSP market is managed detection and response (MDR). MDRs have their own multi-function technology stacks, as well as other integrated security capabilities that are delivered as cloud services. MSSPs and MDRs are becoming more prominent as digital infrastructure perimeters expand across a complex ecosystem of multi-clouds, on-premises, mobile and remote users.
Many organizations fall short in monitoring their detection and response initiatives because cybersecurity vendors, tools and products have grown so complex and fragmented. This complexity and fragmentation are why there is a great need to outsource to MSSPs and MDRs. In doing so, they gain 24/7 security operations center (SOC) protection for their endpoints, applications, networks, and clouds as an extension of their in-house team. This allows organizations to focus on improving their customer experiences with the apps and services they provide, while reducing the risks that directly impact their businesses. According to Gartner, by 2025, 50% of organizations will use MDR services for their threat detection and response operations.
Integrating automated exposure management into the managed security stack
Cybersecurity risk management is a defensive approach that identifies and prioritizes threats, so the most critical ones are handled in a timely manner. Exposure management solutions like breach and attack simulation (BAS), attack surface management, and automated penetration testing identify and analyze risk within an organization’s digital infrastructure to identify asset vulnerabilities, potential loss exposures, and steps needed to minimize risk.
Exposure management is an adjacent service that MDRs integrate into their managed service portfolios. It’s an important function for offensive protection against hidden vulnerabilities within newly deployed assets and assets that have been updated with code changes, reconfigurations, untested backups, and patches. Testing through simulation and direct exploit practices in automated red team fashion can verify and validate that IT infrastructure components, processes, and procedures are working, without opening new vulnerabilities and risk.
Britt Norwood, Senior VP, Global Channels and Commercial at Trellix emphasizes that security operations are constantly responding to threat alerts from multiple sources and need holistic solutions that minimize the impact threats have on their customers.
“Critical to any MDR’s business is the ability to reduce security event response times and streamline overall management,” he said. “This requires a comprehensive security stack with diverse functions and capabilities all accessible and viewable from a single interface. The ability to identify and validate risk vulnerabilities within apps, systems, storage, and networks, in addition to detecting anomalies and mitigating threats across all attack vectors from endpoints to clouds is a huge advantage.”
Automated and continuous penetration testing integrated within MSSP and MDR platforms streamlines orchestration and improves efficiency, effectiveness, and productivity, providing continuously clear risk visibility across the customer’s entire IT environment.
Automated pentesting within the security stack enables managed services to:
- Discover vulnerabilities within active assets
- Scan and report on assets and network infrastructure attack surfaces
- Conduct automated exploits using ethical hacking skills learned from human testers
- Conduct post-exploit verification using testing techniques like privilege escalation, Pass-the-Hash, etc.
- Integrate auto pentesting into MSSP and MDR technology stacks with application programming interfaces (APIs)
Exposure management business benefits
- Fuel business growth and increase revenue streams with exposure management services
- Expand your service delivery portfolio for a competitive differentiation and advantage
- More fully meet customer requirements with automation for 360-degree protection across on-premises, clouds, and hybrid environments
- Enable customers to justify their MSSP and MDR spend by reducing risk and improving their business outcomes
- Complement detection and recovery capabilities with exposure management to proactively discover and fix vulnerabilities before bad actors find them
MSSPs and MDRs with integrated automated pentesting can discover unknown attack surface vulnerabilities using AI-powered algorithms with real-time information to generate dynamic attack strategies. When exploitable risks are uncovered, risks are scored to better understand issues and prioritize those that might have the biggest impact.
Only testing when required by compliance, annually or on an ad hoc basis, exposes security vulnerabilities between testing cycles. More frequent automated testing provides reliable assessments and allows red teams to focus on higher priority use cases. By focusing on risks and vulnerabilities inherent within a customer’s network, time and effort identifying, and prioritizing attacks is reduced, and less time is spent triaging false positives.
Complete 360-degree protection of customer assets with exposure management allows MSSPs and MDRs to expand their capabilities beyond hunting for active threats that target systems. They can now analyze and prioritize their customer’s risks, while providing a more complete picture of their entire threat landscape with a kill chain for each attack.
About the author
Lydia Zhang is President and Co-founder of Ridge Security. She holds an impressive entrepreneurial-focused resume that includes 20 years of leadership roles in network and cyber security. Lydia leads a Silicon Valley cybersecurity startup that develops automated penetration testing with the goal of delivering innovative security technologies to all. Prior to founding Ridge Security, Zhang held Senior Vice President and Product Management roles at Hillstone Networks and Cisco Systems. She holds a double Masters, MA and MS, from USC, and a degree from Tsinghua University in Biomedical Engineering.