Given the very public explosion of ransomware, and an ever-growing list of other cyber threats, IT services providers are increasingly looking for ways to meet the insatiable demand for cybersecurity. In this Q&A article with Jonathan Nguyen-Duy, we look at some of the trends and challenges facing the MSSP community.
There are two forces driving the growth of MSS - complexity and cost. The complexity of threats and regulations continues to grow, with no change in sight. On the cost side, there is a seemingly ever-expanding shortage of even basic security skills, and an even larger gap for experienced security professionals. Businesses of all sizes are realizing that maintaining in-house security capabilities is becoming more and more difficult, with no reasonable expectation for improvements in performance or protection. As a result, outsourcing to an MSSP is becoming an increasingly attractive option as the cost of finding, retaining, and training scarce security talent mounts. MSSPs offer predictable costs and performance – allowing enterprises to focus on their security objectives and governance.
Digital transformation from the IoT edge to the cloud is increasing the complexity of enterprise network, and expanding the potential attack surface, as the traditional perimeter further disappears in the next wave of distributed network segmentation and virtualization. Compounding this expanded attack surface is the rise of new threats, like ransomware and IoT-based DDoS, as well as the continued success of older exploits – some older than decade. Across multiple industry and law enforcement studies, there appears to be little sign that as an industry we are showing any appreciable improvement in combating the success of hackers, hacktivists, script kiddies, organized crime, and nation state actors. Yet, these same studies also point to the fact that most attacks can be mitigated through simple to intermediate controls. The real challenge is that security teams are simply overwhelmed by the sheer volume of events and the complexity of monitoring ever-expanding networks and ecosystems that span traditional data centers, private clouds, public clouds, and hybrid environments.
In addition, security teams are grappling with the challenges of supporting new vendor devices, BYOD, and shadow IT issues. Third party technology integration is another huge development and support burden for many enterprises. The resulting complexity is fueling the demand for MSSPs. Data sovereignty requirements around the world add to this complexity, making it very difficult for global enterprises to maintain Security Operations Centers (SOCs) in multiple countries.
Current security approaches require a balance of event monitoring, device management, and incident response, as well as Governance, Risk, and Compliance functions. In-house solutions are struggling to keep pace with the avalanche of security events detected by SIEM tools and the ever-growing list of compliance requirements. We are fast approaching the point where in-house security is no longer practical. Indeed, many enterprises are assessing whether security is even a core competency. With the exception of the Global Fortune 2000, and government agencies that face advanced, nation-state level threats, most businesses facing opportunistic attacks and compliance requirements might be better served by Managed Security Services Providers (MSSPs).
For an MSSP to stand out as a true partner, it must be able to demonstrate the ability to enforce the same levels of controls and compliance requirements as in-house solutions. It must also be able to support the management, orchestration, and reporting of security services across traditional enterprise networks along with IoT and cloud architectures – all via a single pane of glass that includes self-service, customizable trouble ticket management and reporting. The MSSP should also be able to demonstrate global capabilities while providing services customized to regional requirements – including data sovereignty and local language support.
In essence, a partner must demonstrate that it can execute the security requirements better and cheaper than the client, but also in a manner that can be customizable and scale as the client moves through their digital transformation.
The key issue is to map the proper MSS architecture to the appropriate market. For the Global Fortune 2000 and government agencies, an MSSP architecture must accommodate a wide variety of onsite and remote capabilities for detecting and mitigating advanced threats and campaigns. The challenge is to balance the need for scale via multi-tenant capabilities with the multi-instance needs of large enterprise data analytics for advanced threats. Large enterprises and government agencies typical require dedicated analytics platforms to process the huge volumes of data required to detect advanced threats, such as customized malware and insider threats. They also require customizable and self-service access to event and incident log data for compliance and incident response.
Mid-market companies, on the other hand, are primarily concerned with compliance and security against opportunistic attacks, along with a range of known and advanced threats that can be addressed via simple to intermediate controls. This market is all about scale and predictable costs.
The Fortinet Security Fabric revolutionizes MSS -enablement because it reduces the complexity of threat management, compliance, and IT development. The Fabric Readiness Program ensures that all products are pre-integrated out of the box – thereby reducing the complexity of third party integration development and support and accelerating deployment/time to market. The Fabric supports both hardware and virtualized security devices – from the IoT edge to the cloud – at the hypervisor to VM layer.
The Fortinet Security Fabric provides control, integration, and easy management of security across an organization’s entire distributed network ecosystem. It also closes any gaps that were most likely introduced when disparate security products were added, data centers migrated, and/or networks expanded.
Once deployed, the Security Fabric allows security to dynamically expand and adapt as more and more workloads and data are added, and at the same time, seamlessly follow and protect data, users, and applications as they move back and forth between IoT, smart devices, and cloud environments located throughout the network.
The Fortinet Security Fabric is built around three key attributes: