Next-gen MSSPs can provide greater value by using cognitive tools and data analytics
Besides system monitoring, tool management and as-needed issue mitigation—the set of common minimum expectations covered by a service provider—an MSSP can deliver greater value to the enterprise by using artificial intelligence (AI) tools and data analytics to provide next-generation threat management.
With a more comprehensive MSS strategy, insights derived by employing artificial intelligence (AI) together with active threat hunting can better protect the enterprise from threats—not only as they emerge, but before they do harm.
Enterprises can be proactive by integrating knowledge about security issues across the MSSP client portfolio into prevention strategies for each individual client, not just into generic mitigation plans.
The next generation of MSS requires a provider that is not limited to notifying clients of detected events, but rather approaches security events as part of a larger picture. Such a provider can recognize that intrusion attempts, malware and other security issues must be addressed cohesively. Key traits of an MSSP that can extend security tools in this manner include:
- Employment of an overarching standards-based, programmatic approach (such as NIST), rather than a proprietary methodology, to prevent and detect undesired activity. A standards-based approach provides a reliable, repeatable framework for managing multiple types of security incidents, and encourages transparency, a shared vocabulary and predictable outcomes in responding to threats.
- Implementation of information lifecycle management (ILM) and information security management (ISM) practices to put both threats and the data they could affect into context. Viewing security incidents in isolation might cause a lack of adequate business context for proper prioritization and duplication of effort that can be reduced by instead putting each threat into a management framework.
- Emphasis on the development of ongoing insights using visualization and analysis tools (including AI-based tools), so experiences with extant or anticipated threats can be used to inform ongoing security resiliency across the enterprise.
- Integrated monitoring and management functions for managed systems with consulting and system integration for more extensive coverage, rather than approaching each phase of security maturity as an isolated need.
- An aggressive approach to the security perimeter, extending that perimeter to encompass widely distributed endpoints. Enterprise security must be built with an understanding that valuable data may originate from (or be stored in) not just centralized databases, but throughout the IT environment.
- Intelligent use of automation and orchestration to enable necessary scaling without the need for large personnel shifts.
“Insights derived by employing artificial intelligence (AI) with active threat hunting can better protect the enterprise from threats—not only as they emerge, but also before they do harm.”