Security teams are inevitably overwhelmed and short on time. This is especially true when it comes to managing their organization’s security posture where they face three major challenges:
- An exploding attack surface
- A patch management program hasn’t kept up with the rapidly changing threat landscape
- Not enough people resources
To improve their security posture, or simply increase their ability to “get stuff done,” security teams have two options. They can maintain their Do-It-Yourself (DIY) approach and improve their productivity by adding automation to work more efficiently, or they can work with a Managed Security Service Provider (MSSP) who uses the same automation behind the scenes to augment their efforts. The choice depends on several factors.
Automation
There is an opportunity cost to having highly experienced staff work on simple tasks. Often security teams will choose to automate security posture management to eliminate manual, repetitive and often dull work. Why repeat the same tasks over and over again when they don’t have to? Automating these tasks allows the team to focus humans on “human problems” that require judgement and decision making.
Today though, managing a company’s security posture is no longer a human-scale problem. Organizations’ attack surface has exploded. The number of devices under management has increased rapidly as companies have moved to the cloud, their workers have gone mobile and they have brought IoT devices and OT systems online. And for each device, there are hundreds of ways to exploit them. Add in the speed at which today’s most sophisticated attackers work and it is nearly impossible for security teams to keep up. Fortunately, security teams can access analytics and automation to improve their operations.
Option 1: DIY
If an organization decides to add an automation solution to their DIY operations, they are responsible for incorporating it into their day-to-day operations. More broadly, they remain directly responsible for the people, processes and technology underlying their security posture program. For example, they must choose and manage a broad range of tools spanning cybersecurity technologies that integrate into their security posture solution like: vulnerability management, endpoint detection and response (EDR), IDS/IPS tools, a threat intelligence service, a security incident and event management (SIEM) solution and possibly more.
The advantage of this approach is that they will see productivity benefits while maintaining direct control over their security operations. They continue to have an in-house infosec team that is in-tune with, and invested in, the business. In-house cyber security teams typically develop a deep understanding of the business. Not only do they know the underlying hardware and software, but they also know faces and names of the stakeholders that security depends on to manage cyber risk.
Option 2: MSSP
On the other hand, with an MSSP security teams eliminate the tasks of selecting the best methodology and technology for threat detection and response and maintaining the security technology stack. Organizations that choose to partner with an MSSP outsource monitoring and management of security systems to a team of seasoned security experts. The team can start to focus on strategic security projects while the MSSP handles the day-to-day monitoring and management of their security environment. That MSSP team can also move their security posture to include 24/7/365 “follow the sun” monitoring and management coverage.
The main disadvantage of an MSSP is the lack of control. Security teams now partner with the MSSP to protect their digital assets. Of course, choosing the right MSSP and implementing measures such as a detailed SLA can help mitigate this challenge.
Balbix and The Flexibility to Choose
Which way you ultimately go will depend on your specific circumstances. Do you prefer the control of the in-house option or the partnership that an MSSP can offer?
Whether you decide to keep it in-house or get an MSSP, Balbix can help you improve your cyber posture and connect your security operations to the business. Balbix helps organizations improve visibility of their attack surface, reduce financial risk and improve productivity of their security operations. If you are interested in continuing to manage your own security posture, you can visit our website to learn more about the Balbix platform and the use cases we support.
If you are considering automating your security posture with an MSSP, look into our recently announced partnership with Microland, a global MSSP, and leader in the 2020 Gartner Magic Quadrant for Managed Network Services. Microland has incorporated Balbix’s platform into its managed security services to monitor organizations for vulnerabilities and other security risks and manage the remediation of identified issues.
As part of the offering, Microland will leverage its existing global IT infrastructure in the Americas, EU, MENA, and Asia-Pacific region. The partnership allows security teams to better utilize their existing IT and security investments to reduce their attack surface and confidently give their leadership visibility into their organization’s security posture.