Staying ahead of the threats

Rather than adopt a set-and-forget mindset, managed security service providers work in partnership with the companies they protect

Richard Ford, group technical director of Integrity360

If there’s one trend that defines the managed security service space, it’s that few companies can handle security on their own. Unless you’re a large company, you’re going to need assistance in some form as the rate of change and the scope of risk out there mean managed services are a necessity.

Richard Ford, group technical director of Integrity360, says this means companies who avail of his firm’s services have high expectations of what they’re going to deliver.

“They’re not looking for a set-and-forget service, they’re looking for a true SOC service where they have a security partner that’s catering for their operational security needs and has their back at all times,” he explained.

“There’s always the challenge that we need to keep up with [changes]. People go to a managed security service provider because of their expertise, and they’re providing an increased level of protection that not many can produce in-house or in a cost-effective manner.”

That means one of the significant challenges managed security services can face is keeping up with the threat landscape. Through a mixture of good practices, processes, services and technologies, they have to deliver it across different customers and verticals.

The sheer amount of responsibility required for security means it’s up to services such as Integrity360 to cover all bases from vulnerability management to security operations centres. That means not just offering these services but constantly updating and upgrading them to stay a step ahead.

“One of the biggest mistakes that gets made quite often [by regular companies] is having a set-and-forget mindset,” he said. “That’s something we can’t do as a managed service provider because we’re not going to be providing the same level continuously if we never make any service improvements.

“There’s an ongoing process where we’re constantly improving our capabilities to keep present with the threats and give our customers the wide level of assurance and security they require.”

You only have to look at situations like the recently discovered vulnerability with Windows XP and 7, which saw Microsoft release a security patch for operating systems that have been discontinued, and with WhatsApp to know that security problems are never too far away.

Having a managed security service allows businesses to take much of the pressure of security away from them. Part of the reason you partner with one isn’t just for protection but to avail of expertise and knowledge.

“Rather than a managed security service provider to which you just outsourced some responsibilities, it’s signing up to a managed service provider and security partner that work hand in hand,” Ford said.

“One of the things that we do as we’re working with our customer base is build up business context and knowledge. As we’re dealing with threats and incidents, that gives us a great advantage so we know exactly what’s important to that customer - we have that old document, the old books and playbooks for that customer.

“We are truly a partner for them - and it’s not a set-and-forget mentality, because we need to be evolving services and evolving our processes with our customers.

“Right now, one of the challenges for customers is that there’s huge digital and business transformation going on with cloud adoption, whether it’s IoT, mobility . . . The parameters disappearing, businesses changing rapidly - we need to make sure our service isn’t fit for that point in time, that it’s evolving and growing, so that the level of security they expect us to be delivering is being delivered, day in and day out.”

While it is a challenge to run security across multiple different industries and verticals, the major advantage Integrity360 has as a managed security provider is economy of scale. That is, it has the necessary staff numbers, processes, experience and technology to deal with different-sized companies and verticals.

It is necessary considering that most businesses would be lucky to hold onto one or two security personnel who could not possibly keep up to date with all security disciplines.

“It’s multiple levels of expertise,” said Ford. “One of our key points is having various [staff] that are experts in multiple security disciplines so when we need certain expertise, we can call upon the people in our business to have that level of expertise.

“We don’t expect people to be a Jack of all trades and master of none - if it’s down to you or one or two people in the business, you’re going to be spread very thin.

“One of our advantages is we can have people who stand in our cyberthreat intelligence team and their job is to identify and understand threats. You’re processing threat and intelligence data. For most organisations, trying to do that restructure around the security threat landscape is extremely difficult when there are operational security needs but also project and development needs that need to be addressed.

“[That’s] where a service provider can come in and sets itself apart from an in-house security team.”