According to Transparency Market Research, the forecast value of the global managed security services provider (MSSP) market is $54 billion by 2031. This growth, driven by the increasing complexity of cyber threats, the demand for specialised expertise and around-the- clock monitoring is where services led cyber protection comes in. According to D3’s ‘2024 MSSP Survey’, the demand for MSSPs is getting larger, and mostly with enterprise and SMB customers. MSSPs are also increasing their revenue by introducing new services like virtual CISO (vCISO) advisory, although 78% of respondents still focus on 24/7 monitoring. For many CISOs, CTOs and security operations teams, detecting real threats across their entire IT infrastructure is like finding a needle in a haystack. They are often forced to piece together information from multiple siloed tools and navigate through a huge number of daily alerts.
It’s understandable, then, why Accenture’s latest Cyber-Resilient CEO report shows that 74% of CEOs are worried about their organisation’s ability to handle the impact of a cyberattack. In the same survey, 96% of CEOs say cybersecurity is critical to organisational growth, stability and competitiveness, but only 33% of respondents think they have a deep knowledge of the evolving cyber threat landscape. For these organisations, MSSPs can be a pragmatic solution to their cybersecurity needs, says Rudi van Rooyen, a cybersecurity engineer at Check Point. Because MSSPs offer comprehensive expertise and cybersecurity provisioning, they allow businesses to direct internal resources back towards core operations.
The right fit
According to Canalys, managed services represent the largest growth opportunity within the cybersecurity channel. So how do you choose an MSSP to take over your cybersecurity workload? For starters, businesses should have a clear understanding of their security goals, which should help them select the right partner.
Pragasen Pather, CIO of Sun International, believes that the technology the MSSP uses is no longer a differentiator. “The relationship and trust are the most important factors in determining with whom you partner,” he says.
Sun International has moved its security stack to Nclose. Pather says it was running a legacy environment and resourcing and skills were becoming a challenge. Nclose implemented Managed Detection and Response (MDR) and Endpoint Detection and Response (EDR) across the company’s sites, improving visibility and threat monitoring. He adds that using an MSSP has allowed it to streamline its security operations, and it’s now using Nclose’s expertise so it can focus on growing its share of the gaming market.
Bethwel Opil, enterprise client lead at Kaspersky in Africa, believes scalability is also a crucial factor. An MSSP must be able to meet your company’s changing security requirements as it grows. “A business should evaluate the MSSP’s security framework, including its protocols for access control and data handling,” says Opil.
Multiple functions
In order to identify the most effective ways to secure customer systems, an MSSP must understand a client’s security landscape, including the tools or technologies it has deployed. Businesses often become bogged down by tool sprawl and MSSPs can help by simplifying and unifying their security setup. Depending on which survey you read, the average organisation has deployed between 20 to 50 discrete cybersecurity solutions. Instead of piecing together different security applications from multiple vendors, MSSPs are opting for a Platform-as-a-Service approach. “Managing multiple security tools separately has become too complicated and risky, as it often leaves gaps that attackers can exploit,” says Aveshan Aiyer, channel manager for Check Point at Westcon-Comstor. “To manage tool sprawl effectively, MSSPs must prioritise using unified security platforms that bring multiple functions into a single platform.”
“No solution is perfect, and cybersecurity platforms require proper implementation and management. But the benefits they offer are significant and can greatly enhance an organisation’s security posture.”
Morne Vermeulen, Redvine Networks
With an increasing focus on servicesled cyber protection, platforms are gaining traction as a practical solution for organisations of all sizes. Jay McBain, chief analyst at Canalys, points out on LinkedIn that the cybersecurity industry is moving from 6 500 disparate “tool makers” to four or five comprehensive platforms. These platforms enable MSSPs to integrate vendor tools and technologies.
A single platform also provides a centralised view over security components, reducing the number of tools in use and lowering complexity. “By integrating capabilities into a single platform, MSSPs can minimise security gaps and respond to incidents more efficiently,” says Aiyer, adding that the platforms driving this shift are the ones that unify network, cloud, endpoint and mobile security into a single solution. “Platforms like Quantum Security Gateways and CloudGuard combine security functions and use AI to automate responses,” he says. So, while there was once a lot of hype around cybersecurity platforms, they’re becoming increasingly valuable because they align with the operational needs of businesses.
Morne Vermeulen, senior core engineer at Redvine Networks, says security information and event management platforms can help businesses centralise telemetry ingestion, correlate events and apply cybersecurity analytics, making it easier to manage and understand security without manually sifting through logs.
An MSSP is not a silver bullet to address all security requirements. Opil, from Kaspersky, recommends that companies maintain some in-house expertise to oversee service delivery, evaluate contract terms and ensure the MSSP’s practices meet security requirements.
“No solution is perfect, and cybersecurity platforms require proper implementation and management,” says Vermeulen. “But the benefits they offer are significant and can greatly enhance an organisation’s security posture.”
FIVE KEY FACTORS TO CONSIDER WHEN PICKING AN MSSP
• Assess the scope of services offered by the MSSP, including the level of coverage it provides in areas like threat intelligence, monitoring, incident response and vulnerability management.
• Evaluate the MSSP’s expertise and experience, ensuring it has deep knowledge in cybersecurity, including compliance standards, along with a proven track record in handling security challenges.
• Check for integration with your existing IT infrastructure and processes. The MSSP should be able to ensure that its tools and technologies are compatible with your current systems.
• Look for proactive security measures, such as threat detection, incident response and continuous monitoring to mitigate risks. This should also include advanced security operations with capabilities like MDR and Security Information and Event Management (SIEM).
• Ensure the MSSP provides compliance and reporting to meet industry-specific regulatory requirements, as well as detailed reporting on security incidents, vulnerabilities and overall security posture.
BEING AN MSSP IN AN AI WORLD
AI has a critical role to play when it comes to enhancing cybersecurity measures. Bad actors are now using AI to augment their attacks and organisations are using AI tools to sharpen their defences, like catching threats in real-time. Smaller organisations that sometimes lack in-house expertise or resources to fully deploy these complex tools are turning to MSSPs to bridge this security gap. OpenText’s ‘Cybersecurity Global Managed Security Survey 2024’ said that over 80% of MSSPs already offer AI-related security services. MSSPs rely on AI tools developed by vendors that have access to extensive datasets. The more data these vendors can access, the better their AI models become at identifying new threats and patterns.
Canalys found that one of the most important and immediate opportunities for MSSPs in AI could start with questions around Microsoft Copilot. There’s been a GenAI explosion, but businesses remain worried about security risks, such as data privacy, when using GenAI tools, even those coming from big corporates. A McKinsey report said that nearly 25% of organisations have seen inaccuracies in GenAI outputs. Blue Mantis, a US-based MSSP, has specialised in providing secure deployments of Microsoft Copilot to help clients gain more control over information access. Check Point, meanwhile, has an AI-powered platform called Infinity AI Copilot that acts as a virtual security assistant, which offers insights and recommendations based on real-time data analysis. “As a distributor of technologies, we see firsthand how these AI-driven solutions are critical for MSSPs. It’s essential for any organisation looking to strengthen their defences against rapidly evolving cyber threats,” says Aveshan Aiyer, Westcon-Comstor.
* Article first published on brainstorm.itweb.co.za
Share