The cybersecurity landscape has evolved over the last five years, which has meant cybersecurity partnerships and providers have adapted to ensure what they are offering is relevant. Two major milestones that have assisted the evolution of the cybersecurity domain were:

• Covid19 – Businesses had to evolve the technical aspects of their infrastructure to allow people to work from home efficiently and safely.
• Cybersecurity Insurance – Carriers established a very specific set of technical requirements to gain insurance.

Where is the industry now?

Within the last five years, companies’ adoption of security has been slow and indirectly conducted. Next-generation security technology such as Firewalls and or Endpoint Detection and Response (EDR) agents were typically added into organizations due to contract renewals of legacy services or due to third party requirements, many of which were combined with managed services. It is estimated that 50% of the U.S., market is utilizing managed security services today.

Prior to the adaption of these services, many organizations witnessed daily attacks such as worms, viruses, and basic phishing attacks. Majority of these have been eliminated with the help of next-generation technology which has created a false sense of security, these events were to be expected when connected to the internet and were easily eradicated due to basic functionality of next-generation features. Note these events should not be confused with actions conducted by a hacker targeting your organization. The modern hacker is an educated person who understands what actions to take to gain access to an environment and will do everything possible to stay in the shadows. This means they know how to avoid alerting the perimeter edge technology, but they cannot stop creating events that can be detected by Managed Detection and Response (MDR) Services that utilize eXteneded Detection and Response (XDR) functionalities.

The direction of the market is why SilverSky has adapted this exact model to have all our services combined with Managed Detection and Response (MDR) to enable holistic security and shine some light on the hackers hiding in the shadows.

What do you look for in a Supplier Technically?

With the adaption of security being more forthcoming and most companies already having security services within their environment the key functions they  would look for are Flexibility, the ability to scale, and Advance Alerting Analytics.

Flexibility

As stated most organizations already have security technology whether that be good or bad, they have invested money into perimeter edge service and typically want to see the contract through. This means from a supplier perspective any services sold need to complement any of the 300,000 different combinations of security services already in place enabling SIEM ingestion and security monitoring. This is important to note as security monitoring should be conducted on all aspects of the business and not just the technology that can be supported by the supplier. This makes it harder for the supplier to guarantee the client there are no blind spots that can be taken advantage of, but that is the nature of security, you either holistically support all of the environment or you are not delivering full security monitoring.

Secondarily to ingesting, is the analytical mechanisms that are applied to the data received. This is gauged by asking your supplier if the data sets are mapped to a common naming schema with enrichment or if they have different rule sets per technology brand. The prior obviously being the better of the two as it enables new technology the ability to inherit seasoned analytics and it also is a more efficient mechanism from a management perspective which suggestively means if there are issues, they are singular and easily fixed.

Ability to Scale

It is concerning how quickly the evolution to Managed Detection and Response will be adapted with an estimated 1-2 years for most of the market to buy into these services. This means that suppliers today have the possibility of doubling if not tripling in size within two years. While SilverSky has taken 23 years to get 4000 clients, which sounds almost impossible to double down in a tenth of the time, we believe this is a very realistic expectation and have taken technological enhancements in our MDR stack to ensure growth is an easy endeavor that does not solely rely on us having more people.

Therefore, it is very important to ask your supplier what their strategy is to grow their organization to complement the increasing number of clients they serve without impacting the service they deliver today. This is a growing concern between trusted advisors to ensure they are not advising a company that can only guarantee a few months of quality service or even worse not protect a company and sees them get hacked.

Advance Alerting Analytics

Perimeter edge technology provides preventative capabilities, but they do not stop a hacking attempt. With a hacking scenario that hacker still has access or has managed to deploy an agent that has left residue in the environment that needs to be found, cleaned up, and or potentially rebuilt.

eXtended Detection and Response (XDR) is the action of taking telemetry data from the environment (network, endpoint, AD, DC, Email, and vulnerability scanner to name a few) in conjunction with the events fed from the perimeter edge technology and mapping it against common attack frameworks while maintaining an active memory of the event’s history in the environment by an entity to identify trends, abnormalities, attack sequences, and irregular events. This enables detections to be correlative using feeds over multiple sources, assessed over long periods of time enabling low and slow events to be easily detected or first-time thresholds to be brought to the attention of the security team to review earlier on in the attack making the response nature easier and therefore require less investment time from both parties which also compliments the efficiencies needed with a growing organization.

It is very important to have a supplier that does not solely rely on the alerting from Perimeter edge technology and even more importantly does more than correlation against threat feeds. Everything after the perimeter is a response, the earlier you respond the safer your client is. The response is a compliment to the detection.

What do you look for in a supplier strategically?

Partnerships should be bi-directional with opportunities as well as communicationally, although not always guaranteed many suppliers should make efforts to enable the following functions to enhance the partnership:

• Regular communications – to evaluate all active engagements and new potential opportunities
• Training – A strategy on how to work together and document items that need to be established and updated regularly
• Growing the Business – Close deals by supplying a service that regularly meets the needs of the client
• Know the C-Suite – The supplier should create a relationship of trust and transparency between both organizations

Who provides your security?

Do you trust your supplier enough to use them? It is highly recommended to have your supplier provide you at minimum a trial of their services so you can know what your client is going to receive. Nothing sells Cybersecurity more than an advisor saying we trust this provider that much they also secure us.

Not every security provider is right for every business, but when you find one that has the future in mind and knows how to value what you bring to the table both parties should work to maintain that partnership.

Biggest takeaways:

• Cybersecurity is constantly changing – Is your suppliers?
• How is the service provided enhancing the technology deployed?
• Growth is inevitable, how are your suppliers adapting to ensure success?
• Communications are key, when was the last time you had a strategic call?