FEATURE
possibly threat intelligence and analytics.
Using automation where possible can
create new efficiencies, and new ways to
improve efficacy of cybercapabilities.
For example, we’re seeing increased
use of AI to automate threat detection
and response and in automating some
or all of the steps needed for response
and remediation to significantly reduce
security analyst workload and shrink the
time it takes to remediate. This can make
the difference between a contained
incident or full-blown breach. Automation
doesn’t replace humans though, it
augments them.
as natural candidates to outsource;
based on cost, complexity, availability of
staff and time to value.
Vectra: Organisational learning and
contextual knowledge cannot be
outsourced. But what you can outsource
is much of the heavy lifting of security
operations with which you can integrate
your people and processes. Many
organisations, even large enterprises,
are hybrid in their security operations,
blending in-house specialists with
outsourced operations. For example, a
service provider can deliver continuous
monitoring of end points and networks,
Are there differences in how
SMEs and enterprises should
approach maximising the
efficiency of their security?
SecureLink: It is important to assess
maturity in relative terms. An SME is
unlikely to have the resources of a
larger organisation, but neither do they
have the same level of active targeting.
That being said, with the trend of
cybercriminals looking at third
party suppliers of large enterprises
as easier targets, SMEs cannot
afford to underestimate their
cybersecurity responsibilities.
Having an ongoing picture of security
maturity across the organisation
– covering people, processes and
technology and ensuring a balanced
set of capabilities to prevent, detect
and respond to threats – is key. In that
sense, the approach is not different but
the benchmarks that the organisation
sets and validates with experts, should
be realistic and achievable.
Does outsourcing reduce the
cost of security operations?
How should organisations
evaluate whether to manage their
own security or outsource it?
SecureLink: The most common way
is to assess the current operating
state, develop a target operating model
and then analyse where the gaps are.
This can then be developed into a
programme that identifies what existing
staff, processes and technology are in
place or can be adapted to fit the future
state. However, it is also important to
analyse any opportunities to outsource
a particular function or set of functions
(for example, managed detection and
response). In doing this, a detailed cost
and effort analysis can be done against
all gaps and, more often than not, there
will be functions that present themselves
50
You cannot fully
outsource security
responsibility, but
you can outsource
functions and that’s
where cost-savings
can be made.
quarantining of infected hosts and
remediation, while the organisation
maintains and operates its defensive and
access controls.
SecureLink: It often does, but this
depends on mapping the end-to-end
operating model – particularly with
managed detection and response.
You cannot fully outsource security
responsibility, but you can outsource
functions and that’s where cost-
savings can be made. However, these
savings are only realised when the
whole process and operating model is
mapped out, understood and committed
to. A common problem we see is that
customers will buy the service then
never react to it or use the information
provided. So, committing to realising the
value is vital and is where you sort out
the good MSSPs from the bad.
A good MSSP will drive that value and
will have an onboarding process that
supports this, rather than some of the
basic approaches we’ve seen such
as ‘send us all your logs’ or ‘send us
your network traffic’ and then there is
misaligned expectations on all sides. An
outsourced service lives or dies on how it
is integrated into existing operations. u
Issue 16
|
www.intelligentciso.com