Managed security services Providers (MSSP) and threat intelligence
June 8th, 2016
Managed security services (MSSP) are becoming more popular with enterprises who rely on them for managing their security apparatus. In the near future we expect to see MSSPs add Threat intelligence collection and assimilation as a key service offered to their existing clientele.
What is an MSSP?
Gartner defines Managed Security Services (MSSPs) as "the remote monitoring or management of IT security functions delivered via shared services from remote security operations centres (SOCs), not through personnel on-site" (here )
MSSP market and growth
Fuelled by fear of ever-evolving hacking techniques, the burden of purchasing and maintaining costly technologies and an acute shortage of manpower, enterprises are increasingly choosing to outsource their security operations. It is not surprising, therefore, that the international Managed Security Services market is predicted to reach $29.9 billion by 2020, growing by a CAGR of 15.8% (according to Allied market research).
Reasons for MSSP adoption and Uses
In a recent survey conducted by Forrester, over half of the participants identified the evolving nature of internal and external threats and the complexity of cyber security as a challenge they face daily. The participants are using MSSPs in the following ways:
- 57 % are rely on MSSP to provide 24/7 IT systems monitoring
- 45 % use MSSP to provide threat detection and intelligence
- 41 % use MSSP to provide technology assessment and analysis
Innovation in the MSSP Space
MSSP is a mature market with common services offered by most including: monitoring and management of firewalls or intrusion prevention systems (IPSs), intrusion detection systems (IDSs), security gateways for messaging or web traffic, security analysis and reporting of events collected from IT infrastructure logs, incident response, and more.
In order for an MSSP to offer a new technology or service , the said service must adhere to both technical and commercial criteria.
Firstly, the technology or service must to be operable from a remote or cloud formation, thus allowing rapid deployment and ease of use. It must display evident improvements for a customer, such as: less alerts, reduced manpower requirements to handle security or provide visibility into areas which were not covered by traditional technologies. In addition, it must address a real need and improve features that the organisation finds difficult, expensive or irritating to handle. The real silver bullet (in MSSP terms) is the ability to offer extra services as an upsell to its clients, leveraging the new technology to increase the revenue per customer.
With this in mind, it’s no wonder that many MSSPs have added, or intend to add, threat-intelligence to their repertoire. It is an essential service which most customers are lacking, and a source of frustration for many customers, due to a lack of skilled personnel to digest it. It is extremely feasible to provide intelligence from remote-all; the intelligence is gathered outside of the organisation's firewall, so the physical location of the intelligence production is irrelevant (in fact, most threat intelligence services are consumed today in a SaaS format).
It is very easy to demonstrate the relevancy and value of tailored intelligence to customers who are seeking such services, which only serves to invite MSSPs to introduce additional resources. As more and more MSSPs begin to offer intelligence services to their customers, it will be interesting to see how these services will fit into their existing repertoires, and how much value they will provide to their customers, who are, ultimately, seeking peace of mind and enhanced security.
Stay up to Date!
Subscribe to the blog to stay up to date with all the latest industry news and updates from IntSights.