IDC’s recently released five-year (2018-2022) Worldwide and U.S. Comprehensive Security Services Forecast projects that the overall worldwide market will reach $69.6 billion in 2022 and will grow at a CAGR of 9 percent during the period. Of all four segments, managed security services is the largest and fastest growing – capturing 32.2 percent of the market by 2022 at a CAGR of 10.2 percent – outpacing IT consulting, systems integration, and education and training. So, to what can we attribute this growth and what does this mean for organizations and service providers? While there are many factors, there are two main drivers behind the increasing reliance on managed security services:
1) Growing complexity and fragmentation within security operations. Cisco’s 2018 Security Capabilities Benchmark Study, 46 percent of security professionals said they used products from 11 or more vendors, up from 28 percent the prior year. And as the number of vendors increases, so does the challenge of orchestrating alerts from these many vendor solutions. When security teams can’t orchestrate and understand the alerts they receive, legitimate threats can – and do – slip through the cracks. On average, 44 percent of alerts are not investigated and of those investigated and deemed legitimate, nearly half (49 percent) go un-remediated. Security teams need more bench strength – knowledge and personnel. But with a significant cybersecurity talent shortage, hiring and retaining skilled security professionals will remain a significant challenge for the foreseeable future.
2) A staggering volume of incidents as threats evolve. New, self-propagating, network-based threats like WannaCry and Nyetya demonstrate that an active and unpatched workstation is all that is needed to launch a ransomware campaign. Human interaction is no longer required to infect a device or system. Supply chain attacks are also increasing, largely driven by digital transformation that is expanding the scope of the third-party ecosystem. These are just two examples of how threats and vulnerabilities are evolving to infiltrate networks. Not only must security teams more effectively address alerts, they need a flexible and varied security strategy that includes patching, segmentation, third-party risk management, and more. And they must be prepared when attacks happen, with a comprehensive and swift response.
As these drivers increase the demand for managed security services, they are also redefining what managed security services should encompass.
Managed security service providers (MSSPs) entered the market at a time when security teams needed help maintaining the health of their security devices and responding to tickets. However today, the old model of keeping up with alerts and conducting initial triage isn’t enough. Security professionals must respond to hundreds, if not thousands, of alerts a day, while also proactively identifying threats that have breached the perimeter and containing and remediating them quickly. Easing the burden on security teams, managed security services are now evolving to managed detection and response (MDR) services that include security monitoring, advanced threat detection, and incident readiness and response.
Security monitoring holds the key to detecting attacks faster – the true indicator of security effectiveness. MDR service providers offer an end-to-end service that includes the tools and expertise to quickly separate non-events from serious events. They focus on finding high-fidelity tickets that reduce false positives and correspond to evidence of malfeasance. Through continuous monitoring and investigation along with full packet capture, they eliminate security blind spots and detect incidents with greater accuracy in order to contain an attack, target mitigation, and remediate quickly.
IDC highlights advanced threat detection capabilities as highly effective in helping enterprises take a proactive approach to finding threats that get inside the network. Among the capabilities mentioned is threat hunting which requires deep inspection of potentially breached systems and looking across wide ranges of historical data to find malicious activity not identified by traditional alerting mechanisms. MDR service providers have access to big data platforms to collect and store massive volumes of data, real-time threat intelligence, and advanced analytics to find and accurately confirm malicious activity quickly. This allows for proper containment and actionable recommendations for remediation (i.e., remediate these specific devices, update policies and controls to block specific types of files or behaviors, contact the FBI, etc.)
Incident readiness and response can’t be accomplished by dusting off that plan that was filed away somewhere or placing an emergency call to the support service listed in the plan. To proactively mitigate cyber risk and the associated pain and expense when an attack happens, enterprises need to regularly practice and refine their plan to strengthen defenses and improve cyber hygiene. MDR service providers can supplement internal resources with skilled security professionals who have the IR expertise to help take an IR plan to the next level. Through table top exercises, simulations, and war games, activities include identifying vulnerabilities, simulating the attack, and testing detection and response.
IDC’s current forecast projects an average increase of 16 to 19 percent year over year in 2018 and 2019 from the previously published forecast. It’s safe to assume that as managed security services continue to evolve toward managed detection and response, projections will continue to rise. And, more importantly, security professionals will feel greater relief as the burden of proactively detecting and managing increasingly sophisticated and elusive threats is lifted.