Today, Cynet releases the Security Outsourcing Guide (download here), providing IT Security executives with clear and actionable guidance on the pros and cons of each outsourcing alternative.
The reason for security outsourcing increasing momentum is that unlike traditional IT, cyber threats evolve at a much faster pace.
While relatively not long ago, AV and firewall covered most of the standard organization's cybersecurity needs, today no security posture can be considered complete without a certain level of incident response capabilities, alert prioritization, root cause analysis and forensic investigation – and security professional that are sufficiently qualified in this domain both are hard to find as well as costly to retain.
But the challenge is not only in manning an active breach of emergency mode style positions. Even the ongoing operation and day to day management of monitoring and detection products is not trivial.
Discerning between an alert that indicated a potential systemic risk and an alert triggered by a minor IT misconfiguration is far from trivial, and the challenge intensifies when recalling that many small and mid-sized organizations rely on their IT staff to part-time manage their cybersecurity without a dedicated team in place.
In fact, even the most initial setup of the security stack introduces potential difficulties. What products or technologies should be prioritized as core components? Would it be EDR or Email Protection? Is monitoring user activities on cloud apps more important than protection from fileless malware?
The fact is that the lack of textbook answers to such questions is a problem for many security decision-makers, making it a small wonder that numerous outsource alternatives are offered today by MSSP, Systems Integrators, IT Service Providers, and MDRs.
The Security Outsourcing Guide walks its reader through the wide range of outsourcing alternatives, as well as points out the unique characteristics that would make a certain organization a better fit for each.
The Companion divides security outsourcing to three families:
- IR Oriented: this family includes outsourcing only IR related activities and features a wide range of variance from mere monitoring and notification through remote assistance and guidance to full forensic investigation and remediation activities. In terms of business models, it could be retainer-based or on-demand, Typical service providers of these families are MSSP and MDR.
- Ongoing Management Oriented: this family applies to organizations that would rather that even the continuous operation of their prevention and detection technologies will be carried out by a more skilled team and is mostly found among organizations with little security expertise and without a dedicated security team. Here, as well, there are various flavors that can range from management of just the more advanced detection and monitoring tools to full management of the entire security stack. Typical service providers of these families are MSSP, MDR, and MSP.
- Design and Set-Up Oriented: that's the widest family in terms of outsourced functionalities and includes end-to-end outsourcing of the decision what product to choose and install, how to integrate them together, and which threats should be prioritized in terms in what products to invest. Typical service providers of these families are MSSP, MSP, and System Integrators.
In addition, the guide dedicates a chapter to the more common role of the Virtual CISO or vCISO – an individual that has typically gained a rich security background holding positions at organizations with mature security posture and has thus acquired significant knowledge on cyber technologies and services. As a result, he\she is in an optimal position to advise less mature organizations – often without a CISO themselves how to tailor the best fit security for their needs.
Download the Security Outsource Options Guide here.