It’s no secret that security teams are feeling beleaguered as a result of the barrage of data, events, and alerts generated by their security tools, to say nothing of the increased budget scrutiny and constrained staff resources that continue to plague cybersecurity practitioners.
The trick is finding the right balance between how much internal teams have to accomplish themselves versus how much they can cede to managed security service providers (MSSPs).
Historically, success in security operations (SecOps) was measured by how quickly teams could react to incoming threats; but the sheer number of alerts that require humans-in-the-loop to determine the accuracy and severity of security events make it nearly impossible for teams to keep up. Additionally, the number of tools deployed in a given organization today – to say nothing of the complexity required to make those tools work in concert – means reacting alone won’t get the job done anyway.
Unfortunately, many MSSPs don’t do enough to relieve customers of noisy alerts without expensive consulting agreements, which puts the burden to evaluate and remediate incidents back on already strapped in-house teams.
Traditional approaches have the added disadvantages of being too siloed, too slow, too antiquated for cloud environments, and too convoluted to demonstrate their value. Analysts at a leading research firm predict that within the next 12-18 months, 33% of organizations that currently have internal security functions will attempt and fail to build an effective internal SecOps because of resource constraints such as lack of budget, expertise, and staffing. Analysts further expect that within the next 12-18 months, 90% of internal SecOps will outsource at least 50% of their operational workloads – which makes choosing an MSSP you trust of paramount importance.
MSSPs enable ..
Support the originator by clicking the read the rest link below.