Our Key Takeaways from Forrester’s APAC MSSP Market Research Report

Forrester – one of the leading technology research firms – recently released a report to help organizations understand the value they can expect from Managed Security Service Providers (MSSPs) in Asia Pacific region. The report, Now Tech: Managed Security Services In Asia Pacific, Q4 2020, places each vendor into a category of either Pure-play providers, Managed IT providers, Consulting firms, or Telcos.

CyberProof has been included as a “pure-play provider” – a category recognized as having a high capability level in security expertise, remote multi-tenant monitoring and administration, analytics and reporting, orchestration and automation, and roadmap product flexibility.

Our Key Takeaways:

We believe the following points that Forrester covers in this report demonstrates the critical role MSSPs will play for their organizations within Asia Pacific, as well as the key factors you should consider when evaluating your options.

1. Alleviate stress and pressure in the SOC by partnering with an MSSP

Alert fatigue continues to plague security analysts due to huge volumes of security log and event data being generated by multiple point technologies and an outdated approach to correlating and centralizing the information that matters. Forrester notes that 78% of SOC staff say that their work is very painful and 67% suffer from information overload.

We believe that security orchestration and automation will continue to be key components that help Level 1 and Level 2 analysts speed up repetitive, manual tasks.

At CyberProof, we leverage our investments in next-generation SOC capabilities such as our smart virtual analyst, SeeMo, to help analysts accelerate detection and response by automating activities such as alert enrichment, incident investigation, reporting and the execution of pre-defined response playbooks. Ultimately, this enables staff to focus more on strategy and innovation.

2. Access the MSSP’s investments in specialized skill sets

Customers should leverage an MSSP as the interface for bringing the people, processes and technologies that can help achieve their goals. Here’s how they can help:

Technology – The provider has done the work of evaluating various innovative technologies and has selected those that can help future-proof their customers’ defences. This means your team doesn’t have to spend time doing the same thing. Before speaking to an MSSP about this, be sure they have a clear understanding of your ecosystem to avoid any unnecessary expenditure and prioritize investment.

People – With the threat landscape constantly evolving, you need to access skills that are agile enough to adapt to these changes. If you already have a core SOC team in place, consider adopting a hybrid engagement model that enables you to augment your team with specialists in areas such as Incident Response, Managed Detection and Response (MDR), Threat Hunting, Threat Intelligence Monitoring, Vulnerability Assessments etc.

Process – Without implementing sustainable and effective processes that a team can comfortably maintain, the investments you make in people or technology will only cause more complexity. Adopting processes that are aligned to industry frameworks such as NIST is a good start but isn’t as simple as using it as a template for your organization – your business needs tailored processes that fit your architecture and unique goals.

At CyberProof, we develop and implement tailored attack scenario use cases for our customers and provide access to these in a catalog we call the Use Case Factory. These use cases consist of prevention controls, detection rules and response playbooks and are developed in line with the customer’s incident response procedures. We map them to the MITRE ATT&CK matrix as well as our own threat intelligence-driven vulnerability assessments to continuously and automatically optimize defences.

3. Get clarity on service deliverables and how the MSSPs’ experts will work with your teams

Forrester notes that CISOs should be clear on what MSSPs are expected to do and should ensure that they can deliver the necessary services. This is a common issue found when adopting an outdated managed services engagement model due to the ‘black-box’ approach still used today by some providers where there is little to no visibility into operations or processes being carried out by the MSSP on the customer’s estate.

To combat this problem, organizations should consider working with an MSSP that adopts a hybrid engagement model – a form of outsourcing that enables the provider to work as an extension of the customer’s team and reduce siloed working. Essentially, a hybrid engagement involves the following key traits:

Providing transparency – Leveraging a service delivery platform that can be used by the customer to provide on-demand visibility into the day-to-day SOC activities and processes being conducted.

Facilitates easy collaboration – Having a real-time communication channel, such as ChatOps feature, that enable your internal team to collaborate with both internal stakeholders and the providers’ domain experts.

Service delivery engagement – Push the MSSP to provide a dedicated team that ensures high-touch service delivery, manages the relationship, and facilitates recurring customer value workshops to ensure agreed-upon KPIs are being met.

To Summarize – The Varied Level of Maturity in APAC Requires a Flexible MSSP

According to Forrester’s report, the varied maturity of organizations in APAC has spawned different types of leaders – from more transformational CISOs to those who are limited to dealing with day-to-day operations. Consequently, this suggests security leaders should prioritize MSSPs that can customize their delivery approach, pricing, and operating model based on your unique challenges. Entering into a managed security services agreement is a strategic move which requires clarity from both sides regarding what to expect from this partnership and how it can flex to meet the changing requirements of the customer.

Working with a provider that brings a hybrid approach – a model that encourages clear communication, transparency of operations, and an integrated team – will ensure you are not outsourcing control along with security but rather enabling your existing SOC team to continuously optimize their cyber defenses in an agile way.