alphaspirit - Fotolia
The threat landscape is more daunting than ever. Cybercriminals are using automation to scale up the number and frequency of their attacks. The attacks themselves are being perpetrated in stages over weeks or months, making them tougher to detect. And the growing complexity of environments has eroded organizational control of the network to the point it feels impossible to defend.
Cybersecurity solutions that combine tools with the services to manage them -- like managed security services providers (MSSPs) or Managed Detection and Response (MDR) -- have emerged as viable solutions to address these problems, but there is a lot of confusion about what they are, and what benefits they offer. The situation is complicated further by the fact that some traditional MSSPs are renaming their existing solutions as MDR, while others are adding services ad hoc to cobble together something like an MDR offering.
This lack of clarity makes it exceedingly difficult for organizations to differentiate services that offer true MDR outcomes from those that don't, or to effectively evaluate the benefits of one MDR service against another. A simple solution would be to develop standards and testing to help organizations compare services options objectively.
Standards and testing for cybersecurity solutions providers
This idea is hardly novel. For close to a century, Consumer Reports has performed unbiased testing on a range of products and delivered results in the form of reviews and "bake offs" to help consumers assess each product's safety and performance. Similarly, the magazine Good Housekeeping has long independently tested consumer products through its Good Housekeeping Research Institute, identifying those that pass muster with the iconic Good Housekeeping Seal of Approval.
Independent testing has plenty of precedent in the enterprise technology world, as well. Organizations like NSS Labs and ICSA Labs compare and contrast antimalware, firewalls, endpoint protection and other security solutions, simplifying the customers' purchasing decisions with recommendations and certifications. And analyst research reports like the Forrester Wave and Gartner Magic Quadrant evaluate and rank vendor solutions based on a range of criteria including technical strength, go-to-market strategy, company viability and more. Similar approaches to appraising cybersecurity offerings that combine a services component would be a great advantage for organizations looking to harden their security.
The challenge of testing cybersecurity services
While the industry has decades of experience testing individual security point solutions in a silo, there is currently no testing model for a solution that includes a holistic mix of products and services. Any testing methods would have to be able to take into account this larger integrated framework of tools rather than looking at each product separately.
Rather than evaluating just technical speeds and feeds, as would be fitting for a point solution, effective services testing would need to evaluate solution features in a much broader way. Services testing might evaluate metrics like:
- What does the solution detect?
- What surfaces does it protect?
- Is the service giving me more insights, the right visibility and guiding me adequately?
- Are the responses accurate and effective based on that guidance?
- What is the length of time to detect a breach?
- What is the quality of the notification process?
- What are the health monitoring capabilities of the solution?
But before we can develop a testing method for something like MDR, we first need to establish some consensus around the core elements required for something to be considered MDR. Currently, there are as many unique mixes of products and services advertised as MDR as there are vendors. Without a universally accepted definition of MDR, offerings must be evaluated based on the outcome that MDR should provide -- a reduction of the likelihood or impact of a successful attack.
The need for independence and credibility
Establishing standards is the first part of the issue. The second is guaranteeing credible, independent testing. People rightly view reports and evaluations from cybersecurity vendors with skepticism. Not all testing methodologies are equally robust or transparent. For a test of cybersecurity solutions that include tools and services to have value, it must be conducted by trusted, independent third-party organizations.
A clearer picture of MDR's value
With market demand growing, there are an increasing number of vendors claiming to offer MDR. Companies want to add MDR to their security plan, but they don't know what to look for or how to distinguish true MDR from underdeveloped or incomplete offerings. Standardized requirements and evaluations for cybersecurity solutions that combine tools and services will help filter out the pretenders and enable apples-to-apples comparisons of vendors who offer true MDR outcomes so organizations can understand which is best for their environment and challenges.
About the author
Rohit Dhamankar is vice president of threat intelligence at Alert Logic. Dhamankar has over 15 years of security industry experience across product strategy, threat research, product management and development, technical sales and customer solutions. Prior to Alert Logic, Dhamankar served as vice president of product at Infocyte and founded consulting firm Durvaankur security consulting. He holds two Master of Science degrees, one in physics from the Indian Institute of Technology in Kanpur, India, and one in electrical and computer engineering from the University of Texas.