<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2975524&amp;fmt=gif">
BLOG

The 7 Things You Need to Know About MSSP Utilization

August 30, 2016

Why do so many of the world’s businesses wait to engage a managed security services provider (MSSP) until after they’ve experienced a data breach?

A new study by the Ponemon Institute consists an in-depth survey of almost 2,000 IT professionals around the world.

The thrust of the surveys was to gain perspective on how MSSPs were used, and how they fit into their business strategies. What emerged were seven key ideas, summarized here.

1. Show Some Muscle

MSSPs are frequently used because they help businesses look stronger. This stronger security posture can help deter potential attackers. Still, most businesses don’t act on this except as a reaction to an attack.

2. Offense or Defense?

Most MSSPs have historically dealt with responding to data breaches rather than proactively hunting for them and preventing them. Although this trend is changing, it’s still the standard for 84% of the MSSPs employed by respondents.

3. Working Together is Better

The ability of different IT systems and software applications to communicate, exchange data, and use the information that has been exchanged is key to the success of an MSSP. This interoperability with security intelligence tools such as SIEM emerged as the most important element to respondents.

4. Get Added Insights

Most respondents believe that MSSPs offer a more holistic view of the external threat environment than they could have on their own. Monitoring a large number of security events from a global customer base gives a large MSSP access to a bigger picture that can be leveraged for insight into the environment of each individual organization.

5. What You Don’t Know Might Hurt You

Many respondents already working with an MSSP admitted that their provider identified existing software vulnerabilities that were older than 90 days. These weak spots were ones the organizations had no knowledge of until then, so they were essentially sitting idle, waiting to be exploited.

6. From The Motherboard to The Boardroom

Although IT departments have historically managed MSSP relationships, that trend is shifting. More and more, business units are engaging MSSPs directly. This may be because MSS services are being recognized as a key element of an organization’s competitive advantage.

7. The Veil of Secrets

More than half of the respondents admitted that they don’t use MSSPs because of a lack of visibility into the provider’s IT security infrastructure. If they can’t see how it works, they don’t want to use it.

 

Download Maximizing Visibility!

There’s more to the report, including conclusions, recommendations, and methods. These 7 key ideas reveal, however, that the old ways of conducting cyber security are quickly becoming obsolete in the face of more and more sophisticated attacks. The trend toward threat hunting and proactive prevention is one that will continue, if only due to necessity. 

In order for enterprises to secure themselves against emerging threats, they need to continue marshalling resources before a breach occurs. That means selecting an MSSP that possesses effective tools for analyzing data. Garland Technology produces a wide range of network TAPS that allow MSSPs to break out granular information and see every bit, byte and packet®.

 

For more information on how MSSPs make use of Garland Technology in order to bulk up enterprise security, check out our white paper on Maximizing Visibility: Understanding the Role of Network TAPS, Packet Brokers and Hybrid Solutions.

See Everything. Secure Everything.

Contact us now to secure and optimized your network operations
Contact Us

Heartbeats Packets Inside the Bypass TAP

If the inline security tool goes off-line, the TAP will bypass the tool and automatically keep the link flowing. The Bypass TAP does this by sending heartbeat packets to the inline security tool. As long as the inline security tool is on-line, the heartbeat packets will be returned to the TAP, and the link traffic will continue to flow through the inline security tool.

If the heartbeat packets are not returned to the TAP (indicating that the inline security tool has gone off-line), the TAP will automatically 'bypass' the inline security tool and keep the link traffic flowing. The TAP also removes the heartbeat packets before sending the network traffic back onto the critical link.

While the TAP is in bypass mode, it continues to send heartbeat packets out to the inline security tool so that once the tool is back on-line, it will begin returning the heartbeat packets back to the TAP indicating that the tool is ready to go back to work. The TAP will then direct the network traffic back through the inline security tool along with the heartbeat packets placing the tool back inline.

Some of you may have noticed a flaw in the logic behind this solution!  You say, “What if the TAP should fail because it is also in-line? Then the link will also fail!” The TAP would now be considered a point of failure. That is a good catch – but in our blog on Bypass vs. Failsafe, I explained that if a TAP were to fail or lose power, it must provide failsafe protection to the link it is attached to. So our network TAP will go into Failsafe mode keeping the link flowing.

Glossary

  1. Single point of failure: a risk to an IT network if one part of the system brings down a larger part of the entire system.

  2. Heartbeat packet: a soft detection technology that monitors the health of inline appliances. Read the heartbeat packet blog here.

  3. Critical link: the connection between two or more network devices or appliances that if the connection fails then the network is disrupted.

NETWORK MANAGEMENT | THE 101 SERIES