Specifications for IT security service providers
Faced with increasingly complex threats, IT security teams in companies of all sizes are sooner or later overwhelmed with the task of ensuring the security of data, applications and processes. But what help do they need? What is the requirement profile of a managed detection and response (MDR) service provider? And how does an IT security service and its external security experts improve the security situation in companies?
What IT security managers expect from managed detection and response is shown by the results of interviews with responsible persons in the USA and Canada conducted by Bitdefender and the Enterprise Strategy Group in August 2022. Jörg von der Heydt, Regional Director DACH at Bitdefender comments on the study from a German perspective: "A very similar picture emerges from the interviews with German customers. The spectrum of requirements for MDR service providers is similarly broad, as is the motivation for considering an MDR service. What they all have in common, however, is the fact that skilled employees - i.e., IT security analysts and specialists - are becoming increasingly difficult to obtain and retain, while the number and complexity of attacks are continuously increasing. At the same time, the dependence on digital, i.e. IT-supported processes, is increasing. A dilemma that can probably only be solved by the increased use of managed security services." The following sections summarize the findings.
1. many IT teams start out planned in managed detection and response
MDR is not an emergency measure in many cases. Most of the respondents-57 percent-said that upcoming security audits prompted them to work with MDR vendors. Forty-seven % wanted to review and manage vulnerabilities. Only 39 % each acted specifically to defend against or mitigate an event, detect security-related incidents, or recover IT systems and digital processes after an attack. Thirty-seven %s were concerned with defending against a network intrusion or responding more extensively to a security event. Around one in three (33 %) hoped for help in pre-sorting and prioritizing daily alerts.
When asked about their motivation, it is clear how urgently the security executives surveyed need help to address both the scaling of IT security and the increasing attack surface and complexity of attacks. 41 % of study participants assumed that external security professionals could do a better job of cyber defense than their in-house teams. This is a remarkable finding, given that, after all, many companies participated that, given their size, should have their own qualified security team. Equally high was the proportion of respondents seeking a more scalable operational model for their IT security. 37 % implicitly admitted that they did not have the security tools and systems they needed to execute their cyber defense processes. However, the following motivations are also interesting:
- 29 % purchased MDR to purchase cyber insurance.
- 27 % were unable to commit the security and expertise needed for IT defense internally.
- 27 % did not see cybersecurity as their core competency and therefore outsourced it.
- 18 % demanded the protection even after hours.
2. cloud workload protection is a high priority, but all attack vectors require attention
On the one hand, the study participants are looking for help in protecting complex IT landscapes. But even for basic defense technologies, those responsible are not much less likely to hope for external help.
Customers expect an MDR provider to protect cloud applications (53 %), followed by public cloud infrastructure (50 %). Competence in assessing cloud workloads for vulnerability (46 %) and private cloud also play a role (43 %).
But traditional endpoint protection also remains important. Vulnerability analysis at the endpoint is what 43 % of respondents expect from an MDR service provider. Almost equally important are the protection of identity and access rights (41 %), endpoints (40 % ) and server workloads (39 %).
3. customer knowledge and customer proximity required
When selecting an MDR provider, customers demand an MDR provider that offers enterprise-specific services. Therefore, for 49 %, the ability to support existing security tools and technologies played a role. 39 % of study participants required industry-specific knowledge of the threat landscape in their industry. After all, more than one in five (21 %) also required a regional focus.
Accordingly, the companies want a close customer relationship in addition to the classic competence factors. 38 % consider better involvement in the defense (better engagement model) as a motive for considering other service providers. 29 % of the respondents indicated that for them the desire for a decided contact person could be a reason for switching MDR providers.
In general, companies prefer to work with an MDR provider for the long term. 61 % worked with their current partner for three or four years, 21 % even for five years or longer. However, many companies also employ multiple MDR providers: 46 % two, 34 % three or even more partners.
4. comprehensive competencies desired
Only a minority of security professionals surveyed expect full coverage of the attack surface by MDR service providers. Only 31 % require external service providers to monitor 76 to 100 % of the attack surface. However, 42 % require protection of 51 to 75 %. Key areas to be monitored include cloud workloads (67 %), the network (66 %) or DevOps including application security (56 %), and the Internet of Things (51 %).
5. MDR is a multifaceted task
If you ask IT managers about the results of an MDR commitment, one result initially seems less than spectacular: only 42 % were able to significantly reduce the rate of successful attacks on their company. Ultimately, however, even that is a remarkable result. After all, attacks to which the cybersecurity analysts of an MDR provider respond in a Security Operation Center (SOC) are usually of a more serious nature. Moreover, this may also be an indication that classic defense technologies such as anti-virus and endpoint protection offer a pedestal contribution against the opportunistic, automated and apparently numerous attacks that are still important. Another 42 % attested to a significantly improved security program. 77 %s nevertheless see MDR as a strategic operational partner. One in two benefited from the security experts' know-how.
But tangible effects also play a role: 38 % met compliance requirements with MDR, 38 % reduced IT security operational costs, and 32 % reduced their cyber insurance policy amounts. And last but not least, 35 % reduced the stress level of their internal security team.
Source: Bitdefender