What You Should Expect from a Next-Gen MSSP
Travis Abrams is the CEO and Founder of CyberPeak Solutions, a next-gen MSSP that helps organizations plan, build, optimize, and implement cybersecurity solutions. He was interviewed by Mike Epplin, the systems engineering leader for the Southeast at Respond Software. If you’d like to watch the video, click here.
Mike: What is a next-gen MSSP? What makes a next-gen MSSP?
Travis: A next-gen MSSP utilizes more automation and technology for monitoring their clients’ environments. Just as we have seen endpoint and network technologies embrace AI and machine learning technologies, similar technologies can now monitor large amounts of events to better identify real threats from false positives. We embrace DevSecOps type methodologies. Next-gen MSSPs are also more likely to implement a proactive risk-based approach versus waiting for an event to trigger and then respond to it. They are working to reduce the risk of a breach.
Mike: How do companies benefit from a next-gen MSSP?
Travis: Companies can benefit by lower false positives in the alerts they receive, quicker more accurate alerting, and potential cost savings since staffing levels generally do not need to be as high.
Mike: We also see MSSPs struggle with hiring security talent as they continue to grow. If you do want to scale your business, the challenge is hiring and training the team to support those new customers. How does CyberPeak stand out from the list of MSSPs?
Travis: Cyberpeak grew natively from a professional services company into a managed services company. This means our team has a very strong background in the best practices needed to ensure the clients' technologies are optimized. By then adding Respond Software’s virtual analyst we can provide more efficient and detailed threat monitoring. We also ensure the client technologies are kept up-to-date with the latest capabilities and features. CyberPeak is a technology-focused company and our team reflects that. Often time security monitoring is less of a science and more of an art, and when humans make decisions, there can be bias. With machines, your monitoring becomes much more consistent.
Mike: With humans, an incident may occur late in the afternoon, but the analyst may have to take their kids to soccer. Distractions and your life come into play in the decision-making. With software, you don’t need to worry about that. You’re teaming humans with machines, so you’re getting the best of both worlds. What are the cybersecurity challenges small to medium businesses face?
Travis: Small and medium-size companies used to think they would be ignored by hackers because they were small, but in reality, they face the same threats that all companies face but their greatest liability is they cannot afford to hire a staff of security experts. When you combine the shortage in skilled security practitioners and the cost to hire and maintain the staff, if you can find them, it creates the perfect storm of risk. The threat actors do not care if you do not have the budget or if your internal teams cannot agree on the best strategies. They will and do continue to exploit this weakness.
Mike: Small and medium enterprises have unique challenges. What should they be doing?
Travis: A lot of companies have basic security controls: firewalls, web proxies, etc. Implementing best practices does not always mean needing large budgets. What they often don’t have is security monitoring. Effective monitoring is one of the greatest enhancement businesses can add but doing this with only traditional tools like SIEMs will result in alert fatigue and frustration. Monitoring is critical to any security plan but needs to be coupled with next-generation technologies like the Respond Analyst so that your team isn’t overwhelmed, and true threats can be identified, false positives reduced, all without a large increase in staff or budgets.
Mike: Alert fatigue is real. When SIEM technology started moving from early adaptors to common in the marketplace, a company I worked with had an individual who would show up for work during the night shift and the first thing they would do every morning would clear out all alerts. They were overwhelmed by the number of alerts, most of which were false positives. The thought behind this was if an alert was a real problem, they would see additional alerts. Of course, the company was eventually breached.
Mike: How can these organizations afford to hire an MSSP within the constraints of a tight budget?
Travis: Cyberpeak focuses on identifying the true need for each organization and by leveraging technologies we can create custom solutions for each client. We don’t force them into new technology. We’ll work with what they have. This allows the client to get the level of security they need while meeting their budget requirements. We do not require all clients to fit the same mold because we know they have different needs. By using the Respond Analyst, we can keep our costs down and pass those savings on to our clients. We can close those gaps and build in more proactive monitoring. During this work-from-home period, we have to work with clients to be flexible. If people are not on the corporate network, we won’t be receiving as may firewall alerts. We need to capture more endpoint logs. We have to help our customers adapt to the changing times.
Mike: Many customers are moving to AWS. How do you help customers with that migration? How do they get the most bang for the buck with their investment?
Travis: We will see more remote work and cloud offerings in the future. The focus should be on access control. Most of the breaches occur from inappropriate access to cloud services. You also need effective logging of your in-house and cloud-based environments. Where to get started? That depends on every organization but focuses on less critical systems, so you understand what you're doing and how it's working. Don't start with the important application to your business if it's your first entry to the cloud. We tend to focus on the more complex scenarios, but the weakness is typically in the basic controls. Effective logging and monitoring are critical to good security.
Mike: How does the partnership with Respond Software help CyberPeak complete its mission?
Travis: Respond Software is focusing on solving a problem we have had in the industry for a long time. That problem is alert fatigue. While most clients envisioned that when they hired an MSSP, they were getting something from NASA's mission control with hundreds of monitors and hundreds of people watching their systems. It was more often than not, a hand full of analysts. The MSSPs understood that most technologies were generating too many events than could be realistically monitored by humans. They often solved this problem by pricing their services based on “use cases.” They essentially only monitored a subset of the events that were being generated. The Respond Analyst allows Cyberpeak to effectively monitor all the events being generated by using machine learning technologies and capabilities. This also allows us to identify more complex threats that may not generate a large number of events in a customer’s security tools. Generally, most troublesome attacks are low and slow. You have to find the attacks that occur during uncommon off
Mike: How can smaller security teams be more productive? What are some examples you’ve seen?
Travis: Automation, visibility into the network, enhance what you have and fill in the gaps
Mike: How are your customers benefitting?
Travis: Many of our smaller customers have never been able to afford managed security services. We have been able to provide them with effective managed services and become an extension of their teams at a price they can afford. Our other customers are realizing we have been able to enhance their security well beyond their previous MSSP by providing more focused and customized offerings.
With a SIEM, your team has to do content writing and a lot of tuning to maintain it. With Respond we can stream all the events and eliminate a lot of that tuning, and it finds the real incidents in that noise, so we free up our consultants' time to work on other important projects for our clients and focus on reducing risk proactively.
Mike: Where can organizations who want to learn more about CyberPeak go?
Travis: Visit Cyberpeak.net or email [email protected]