If you’re a Chief Information Security Officer (CISO), you’ve been there. It’s three o’clock in the morning and you get a call from your Managed Security Service Provider (MSSP) that there’s been a security incident involving your organization’s IT stack. The MSSP needs you to rouse your engineers and get them on the phone to coordinate a remediation.
Under the traditional security management model, this scenario is par for the course—but clearly, it’s far from ideal. In fact, the inefficiencies of this particular scenario reveal a set of fundamental flaws with the traditional enterprise security model. In this post, we’ll examine how the traditional security model works, why organizations accept it in spite of its flaws, and how the Integrated SecOps Model is engineered to work better on both technical and organizational levels.
The bolt-on tradition
Prior to the Integrated SecOps Model, IT and security services were discrete and inherently uncoordinated. Typically, a firm would hire a Managed Service Provider (MSP) to deliver network, application, and infrastructure. However, security is typically not the specialty of MSPs, so a separate MSSP specializing in security is brought in and bolted on. The MSP and MSSP are separate organizations, and consequently, neither understands their customer’s entire environment.
Coordinating remediation of serious security incidents is complex and business-critical, yet the traditional model waits until an incident has happened before building the holistic view of the IT environment needed for remediation.
Organizations bolt on solutions like security services because IT services are constantly evolving, both in the industry and in terms of individual firms’ adoption. Once an ecosystem of bolt-on solutions is adopted, the sunk cost in terms of time, effort, and expense can keep organizations feeling tied to imperfect, unwieldy solution sets.
Integrated SecOps: the bolt-on antithesis
In an Integrated SecOps model, any enterprise landscape and related applications managed by a firm like Protera have security services built into the basic offering. Nothing is bolted on. As a result of inherent integration of security services, security resources work hand-in-hand with IT operations staff (either at Protera or at the customer company) in a Shared Responsibility Model. Shared Responsibility means that Protera’s services, both in theory and in daily practice, are an extension of the customer’s own teams.
Integrating into the customer’s environment and applications gives the MSP an unprecedented understanding of the entire customer landscape and business processes. The MSP understands what each customer server is doing and its expected behavior, allowing the MSP to start taking action immediately because it already understands what’s going on across the entire stack.
Why doesn’t everyone move to Integrated SecOps?
The most substantial barriers are the sunk cost issues discussed above. However, these barriers can be overcome with minimal disruption to operations. The solution goes hand-in-hand with the Shared Responsibility Model: Integrated SecOps is never a replacement, it’s an extension. The process of adoption can be gradual and work within the framework of an organization’s existing solutions. Protera’s goal for Integrated SecOps is for the customer to get complete transparency into what Protera is doing as an extension of the customer team.
In the earlier stages of adoption, a customer’s existing MSP and MSSP can continue to do the legwork to solve big issues that arise while Protera handles the initial triage, investigation, and remediation, going as far up the IT stack as needed.
If an organization has incumbent security tools, an Integrated SecOps plan with Protera will eventually migrate to services that integrate best into our processes. To effectively evaluate the impact of existing sunk costs, it’s important to be aware of how much time is left on current licenses. Protera works with customers to build an adoption plan built around the timeline for when existing licenses expire, or upgrades are needed to provide an uninterrupted journey to the benefits of Integrated SecOps.
Total visibility is good for the workforce
If you have existing security resources, teams connected with those resources don’t want their work to go into a “black box” where they have no visibility. Related to this, there’s also always a concern about job security.
With the Shared Responsibility Model, existing security teams have a completely open view into what Protera is doing. This transparency is critical at this moment because it allows CISOs to sleep at night. In addition to handling initial triage, investigation, and remediation before the 3:00 AM phone call, CISOs can trust through visibility that their security provider is doing what it needs to be doing.