Video Screencast Help
Cyber Security Group

Changing Threat Environment Requires MSSPs to Adapt Their Approach

Created: 19 Apr 2011
SDP's picture
0 0 Votes
Login to vote

 

Note: This is the first in a series of blog postings by Steve Parrott, Director of Product Management for Symantec MSS regarding the on-going evolution of the security marketplace and customer threat environment.

--------------------------------------------------------------------------------------------------------------------------------------

One of the things that I am always asked by customers of Symantec MSS is how the MSS environment will evolve over the next three to five years. While most CISOs understand the threat environment of today, what keeps them up at night is trying to understand the threat environment of tomorrow and all of the implications and risks. And customers are desperate to understand. They are literally being attacked from all sides, constantly, and with tremendous potential for ever greater losses of information, money or reputation. With risks being as high as ever, the question is often how can Symantec MSS help them understand the evolving threat space and respond better.

For me, the key to responding to these challenges is not simply finding more  incidents (we’ll have to do that too), but helping customers to understand the prioritization and action that comes with greater context in the incidents we find. To understand this statement better, it is helpful to remember that historically, MSSPs have been judged by the number of incidents they generate. While every MSSP has had their own particular angle to the story, generally speaking, the “success” of a MSSP was directly related to the number of pieces of malware they found for a customer…and often little else.

That model has worked for years, but is truly showing its age. It isn’t that we shouldn’t create an incident based on finding a piece of malware or vulnerability, it is just that it is no longer enough to tell a customer that they have that piece of malware and leave the prioritization, action, and resolution to the customer. Customers are asking much more of their MSSPs. In particular, they don’t just want to know that we found 25 infections of various types and flavors, but instead, want to know which infection they are most at risk for and need to respond to…now.

While that seems like an obvious statement, the challenge lies not in the nature of the infection, but instead, in the way an infection may impact the business and environment that the customer is engaged in.  In other words, customers care less and less about how *bad* a piece of malware is, and more and more about how that particular piece of malware could impact them, their business, customers, and networks.

Take Stuxnet for example. Stuxnet did tremendous damage to certain certain infrastructure and critical process control systems and made headlines worldwide. But if your business is in healthcare…or financial services…Stuxnet is probably not your greatest worry. In fact, maybe some other malware is a much bigger threat.

So how are we solving this evolution in the threat environment? Well, context. Context is key. And in later blogs I will write about the various ways in which Symantec MSS is providing that context to customers.