For state and local agencies, the obstacles to better cyber security are stubbornly persistent. Over the last five years, an annual survey by the National Association of State Chief Information Officers has found that the top three barriers cited by state officials have remained the same: Insufficient budget, inadequate staffing and the increasing sophistication of threats.
Those challenges are exacerbated by the widespread adoption of cloud computing and other technologies that introduce new risks that must be addressed, further taxing agencies’ already limited resources.
Symantec's managed security services (MSS)—which provide 24x7x365 security monitoring powered by real-time security analytics on a subscription basis—offers a new approach, enabling agencies to strengthen their cyber posture while maximizing security spend and augmenting in-house security staff when budgets are tight and the ability to find and hire talent is difficult.
Three overarching issues are driving adoption of MSS in state and local government, including:
- Cloud adoption. In recent years, many agencies have invested in cloud-based solutions, seeing them as a way to bring in new services without having to take on the cost and headaches of building and managing the underlying infrastructure. But those solutions, while they might not reside on premises, are still an integral part of an agency’s enterprise—especially from a cyber perspective. Agencies need to have visibility across their cloud-based solutions, with the ability to detect, track and respond to threats just as they do for on-premises systems.
- Stealthier attacks. Cyber attacks are getting stealthier, making them more difficult to detect by traditional tools. One trend is the use of “living off the land” tactics, in which hackers use pre-installed system admin tools as an entry point into a system. This tactic has been around for many years, but its use is on the rise. According to Symantec’s 2019 Internet Security Threat Report, there was a significant jump in activity with a number of tools. For example, the study found a 1,000 percent increase in malicious PowerShell scripts blocked at the endpoint. Because these tools are trusted, it often takes a long time to recognize that something is wrong. That’s a challenge when cyber teams are already stretched thin trying to deal with more known threats.
- Data overload. Today’s enterprises generate a wealth of data that, in theory, can be used to uncover suspicious anomalies and potential threats. But the volume of data can be overwhelming, making it difficult to sift through and prioritize threat data. According to research by the Enterprise Strategy Group, 50 percent of organizations collect 6 terabytes of data each month to feed their security analytics tools, but they are only able to investigate 1 percent of the critical alerts. Consequently, data breaches often are not discovered until long after they occur, giving malicious actors more time to do damage or to make lateral moves into other systems.
MSS: A New Approach
MSS changes the cyber equation. Symantec Managed Security Services is a comprehensive, advanced threat detection service that is built on a close partnership between our MSS analyst teams and our customers. Together, we build a security monitoring program that is tailored to an organization’s specific issues.
Because we segment our MSS offerings by industry and geography, our customers work with teams who understand the unique threats in their environment and who can work with their in-house staff to address the demands of their daily operations.
Our MSS offerings also give customers access to the expertise of 500 cyber professionals working in six SOCs around the globe. Our cyber experts gather intelligence by monitoring 175 million endpoints and 95 million attack sensors, giving them real-time insight into the larger threat environment, accelerating a customers’ ability to detect and mitigate emerging threats across their entire enterprise, whether on-premises or in the cloud.
Finally, MSS helps agencies to manage their cyber budgets more effectively. Because MSS is a service, not a product, it shifts cyber spending from capital expenditure to operational expenditure, which typically is more predictable. It also makes it easier to adapt to changes in operations or requirements: Rather than buying new equipment and hiring new experts, an agency simply modifies the terms of the agreement.
Ultimately, it all comes down to the return on investment. MSS is not a work-around for agencies who find themselves short-staffed and under attack. It is a strategic approach to driving more value into an agency’s existing cyber operations and positioning the agency for better security in the long term.