What is outcome-based security?
Interviewee – Christine Bejerasco, former WithSecure CTO
Outcome security is many things to many people. When it comes to our MSSPs, the term is laser-focused on their business targets and goals.
We have to ensure that cyber security is an enabler of business outcomes rather than a hindrance. In other words, how can we help our partners grow and hit their targets?
What does outcome-based security means for managed security service providers?
If we strip back the role of a managed security service provider, the purpose of their existence is to service different organisations which need cyber security so that they don't have to staff it themselves. For instance, the SOC (Security Operations Center), incident response, and different software that will be implemented – such as Elements. By combining these factors, they can then build a unique and tailored SOC on top of all that telemetry and, if there is an incident, sell customers an incident response service.
So, how does WithSecure Elements fit into this puzzle? “The beauty of Elements is Elevate to WithSecure, in which you can add another layer of support. If you are unable to handle an incident – whether you don’t have the time or capability – you can simply hand it to the WithSecure team at any given time,” says Christine Bejerasco, WithSecure’s Chief Information Security Officer.
As a business outcome, this can help our MSSPs to maximise the number of customers within their company without adding to the headcount. Essentially, this allows them to augment their team at the push of a button.
This can solve the problem that many of our MSSPs have, in that a large organization may approach them and ask questions such as, “how big is your SOC?” or “how many people can you dedicate to our account?”. As a result, they may decide that you do not have the capabilities or capacity to service their needs. This could be a showstopper if the MSSP does not have the backing of a trusted provider.
What about end customers?
End customers have one main focus: staying safe from cyber threats. This starts with deploying proactive protection capabilities and runs all the way through to responding and containing incidents quickly. Take the large company we just talked about. Their business outcome, for example, could be to increase customer trust over the next year because they have recently suffered a breach.
With EDR, a partner may have five people in their SOC, but Elements allows them to bring in our managed detection and response to help out immediately. All of a sudden, you go from a team of, say, five people to a larger team that has experience protecting a broad range of companies around the clock. This also goes for incident response as well.
“Everyone’s outcomes can align – if done properly. The business outcome you are looking for as an MSSP is to become an end customer’s solution through a third-party solution. At WithSecure, we can provide a solution for our MSSPs that augments their offering, which in turn helps their customers,” Bejerasco continues.
What else should outcome security entail?
If you end up with a number of different vendors and, therefore, products, then it boils down to you as an MSSP to gather the data points and make sense of them. The issue then becomes the noise that they all make. False positives and different types of detections that various EDR products spew out can cause fatigue within a small SOC.
“The value of Elements is that the combination of EDR and EPP capabilities builds a broader context that shows different detections over different timeframes, which then creates one broad incident story. This weeds out the noise and individual detections that may be outside the context of the story, enabling the workforce to instead focus on the series of detections that form an incident. This then links back to your main business outcome: creating higher gross margins and a more efficient workforce for managed service security providers,” Bejerasco confirms.
What makes WithSecure unique?
“Well, that’s an easy one: our products and services provide a continuum, no matter where the organization is in its cybersecurity journey. If they are starting out and would like to know and test how to build secure systems, we have consultants who can help. If they are deploying security technologies to help protect their organization, we have products that we deliver through partners. Further, if they have suffered a breach, we have incident responders. We are a partner for each stage of an organization’s cybersecurity journey,” Bejerasco says.
Here, your SOC can Elevate to WithSecure. However, if there has been a proper breach then this same MDR team can contact the incident response team sitting beside them and initiate IR immediately.
By also minimizing the noise and turning detections into incidents, there is much less data for our MSSPs to analyze. This means they don’t have to constantly put out fires and can instead read the story and understand it in incident-sized portions.
“All of this leads to our partners being able to service their customers as well as possible and, in turn, grow their organizations without adding to the headcount or increasing overheads. This is a win for everyone and is the very essence of co-security,” Bejerasco concludes.
Partner success services
WithSecure™ cyber security experts offer easy & reliable technical support with cyber security advice and products tailored to your business needs. Learn more.Read more