MSSPs face several challenges in effectively running their operations, and subsequently providing value to their customers. For example, MSSPs’ customers are often demanding, and are concerned about their TCO.
According to Jon Oltsik, a well regarded research analyst with ESG, 30% of respondents to a survey about security operations say that their biggest concern is about cybersecurity operations is TCO1. Whether those cybersecurity operations are in-house, or have been outsourced to an MSSP, the challenge for MSSPs is how do they improve their own value-add to their existing customers to please them, and to attractive new customers.
In that same very recent survey, “...21% of respondents say that their biggest cybersecurity operations challenge is that their organization doesn’t have the appropriate skills or staff size to keep up with all the tasks associated with security analytics and operations.” This result is speaking to not only the shortage of skilled cybersecurity talent, but also to the associated problem of personnel churn.
In that same very recent survey, another “...21% of respondents say that their biggest cybersecurity operations challenge is that security alerts don’t provide enough context or fidelity…” This problem is orthogonal to the well known problem of false positives (FPs). The distinction here is the (MSSP) analysts don’t even have enough information to discern whether these alerts are FPs are not.
A solution like PatternEx’s Virtual Analyst Platform can help with all three of this challenges. With regard to customers’ desire for TCO, the Virtual Analyst Platform can search far greater volumes of log data far, far more substantial than a human analyst can. That unto itself helps to increase TCO.
With regard to the concerns about a skills and staff availability shortage, the concept behind the Virtual Analyst Platform is obviously that. In the face of human personnel shortages, our platform augments your SOC personnel with virtual analysts. Those virtual analysts are also trained by human analysts.
With regard to the challenge of “...security alerts don’t provide enough context or fidelity…,” that is the benefit of the Virtual Analyst Platform’s Autocorrelation capability. As I have written about previously, autocorrelation provides the capability to automatically explore entity relationships in parallel, using information from not only first-order correlations, but also second and even third order correlations. This allows simultaneous processing of all relationships involved in malicious and suspicious predictions. And, this allows looking beyond direct connections to find additional entities potentially involved in malicious behavior—going beyond first-degree relationships to surface entities not found by simple queries.
Interested in finding out more? Contact us to set-up a call and / or a demo.