Gartner lists SecureLink as a top Managed Detection & Response provider
The Gartner Magic Quadrant is an established indicator in many areas of IT. In fact, it is already an important hurdle to be noticed by Gartner at all (especially beyond the wild Atlantic Ocean). The SecureLink Group has now managed that, thereby reaching another milestone on the way to becoming the leading security services provider in Europe. The local member of SecureLink, responsible for the area of Germany, Switzerland and Austria, is iT-CUBE SYSTEMS.
In the latest Gartner report, SecureLink is listed as a top provider of Managed Detection & Response. Earlier this year, PwC identified SecureLink as a leading provider of managed security services as well. SecureLink consists of a merger of companies in Belgium, Denmark, Germany, the UK, the Netherlands, Norway and Sweden. This alliance employs more than 500 security experts and operates five Cyber Defence Centers (CDCs), from where the Cyberhunter teams monitor and defend their customers’ systems.
Perfect defence remains an illusion
The threat situation continues to develop dramatically. It is no longer sufficient to roll out virus scanners and to regulate the flow of data via a packet-based firewall. A bullet-proof proactive defense is practically no longer possible. This makes fast detection and response (D&R) to cyber incidents a top requirement. Thus the focus has shifted: the aims are to quickly detect attacks and take countermeasures before the data is gone. Both require highly specialized tools and skilled, experienced experts to use them. Even the current hype about machine learning does not invalidate the fact that ultimately it is still human intelligence which decides upon defeat or victory in the cyberwar.
Where have all the experts gone?
It sounds obvious, but this fact incorporates explosive potential: experts do not grow on trees. Qualified Cyberhunters with experience are scarce, hotly coveted – and expensive. Also a strategic, multi-stage defence does not build up by itself. To evaluate the right tools for the (company-specific) best mixture of monitoring, endpoint security, log management, automatic countermeasures, honeypots, sandboxes and the like is a science in itself. In the end, everything has to be match up smoothly in order to offer maximum security. No easy task, even if you have a reliable system integrator at your side.
The fact that smaller companies shy away from this considerable investment is comprehensable. So what to do if you do not want to risk a fallout in IT security, but you have to stick to a reasonable ROI for your budget?
IT-Security as a subscription: Managed Security Services
Time to get aboard this train, as it’s already gathering speed. According to the McAfee Threat Report (Dec 2016), nine out of ten companies already use some form of internal or external CDC or Security Operation Center (SOC). This makes sense in a number of ways: the costs are more predictable and overall lower than they would be when building up your own comparable system. The effort to test and evaluate safety products is basically eliminated. As a bonus, service providers such as SecureLink can provide their services 24 hours a day, 7 days a week, on request. After all, hackers rarely stick to the usual office times as well.
Hence managed security services have become a common and viable solution for the “problem zone” IT security.
Even corporate CDCs seek assistance
Another finding of McAfee is that the distiction between in-house SOC procedures and to entirely external are evidently dissolving: 64% of the companies surveyed indicated that they frequently use external support services from managed service providers in one way or another. The top priority for further development is seen by the surveyed companies in the expansion of response capabilities. This is logical, as 93% are not able to track all relevant events due to the flood of monitoring data. Expertise is therefore urgently needed.
So the new magic word is: Managed Detection & Response as a supplement for in-house security.
Conclusion: “Make OR Buy” becomes “Make AND Buy”
The most critical tasks in cybersecurity are the rapid detection of attacks and immediate defences being triggered. Even companies with their own SOC get support from external professionals as Managed Detection & Response. In fact, clever CISOs ask themselves: “Can I increase the performance of my security department by expanding my own capacities or is it worth outsourcing D&R to service providers?”
This question should not be answered once-and-for-all with “make” or “buy” any more – really clever CISOS raise that question on a daily basis.
Image: ©iT-CUBE SYSTEMS AG 2017