There seems to be somewhat widespread agreement among industry experts that the future of the security industry is tied to two main things:
- Rapidly advancing technology, such as AI, machine learning (ML) and cloud solutions and
- Managed services. Consumers want access to the latest and greatest technological solutions, yet want to consolidate, as much as possible, the number of providers they must work with to obtain access to those technologies. As the other articles in this forum have outlined various tools, solutions and practices that can allow for security providers to offer a best-in-class managed service portfolio focused on delivering those “next-level” services and technologies that can improve decision making, response and customer outcomes, we thought it best to include some research and material from industry experts. The following material is sourced from industry analysts and service providers that we feel directly supports many of the topics we have written about previously in this space.
TSIA’s George Humphrey writes in The State of Technology Services 2023 that “managed services are one of the top three growth engines within the tech industry. Customer success within the managed services space will gain scope at a drastic rate compared to years past. This is not perspective; this position is based on historical industry trends. The approach to customer success in the managed services industry has historically been focused on retention and renewal.”
Humphrey goes on to state that “the managed services industry is currently experiencing one of the most unique transformational stages since the creation of the industry. If we look at the evolution of managed services, there have been four significant transformational stages that have shaped the managed services Industry:
- The Inception (late 1990s). Outsourcers seek business models that allow for the ease of economic consumption. This combines with consumers seeking risk mitigation against largescale outsourcing models. The managed services provider (MSP) industry is born.
- The Technology Lift (early 2000s). The industry develops software, network, and infrastructure capabilities to allow for remote connectivity and management, launching what is considered the traditional and mainstay offer in the MSP community, remote monitoring and management (RMM).
- The Cloud (the teenage years). Public cloud consumption begins to rise, changing the requirements of consumers, from traditional infrastructure-based offers toward managed hybrid cloud offerings. This drives a significant trend of portfolio rationalization among successful MSPs.
- The Consolidation (late teens). The merger and acquisition activity for MSPs is accelerated, and private equity firms take a stronger interest as the MSP industry is legitimized. This legitimization has occurred in response to the industry traversing through the first three transformational stages.”
Humphrey continues by stating that “as we continue to consider the evolution of not only the industries and the companies, but also the evolution of products and offerings, we must realize that in the world of technology, companies are moving from being technology operators and technology integrators to being solution providers. Very quickly companies in other verticals took note. It is no longer acceptable to simply supply a device or a product or a service that has a function and a predicted benefit while leaving the realization of that benefit to the responsibility of the consumer. The consumer expects more; they expect the solution to be realized (most of the time instantaneously) by the mere act of acquiring the services of the provider.”
Humphrey’s research, as well as that of Gartner below, furthers the arguments made in previous articles of the need for providers to offer solutions that go beyond the normal expected service levels, as well as the need to have an organized, holistic approach to creating the best managed service program for your organization.
According to Gartner’s Emerging Trends: Future of Security Services whitepaper “the security service landscape is rapidly evolving, and there are several forces driving change and impacting the security service space as a whole. On one end of the spectrum, technology vendors, which historically provided technology to service providers, are creating vendor-delivered service wrappers (VDSWs) around their own technology. On the other end of the spectrum, buyers are now looking to consolidate providers and shift operational delivery of internal business outcomes to third parties through managed services.
This transition from point-in-time activities to recurring services will apply to the SI and VAR communities as technology vendors increasingly look to deliver more as-a service offerings, and the SIs and VARs also look for more predictable annuity-based income streams.”
Gartner sees four factors driving the significant shift across the security service landscape:
Vendor delivered service wrappers.
- The convergence of managed services, managed security services (MSS), and pureplay managed detection and response (MDR) providers.
- Security consulting organizations, value-added resellers (VARs) and system integrators (SIs) seeking annuity-based services over point-in-time engagements.
- Increased differentiation in the form of use-case-based outcomes is having a significant impact on buyers’ choice of providers.
Gartner also believes “VDSWs will cut across most security segments as technology vendors create one or more tiers of managed service deliverables around their technology. Technology vendors creating VDSWs seek to standardize processes and efficiencies around the vendor’s technology to standardize outcomes delivered by the technology, including maximizing opportunities to leverage AI. VDSWs allow service providers to accelerate time to market with new services while reserving the option to move those services in-house in the future with those investments front-end loaded by previous sales.”
“Data platforms are increasing features and functionality, either through organic development or acquisition, to offer more holistic solutions that address use cases for multiple parts of the business. This affords service providers the opportunity to deliver on business outcomes throughout the organization. Buyers may invest in a solution or ask service providers to bring technology, which often includes a single platform delivering multiple capabilities, such as:
- Data analytics
- Asset management
- Behavioral detection
- Security information and event management
- Threat intelligence
- Security orchestration automation and response “
Gartner’s report surmises the following:
- “Technology vendors will continue to move from strictly delivering technology to offering an optional monitored, co-managed, or outsourced level of service delivery.
- Service providers will continue to move from strictly consulting, reselling, and integrating technology and managed services to combining the disciplines, by way of partnering, internal service maturity, and merger and acquisition (M&A) to deliver use-case-based outcomes aligned to end customers’ desired internal business outcomes.
- End customers will shift focus from primarily delivering internal business outcomes to delivering external business outcomes for new business models.”
Parks & Associates’ Chris White outlines a few key challenges for security event response in his Zero Response Time whitepaper.
White states, “Upon notification of an emergency, first responders need time to respond. At best, a first responder arrives in the middle of the event and must assess the situation to take the appropriate action. In the case of break-in and theft, a police officer must determine if the intruder is still onsite and, if so, confront the offender. In another scenario, first responders show up late and miss the intruder altogether. The only action, in this case, is to determine the property loss and write a police report for the property owner's insurance company. The system worked exactly as it was supposed to but failed to prevent property damage or loss.”
The challenges White discusses above are readily addressed by solutions outlined in our Beyond Monitoring article earlier in this forum. Namely Immix’s enhanced dispatch solutions with partners like IncidentCo. And RSPNDR, designed to create a faster, safer, and more efficient response, as well as the Immix investigation solution in conjunction with Captis, which can immediately identify a suspect by name using face matching technology against the world’s largest private database of open-source criminal files provided by county, state, and federal agencies.
Deloitte’s internal security team advances the argument for advanced automation solutions by addressing the key challenges and solutions for the future of managed SOC services in its Future of the SOC whitepaper, which directly supports the evidence given in our Automating the Automation article.
Deloitte states, “Solutions envisioned in the 1980s, 1990s, and 2000s would have turned out productive had the problems remained static. But here’s the rub: the junior SOC workforce is taught to apply the same analytical techniques as in the days when weekly log reports were manually scrubbed, and logs were measured in megabytes.
What has changed is more fundamental than the entrance of cloud technology. It's the role of technology in fighting the falling rate of profit. Simply put, while technology in the 20th century helped automate repeatable tasks, the role of technology in the 21st century focuses on the automation of repeatable cognitive processes, in other words—of decisions. Otherwise, automation would take care of the routine tasks, but the amount of non-routine tasks—those that require thinking —would still overwhelm the available human analysts. It is business imperative to make the right decision faster than the competitor.
Identify opportunities to incorporate AI and ML to develop anomaly-based alerting. As organizations continue to rapidly expand, SOCs should consider AI/ML to accelerate their understanding of what constitutes “unusual behavior” throughout their different enterprise technology stacks. AI/ML models, when applied correctly and ethically, can serve as accelerators for foundational baseline monitoring and empower analysts to investigate more meaningful events.
Machines will be needed to deliver better data to humans, both in a more organized form (stories made of alerts) and in improved quality detections using rules and algorithms — all while covering more emerging IT environments.
What needs to be done and what can be done realistically? While many will say automation is the answer, SOC automation today is predominantly focused on automating the routine tasks (enriching logs with context and threat intel), as well as automating some remediating actions (with the decisions to do so largely remaining in human hands).
Indeed, the 20th century brought task automation, which is essentially an industrial revolution of “alert manufacturing”. It was meant to relieve humans from mundane tasks like looking up an indicator on numerous websites and internal repositories. And you know what? It actually did—at least for SOCs with highly mature and automated processes. However, people at such SOCs are still overwhelmed.
The 21st century must conquer the next frontier for automation —automating the decisions and some of the related cognitive processes. While some vendors already promise that today, the operational reality of today’s SOC does not support this claim.
Therefore, relief can come from the next level of automation— that of decisions—and of humans maintaining their focus on the hardest tasks.”
Deloitte notes three key initiatives to make the above possible:
- “Use intelligent tools to empower collective decision making.
- Design, implement, and automate tested and proven processes.
- Form an ecosystem of smart people within and outside of your organization.”
In summary, the industry experts agree that managed services, paired with advancing technology solutions, are the cornerstone for the future of the security industry. Both technology and service providers stand to benefit greatly if they are able to properly build a scalable managed service portfolio that delivers next-level services and positive outcomes to end customers. Utilizing the right tools and solutions that can help streamline the methods and operations by which those services are delivered will be essential to the success of those organizations.