The global cybersecurity skills shortage won’t ease anytime soon. In fact, there’s ample evidence to suggest that things are getting worse (more on this point soon). So, what can organizations do to bridge the skills gap? Rely on service providers for help.
Now In the past, few organizations considered managed security services for endpoint security. Why? Endpoint security translated to antivirus, so organizations purchased software from a leading vendor (i.e., Kaspersky, McAfee, Sophos, Symantec, Trend Micro, Webroot, etc.), installed the software on their PCs, and then tasked the IT operations staff with the day-to-day care and feeding of AV. In other words, AV software was as close to a “set it and forget it” technology as you could get.
This situation changed quite a bit over the past few years, however, due to things like targeted attacks, fileless malware, ransomware, etc. As a result, VCs and technology companies responded to new threats with new technologies for threat prevention, detection, and response.
The combination of new threats and technologies changed endpoint security technologies into a defense-in-depth architecture comprised of multiple products requiring resources and skills for day-to-day operations.
Since many organizations don’t have the right level of skills and resources for new endpoint security requirements, they are naturally turning toward managed security service providers (MSSPs) for help. According to ESG research, 50% of organizations surveyed are using an MSSP for some aspect of endpoint security today, 23% are planning to use an MSSP for endpoint security within the next 24 months, and 12% are interested in doing so sometime in the future.
Which types of managed endpoint security services are they using or interested in using?
- 38% are using or planning to use managed DLP or ERM services. This interest is likely driven by the impending GDPR deadline in May 2018. Good news for Digital Guardian and others.
- 37% are using or planning to use managed services for advanced anti-malware/anti-threat. So, these companies either can’t or aren’t willing to make the transition from turnkey AV software to new types of technologies for threat and exploit prevention. FireEye as a service comes to mind, while Webroot is working with multiple MSP partners to capitalize on this opportunity.
- 35% are using or planning to use managed services for endpoint detection and response (EDR). This is no surprise as EDR requires some advanced analytics skills and a well-organized SOC. CrowdStrike has a bullseye on this opportunity but others like Carbon Black, Cybereason, and Morphick are also considering, building, or delivering managed EDR.
- 25% are using or planning to use managed services for threat hunting. Again, this is a discipline that requires experience and skills. Endgame plays here along with SecureWorks and Trustwave.
Many of the vendors mentioned offer multiple services, not just those I highlighted.
Given the changes in endpoint security requirements and the trend toward managed services, I believe that leading endpoint security technologies will feature three dimensions:
- Endpoint security functionality options like threat prevention, DLP, EDR, managed threat hunting, etc.
- A consumption model for all endpoint security functionality that ranges from on-premises through staff augmentation to full managed services.
- Central command-and-control for configuration management, policy management, monitoring, etc., across all functionality and all consumption models.
Large organizations will then pick and choose the functionality they need and the consumption model that is most appropriate for different locations, and then manage the whole enchilada with a central staff of compliance, IT operations, risk, and security folks. For example, a large organization may deploy layers of endpoint security software at its corporate HQ but select managed security options for remote locations. It will then configure and operate everything from a central portal.
It’s clear to me that few organizations have the resources or desire to take on every necessary security task themselves anymore. This means that they will look for partners who can takeover pedestrian security tasks, or supplement onsite activities in areas requiring advanced skills. Endpoint security services fit both descriptions so they will likely grow significantly this year and beyond.