Many organizations worldwide wait until they fall victim to a damaging cyber-attack before engaging a provider of managed security services, according to a Raytheon-commissioned survey of 1,784 information security leaders in 19 countries.
Two-thirds of survey respondents indicated their organizations are not motivated to engage a vendor until they experience a significant data loss from an IT security breach.
Eighty percent of respondents reported that managed security services are important to their overall IT security strategy. But the survey indicated there is room for improvement, as 84 percent say their provider does not offer proactive hunting services, even though they find the most insidious threats impacting enterprises and governments alike.
"The most concerning finding is that only 16 percent of managed security services providers today provide hunting services," Dave Amsler, president and founder of Raytheon Foreground Security, told eWEEK. "Relying on automated tools that recognize known signatures or written rules is not enough to stop the sophisticated attack that causes significant damage or data loss."
To truly minimize the damage of intrusions, the managed security service model must transition away from alert monitoring to a more proactive approach of seeking out anomalies, stealthy attacks, and other threats, he said.
Nearly 60 percent of security leaders said they rely on managed security services because it improves their cyber-security posture, while 58 percent said finding and retaining in-house top talent is a challenge.
"Demand for skilled defenders far exceeds the available resources making experienced talent very expensive," Amsler said. "Organizations don't need to have a high level of in-house expertise if they engage a managed security services provider. The new model applies teams of expert analysts to serve a wider group of businesses, making it more affordable for companies to get the talent they need."
In addition, 54 percent of managed security services users reported that in the last year, their provider found software exploitation older than three months on their network.
Nearly three-quarters (73 percent) asserted it's essential or very important that their provider has a high level of interoperability with the company's security intelligence tools, and 59 percent said they agree that responsibility for the vendor relationship is shifting from the IT department to the line of business, indicating cyber-security has become a boardroom concern.
"Managed security services have become highly commoditized, relying on automated tools and unskilled staff to deliver a minimally compliant offering," Amsler said. "With major breaches continuing to go undetected for weeks and months, the market will shift back to expert services designed to provide more transparent, proactive and, ultimately, more effective defensive capabilities."
The savviest C-suites recognize the need to proactively hunt for advanced adversaries and automate the manual processes analysts use to find and defeat stealthy cyber-threats, he said.