Threat detection appears to be all the rage when it comes to IT security. Both Amazon Web Services (AWS) and Google are becoming much more focused on providing threat detection services. In the case of AWS, that means acquiring sqrll, a provider of a threat detection software that was originally developed for the National Security Agency. Google, meanwhile, announced that a threat detection project started last year is now a company operating as a unit of the Alphabet umbrella company of which Google is a business unit.
Dubbed Chronicle, the threat detection capabilities being developed by Alphabet stem from a Project X initiative launched in 2016 that promises to build an immune system to protect organizations from cybersecurity attacks.
As ambitious as that all may sound, a panel of IT security experts at a security conference hosted by Xerox this week unanimously identified threat detection as the number one area IT organizations need to focus on. Threat detection inside or outside of the cloud is hardly a new idea. But, as IT organizations come to terms with the fact that cybercriminals have probably been able to use social engineering to bypass their security defenses, they’re focusing more on hunting for cybersecurity threats. The assumption is that the IT environment has already been compromised from a cybersecurity perspective.
Cybersecurity education and beyond
That doesn’t mean IT organizations will stop investing in firewalls and endpoint security. But it does means IT organizations are recognizing that those technologies only thwart cybersecurity attacks being programmatically launched from afar. And, of course, there’s the danger of end users being tricked into directly downloading malware onto their systems by a carefully crafted fake email from their boss that asks them to download an important file. That’s why security education is such an important tool for MSPs.
At the Xerox security event this week, Kevin Mitnik, a former cybercriminal who now heads up a security penetration testing firm, told attendees that any time his firm has been allowed by a client to include social engineering techniques such as spear phishing as part of a penetration-testing exercise they have been 100-percent successful.
Threat detection opportunities
Threat detection clearly provides managed service providers with a significant opportunity. Most internal IT organizations don’t have the skills required to set up and manage their firewalls, let alone build something that resembles a modern security operations center capable of first identifying threats and then providing the action plan required to mitigate them.
Most IT security companies are already sharing intelligence concerning new cybersecurity threats that have emerged in the wild. But when it comes to discovering malware that has already landed, most IT organizations are on their own. MSPs that have threat-hunting expertise are typically worth their weight in gold. They may not be able to find every threat lurking in the shadows of a file or an operating system. But, the more malware that gets discovered before it becomes weaponized, the better off every organization becomes.
It will be up to each MSP to decide whether they want to host threat detection software themselves or use an existing cloud service. Regardless of approach, however, detecting malware is only the first step in a remediation process most organizations would rather rely on a service to provide than trying to figure out on their own what needs to be done every hour of the day and night.
Photo: rawf8/Shutterstock.com