If an IT solution provider wants to become a managed security services provider (MSSP), they will need the ability to remediate a cybersecurity breach in well under two hours, based on how long it currently takes the average IT organization to accomplish that task themselves.

A new report from Barracuda Networks finds that, on average, a business takes three and a half hours (212 minutes) to remediate an attack. Obviously, there are many businesses that take longer. However, for an MSSP to make the case for outsourcing incident management, they need to be substantially better than the average IT organization. That suggests that two hours is the maximum amount of time an MSSP has to remediate a breach.

The threat landscape is expanding

Multiply the amount of malware lurking within any organization and the potential scale of the MSSP challenge becomes even greater. Barracuda researchers looked at the results of email threat scans of 383,790 mailboxes across 654 organizations over a 30-day period using a free Barracuda Email Threat Scanner tool. The scans identified nearly 500,000 malicious messages in these inboxes. On average, each organization had more than 700 malicious emails that users could access anytime.

Furthermore, Barracuda researchers estimate a typical organization investigates five email-related security incidents each day. With an average of 3.5 hours to respond to each incident, it takes more than 17 hours, or the equivalent of two full-time employees, to respond to what’s being reported each day. Multiply that across multiple organizations and it becomes clear why the current shortage of cybersecurity expertise is so chronic for MSSPs.

MSSPs can rely on automation

Barracuda research shows automated incident response can reduce response times by 95 percent on average. That means that five incidents reported by users each day would take less than an hour to remediate. In effect, that would substantially increase the number of customers an MSSP could support using the same core staff.

Of course, there’s no reason an end user couldn’t automate their own incident response platform. However, while cybersecurity is critical, it only adds cost to an organization’s operations. MSSPs essentially aggregate those costs across multiple clients, which should result in a lower total cost of cybersecurity.

It’s also worth remembering that MSSPs are typically going to attract a higher level of cybersecurity talent than the average IT organization. In fact, it’s worth noting it takes the average organization 197 days to even discover a breach.

There will always be security breaches and a customer is always going to hold the MSSP responsible for the breach, no matter who is at fault. There’s always going to plenty of blame to go around. MSSPs typically deal with customers at their worst moments, which means many MSSPs also function as a grief counselor.

Being an MSSP is not for the faint of heart. However, with a little automation being an MSSP is also one of the most rewarding services any solution provider can deliver.

Photo: Blazej Lyjak / Shutterstock

Mike Vizard

Posted by Mike Vizard

Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike blogs about emerging cloud technology for Smarter MSP.

Leave a reply

Your email address will not be published. Required fields are marked *