Sicurezza

Use cyber-intelligence to expand cyber-services & increase differentiation

By Todd Weller, Chief Strategy Officer, Bandura Cyber

As MSPs expand their cybersecurity offerings, cyber-intelligence is an area that can help them improve protection for customers, generate additional revenue, and differentiate their services from the competition.

However, when we talk to MSPs about cyber-intelligence, we often get the raised eyebrow. This reaction is driven by many factors. One of which is the nebulous meaning of cyber-intelligence—what is it really? Another is that cyber-intelligence is viewed as requiring significant resources to acquire, manage, and deploy. Historically, this has proven true, which has made it difficult for MSPs to incorporate cyber-intelligence into their offerings. The good news? Times are changing.

What is cyber-intelligence?

Many fancy definitions of cyber-intelligence exist, but in simple terms, it’s data and information MSPs can use to help better understand the threat environment and better protect customers from cyberthreats. Cyber-intelligence data can range from lists of threat indicators, like malicious IP addresses and domains associated with phishing, malware, ransomware, and other threats to detailed information about attacks, attackers, and the methods they employ. The cost of cyber-intelligence data spans the spectrum from free to reasonable to expensive to very, very expensive.

One thing to note is that cyber-intelligence is more commonly referred to as threat intelligence. We prefer to use the term cyber-intelligence because, while using intelligence to identify threats is critical, it’s equally important to have intelligence on known good applications, services, infrastructure, etc.

Proprietary vs. multisource cyber-intelligence

A key driver of the confusion around cyber-intelligence is the fact that every cybersecurity vendor markets that their solution uses or is powered by cyber-intelligence. This includes next generation firewalls, unified threat management solutions, endpoint security solutions, etc.

The truth is these solutions do use cyber-intelligence. However, the kind they use is typically proprietary to the vendor and only represents their view of the threat landscape. While this has value, it alone is insufficient because it is too narrow of a view.

This is where multisource cyber-intelligence comes into play. Multisource cyber-intelligence is data and information from a mix of sources. These include commercial threat intelligence specialists, open source, government, and industry sources like Information Sharing Analysis Centers or Organizations (ISACs/ISAOs). Sources also include cyber-intelligence unique to an organization. For example, based on activity across your customer base, an MSP can generate its own cyber-intelligence.

The need for cyber-intelligence

So what is the value of cyber-intelligence and, more specifically, multisource cyber-intelligence?

With an ever-growing volume of cyberthreats and a dynamic threat environment, it’s clear that defending against cyberattacks has become a volume game. With cyber-defense, there are no silver bullets. There is not one security control or source that will provide your customers with complete protection. It requires the use of massive amounts of cyber-intelligence data from multiple sources along with layered security controls.

With cyber-intelligence, MSPs can gain a broader view of the threat landscape and significantly improve their visibility and ability to protect customers. It also allows you to expand your cybersecurity services capabilities, enhance the value of existing services, and increase service differentiation.

The challenges with cyber-intelligence

While cyber-intelligence can have significant value for MSPs and their customers, it is not without its challenges. Some of these challenges include:

  • It can be difficult to acquire. There’s an overwhelming amount of cyber-intelligence available. Which sources should you use? How do you acquire them? Additionally, as mentioned earlier, cyber-intelligence data can be expensive.
  • It can require significant resources to manage and deploy. Once you acquire cyber-intelligence, there is a need to aggregate, manage, and deploy it to create value. This can require significant resources, including people, time, and the need for additional security tools like Threat Intelligence Platforms (TIPs).
  • Taking action with cyber-intelligence is hard. Taking action with cyber-intelligence to protect your customers is the most critical part, but it can be tough. For example, deploying it into a wide range of security controls across your MSP customer base can be challenging. Different security controls use different types of data and how you integrate it into different controls varies. In the event the controls across your customer base are more homogenous (i.e., everyone uses the same firewall), this challenge is lessened. However, there is still a major hurdle to overcome because most existing security controls do not play nicely with third-party, cyber-intelligence data. This makes it difficult for MSPs to take action with cyber-intelligence, which is critical to generating value from it for you and your customers.

Overcoming cyber-intelligence’s challenges

The good news is that cyber-intelligence solutions exist to solve these challenges.

Here are five key characteristics an MSP should look for in a cyber-intelligence solution:

  1. Access to multisource cyber-intelligence. Does the solution provide easy access to a wide array of cyber-intelligence data from multiple sources? This includes commercial intel feeds, open source, government, and industry sources.
  2. Openness. Access to multisource cyber-intelligence is great, but you also need the ability to easily add and integrate from other sources. These sources could include additional threat intelligence feeds, data from other cyber systems, and/or custom data sources unique to the MSP.
  3. Automation. Automation is critical in order to eliminate the resource challenges associated with cyber-intelligence. Is the cyber-intelligence data automatically updated? Can you automatically integrate data from other sources? Are there flexible approaches to doing so? More automation means less work for you as the MSP.
  4. Action. Cyber-intelligence without action is pointless. Does the solution have the ability to deploy cyber-intelligence in customer environments, so it can be used to detect and block threats both proactively and reactively? Can this be done in a simple and scalable way?
  5. Ease of use. Last, but not least, ease of use is a critical characteristic. You need a cyber-intelligence solution that is easy to deploy and manage across your MSP customer base.

Defending against today’s cyberthreats is a volume game requiring the use of massive amounts of cyber-intelligence data. MSPs that embrace cyber-intelligence can improve protection for customers, generate additional revenue-generating service opportunities, and better differentiate their service.

Todd Weller is Chief Strategy Officer at Bandura Cyber

 

Bandura Cyber is a member of the N‑able MSP Technology Alliance Program (TAP). TAP is a growing group of trusted vendors we’ve teamed up with to offer a variety of third-party integrations and services to help MSPs better serve their customers. This blog is part of the TAP blog series through which we will provide you with relevant and interesting guest blog contributions from our TAP members.