Insight and control are everything for managed services providers. That statement is nothing out of the ordinary for those who have been in the channel for the past decade or longer, though there were a few exceptions, where certain activities and systems weren’t always easy to monitor and manage. The exclusions get rarer every year with the advances in IT and automation.

For example, a growing number of platforms allow MSPs to manage and monitor a myriad of cloud solutions for their SMB customers. Those tools simplify the oversight and billing processes and let providers see and respond to issues before they lead to further complications. The ultimate goal is to keep your clients online and productive.

Why wouldn’t MSPs follow the same approach with cybersecurity? The added insight and control you gain with SIEM (Security Information and Event Management) solutions seem like a “no-brainer” if your clients truly value their networks and data ‒ and wish to meet the ever-lengthening list of compliance requirements. Environmental awareness is critical with the rising number of threats and vulnerabilities.

Demystify Investigations

Protection is essential. Just as critical in today’s heavily regulated business environment is helping your clients identify potential cyberattacks and report the details to the proper authorities. That’s a value-add they’ll surely come to appreciate even more as new rules and standards get implemented.

“Log collection and correlation is a fundamental cybersecurity requirement,” says Justin Kallhoff, CEO of Infogressive, an advanced managed security services firm based in Lincoln, Nebraska. “Having an audit log of what happened and when it happened that is searchable and constantly monitored will not only help detect issues in real-time, but it becomes a lifesaver in post-incident scenarios. We work a lot of breaches where we need to work backward and recreate scenes based on breadcrumbs instead of just being able to query a SIEM.”

Good detectives build their cases on the evidence. SIEM is a useful means for MSPs in that manner, documenting the details of cybercrime. More importantly, it enhances a provider’s vision, giving them a greater chance of spotting and stopping malicious behavior before it causes real damage. Businesses are more willing to pay a premium for proactive support that can help keep their operations up and running smoothly.

Covering their behinds when something goes wrong is just as important. When cybercriminals strike, the MSP may be responsible for documenting all activities associated with the incident as well as the response. The more you know, the easier it will be for you and your clients to report what happened to the proper authorities ‒ including law enforcement and regulatory agencies.

“Not having a SIEM on a network is a bit like running a bank without security cameras,” emphasizes Kallhoff. “When it gets robbed, you’re stuck asking witnesses for a description of the attackers instead of being able to watch the tape.”

Telepathy as a Service

SIEM gives security professionals those ESP-like capabilities. “Quoting Mohamed Ali, ‘the hands can’t hit what the eyes can’t see,’ and similarly, MSPs and MSSPs can’t defend their customers’ networks against threats they can’t detect,” says Stephan Tallent, CISSP, Senior Director of MSSP & Service Enablement at Fortinet. “Traditionally, SIEMs send you information on things impacting security assets, Firewalls, IPS, etc. As the perimeter starts to erode with IoT devices and mobile users, the visibility needs to expand to network-connected devices as well.”

That proliferation of unsecured endpoints should be of great concern to the MSPs charged with locking them down. SIEM gives you a fighting chance. These platforms help MSPs detect and respond to threats originating from any device on the networks they manage, which explains why they have become a mandatory part of today’s regulatory compliance ecosystem. PCI-DSS, HIPAA, FISMA, and other industry standards require covered organizations to have operational SIEM technologies in place.

As an MSP, those prerequisites should make life (and the sales process) less complicated. From real-time alerting and event monitoring to incidence response reporting, SIEM provides the cybersecurity insight you need to effectively protect the SMB from the latest threats ‒ not to mention the growing list of compliance requirements.

Brian Sherman
IoTSSA, Content Director