A practical, MSSP-ready threat intelligence platform should complement other security vendors’ firewalls, monitoring products, and IP, among other things, to add contextual intelligence and turn it into actionable protection in real-time.
FREMONT, CA: The market acceptance of advanced threat intelligence capabilities is hastening as Managed Security Service Providers (MSSP) partner up with threat intelligence vendors to augment their current service portfolios.
The core tasks and assessment criteria that MSSPs can implement in their threat intelligence vendor selection processes are given below.
Form of Intelligence Outputs
Machine-Readable Threat Intelligence (MRTI) is the first-level threat intelligence and is generally employed as a continuous data feed to an organization’s SOC team. Dynamic data streams permit analysts to identify Indicators of Compromise (IOCs) and administer threats effectively. Significantly, it is effortless to set up and offers fast, frictionless integration with Security information and event management (SIEMs), firewalls, IPs, and other security products, because of translation from human to machine-readable formats and swift dispersion to cloud and onsite security infrastructure.
Integration with Existing processes and Complementary Services
A practical, MSSP-ready threat intelligence platform should complement other security vendors’ firewalls, monitoring products, and IP, among other things, to add contextual intelligence and turn it into actionable protection in real-time. This facet can be supported through standardized cybersecurity information-sharing techniques, such as Structured Threat Information Expression (STIX), Trusted Automated Exchange of Intelligence Information (TAXII), to mechanize intelligence sharing with other devices. As with any other strategic vendor arrangement, MSSPs must also ensure that the cooperation will be adequately supported with proper onboarding, training, and help should question arise.
Adoption of Specific Aspects Rather Than the Complete Package
Threat intelligence solutions earnest of the name ought to offer universal threat coverage, but this should not necessarily mean acquisition to be constrained to an all-or-nothing choice. Modular threat intelligence facilitates MSSPs and their customers with a buffet-style selection of capabilities to suit their requirements as they grow.
This feature is also the ideal model for assisting each end-customer as they evolve. It enables the MSSP to package and sell the underlying threat intelligence platform as a security-as-a-service offering to customers who have their own Security Operation Centers (SOCs) and want to supervise the solution themselves. Also, to those who rely entirely on the MSSP to efficiently outsource their security operations.