When it comes to security operations, timing is everything. Sensor downtime or delays from alerting to response can be the difference between stopping an attack and a data breach. When your managed IT and extended detection & response (XDR) services are handled by separate providers, you run the risk of delayed response and service. 

Chris Schoenwetter, our Director of Cyber Operations, did a short case study on the outcomes of two similar firms with different managed IT and SOC designs. The first firm, let’s call them Firm A, separated services (with Agio handling only XDR and another vendor managing their IT). Firm B bundled XDR and managed IT with Agio.  As we describe below – the difference was significant. The bottom line: If you’re not bundling your XDR and managed IT, you’re in a potentially vulnerable position.  

cyber operations bad actors work 247 so do we

Cyber Risk Increases When You Separate IT Management and Security Operations 

Misconfigurations, poor security hygiene, and weak controls are common ways a threat actor can gain initial access to a company’s environment.

In our example for Firm A, Agio’s XDR team identified a server that was potentially misconfigured (and therefore vulnerable to exploitation by threat actors). The XDR team contacted the client to report the vulnerable machine and begin remediation. The client then connected the Agio XDR team with a separate vendor that handles their managed IT.    

Rather than addressing the misconfiguration immediately, an email thread was started, responses took hours, and a call was scheduled for the following week due to scheduling challenges. Before that call, the machine was compromised by a threat actor, escalating routine maintenance to a cybersecurity incident. The third-party managed IT team couldn’t isolate the vulnerable machine before the threat actor pivoted to internal systems, ultimately exfiltrating data and deploying ransomware. 

Multi-vendor solutions are simply less agile in responding when a vulnerability emerges. The ability to correct weak security controls or remediate insecure processes is critical to prevent initial access by threat actors. Rather than dealing with a single, fully coordinated and aligned team, you’re working against different processes, staff, and leadership which increases risk by increasing the time it takes to remediate.  

In a multi-vendor scenario, our data shows that response time takes, on average, 40% longer to resolve than when services are consolidated with a single team. That’s time we simply can’t afford to lose.  

Cyber Risk Decreases When You Bundle XDR with Managed IT

In our second example, Agio’s XDR team detected a similar misconfiguration at Firm B. Because the client bundled both their XDR and managed IT services with Agio, we could flag the issue immediately to our IT support team. Within two hours, we resolved the issue, reported the activity to the client, and moved on without incident. The ability to move quickly with an internal team meant that Firm B was presented with a problem and an in-progress solution. They spent less time with a vulnerable system and avoided a potential attack.  

All companies have exploitable vulnerabilities. Our data show that managed IT and XDR with us are up to 80% less likely to see a vulnerability escalate into an incident.  

cyber operations safeguard your team

Vulnerabilities of Separating Managed IT & Cybersecurity Services 

Now that we have covered two similar firms with different managed IT and SOC designs – one bundling services, and one separating – let’s recap the vulnerabilities your firm faces when separating managed IT & Cyber Operations services, drawing from recent examples seen by Agio’s Cybersecurity Analysts. 

  • Phishing: Our cybersecurity analysts have observed malicious actors employing QR codes and links sent through legitimate document-sharing services, such as Adobe, to deceive users into accessing unauthorized websites. These actors have also become adept at requesting multi-factor authentication (MFA) after a victim submits their credentials, resulting in a rise in unauthorized account access.
    • How Cyber Operations catches this: Our detection methods are twofold – We frequently identify users accessing websites with low reputation scores, providing an early warning of suspicious activity. Subsequently, we swiftly detect the login attempts of threat actors, signaling a clear attack. 
  • Attempted exploitation of known vulnerabilities: Bad actors are always looking for publicly accessible vulnerabilities they can easily exploit. Our analysts observe these attempted exploits frequently – often against patched systems. With a recent uptick in critical vulnerabilities to widely deployed systems, like FortiNet and Ivanti’s VPN products, prompt patching has become critical.
    • How Cyber Operations catches this: Regular vulnerability scans inform the risk score we keep for every asset on your network. When we identify known vulnerabilities, that risk score rises and alerts are given a higher priority. Additionally, our detection system is continuously updated with the latest indicators of compromise (IOCs) – allowing us to detect attempted exploitation of new vulnerabilities quickly. 
  • Misconfigurations leading to unauthorized access: Our analysts have observed a number of misconfigurations causing security concerns within client environments. The specific misconfigurations range from sharing documents more broadly than intended to disabling multifactor authentication (MFA) for a user account.
    • How Cyber Operations catches this: By monitoring user activity throughout your environment, we are able to identify and alert on these misconfigurations. Observing these changes allows us to fix them in hours instead of weeks, reducing the risk of threat actors finding them first.  
msp feature checklist

Contain Cyber Vulnerabilities with Best-In-Class Service  

The compared firms analyzed in this article aren’t unique; we found the same results across our entire client base. Don’t expose yourself or your organization to unnecessary risk.  

When you bundle XDR and managed IT with Agio, our team removes that layer of unnecessary risk by delivering maximum agility with no red tape. But don’t stop at just those two. The best defense? A fully unified managed IT, Cyber Governance, and Cyber Operations solution from a single provider. 

Have questions? We’re here to help. Talk to us today.    

See also  Debunking the Misconceptions of Consolidating IT and Cybersecurity Providers