A Tale of Two Cyber Vulnerabilities: Why It Makes Sense to Consolidate Managed IT and Security Operations
This post was originally posted on MSSP Alert.
Your security operations are critical, and every decision you make impacts those operations. When you have separate service providers – one for managed IT and another for eXtended detection & response (XDR) – you run the risk of delayed response and service.
Patti Hallock, Agio director of XDR Operations & Engineering, collected data and did a short case study on the outcomes of two similar firms with different managed IT and SOC designs.
The first firm, let’s call them Firm A, separated services (with Agio handling only XDR and another vendor managing their IT). Firm B bundled XDR and managed IT with Agio.
The difference was significant. The bottom line: If you’re not bundling your XDR and managed IT, you’re in a potentially vulnerable position.
Cyber Risk Increases When You Separate IT Management and Security Operations
Misconfigurations, poor security hygiene, and weak controls are common ways a threat actor can gain initial access to a company’s environment. In our example for Firm A, Agio’s XDR team identified a server that was potentially misconfigured (and therefore vulnerable to exploitation by threat actors).
The XDR team contacted the client to report the vulnerable machine and begin remediation. The client then connected the Agio XDR team with a separate vendor that handles their managed IT.
Rather than addressing the misconfiguration immediately, time was spent introducing ourselves to the third-party team, stating the situation, and explaining what we detected and how to remediate the issue. While we went through those steps, the machine was compromised by a threat actor, and the issue escalated to a cybersecurity incident.
The third-party managed IT team couldn’t isolate the vulnerable machine before a threat actor accessed critical systems. Several days later, Firm A was the victim of a ransomware attack.
Multi-vendor solutions are simply less agile in responding when a vulnerability emerges; the ability to correct weak security controls or remediate insecure processes is critical to prevent initial access by threat actors. Rather than dealing with a single, fully coordinated and aligned team, you’re working against different protocols, change control processes, staff, and leadership which increases risk by increasing the time it takes to remediate.
In a multi-vendor scenario, our data shows that response time takes, on average, 40% longer to resolve than when services are consolidated with a single team. That’s extra time for hackers to pick the locks.
Cyber Risk Decreases When You Bundle XDR with Managed IT
In our second example, Agio’s XDR team detected a similar misconfiguration at Firm B. Because the client bundled both their XDR and managed IT services with Agio, we could flag the issue immediately to our IT support team. Within two hours, we resolved the issue, reported the activity to the client, and moved on without incident. The ability to move quickly with an internal team meant that Firm B spent less time with a vulnerable system and could avoid a potential attack.
All companies have exploitable vulnerabilities. Our data show that fewer clients see those vulnerabilities escalate to a cyber incident if they put both managed IT and XDR in our hands. In fact, because we’re able to move faster to resolve low-level risks, clients who bundle managed IT and XDR with us are up to 80% less likely to see a vulnerability escalate into an incident.
Contain Cyber Vulnerabilities with Best-In-Class Service
These case studies aren’t unique; we found the same results across our entire client base. Don’t expose yourself or your organization to unnecessary risk.
When you bundle XDR and managed IT with Agio, our team removes that layer of unnecessary risk by delivering maximum agility with no red tape.
Author Patti Hallock is director of XDR Operations/Engineering at Agio. Guest blog courtesy of Stellar Cyber. Read more Stellar Cyber guest blogs here. Regularly contributed guest blogs are part of MSSP Alert’s sponsorship program.