The Wikipedia entry for managed services has its first reference to security at Word 345 of the narrative. When you Google managed services, the People-Also-Searched-For box lists cloud computing, data center, IT service management, outsourcing, and software-as-a-service, with no references to security. Suffice it to say, managed services from MSPs are viewed as broader and largely distinct from managed security services from MSSPs.
And yet, every cyber security practitioner in our industry preaches that IT infrastructure and enterprise protection must become more integrated – and that those stubborn silos between CISO and CIO-led organizations must break down. Adding cyber security as an after-thought, which involves retrofitting prevention, detection, and response controls into existing infrastructure, has always been a second-rate approach. It just doesn’t work well.
This interplay between managed services and security came front-and-center during a technical discussion today with Blackpoint Cyber, a Maryland start-up. My former AT&T colleague, Linda McGuigan, is connected to the team – and she urged me to listen to their story. After a lively discussion, during which I pushed hard on some of their bold claims, I got excited about their solution – especially in the context of making MSPs into MSSPs.
We began with a technical overview of the Blackpoint platform from Jon Murchison, founder and CEO. Blackpoint focuses on managed detection and response (MDR), which provides a safety net for the inevitable attack, probe, and breach attempts that evade cyber preventive measures. Such coverage is possible through a combination of network mapping, enterprise asset tracking, and lateral movement identification.
“Our platform supports security operations teams by making the live assets of an enterprise visible in real-time,” explained Murchison. “As a breach unfolds across a network, such visibility provides a window into the east-west traversal that is so typical of modern cyber breaches run by advanced actors to steal credentials, obtain intellectual property, or produce some other undesirable consequences for the targeted entity.”
I asked about how this extends to cloud, and Murchison explained that the Blackpoint platform can operate on-premise or in externally-hosted infrastructure. I also asked about typical deployments, and it sounded like Blackpoint has had considerable success with larger enterprise customers, especially outside the US. This makes sense, because lateral traversal in advanced persistent threats has been particularly nagging for larger companies.
But it was the discussion around Blackpoint’s intense focus on working with managed service providers that really piqued my interest. Murchison took me through their process of working with MSPs who want to offer cyber security services to their business customers. Apparently, the secret sauce involves integration of the MDR protection with the software management suite used by the MSP – which is often ConnectWise or ServiceNow.
“We make it simple for MSP partners to onboard the Blackpoint MDR solution to any managed IT environment,” explained Neville Gibson, Head of Channel Sales. “We work with them to deploy our agents to customer endpoints, and we can enhance this visibility with network taps that help identify evidence of exfiltration. The result is that we manage to transform an MSP into an MSSP, which is a win for everyone, including their customers.”
While this sounded like a good arrangement, I expressed concern that the MSP and MSSP marketplace is undergoing dramatic changes with virtualization and SDN-enabled services from carriers. And this can introduce business risk. But we all agreed that such change might also provide excellent opportunity as customers rethink their managed service contracts and arrangements. Empowering MSPs with new security services will help them compete.
If you are part of an enterprise team with the need to improve your post-breach MDR, or if you manage IT services for a living, then you are advised to connect with Blackpoint and listen to their story. For MSPs, in particular, the opportunity to transform your service suite to include advanced cyber breach response capabilities should be something on your 2019 list. (You can be certain that your competitors have it on theirs.)
As always, let us know what you learn.