Outsourced Security Technology

Cybersecurity companies often outsource technology through mergers or integration of other industry vendors to add new capabilities to their existing repertoire. This enables them to diversify their business offerings and reduce the level of competition. The more products or services they can provide, the stronger their position in the market. Here are a few services that security companies have obtained via acquisition in the last year:

  • Cloud security
  • Email protection
  • Security operations center (SOC)
  • Endpoint detection and response (EDR)
  • Extended detection and response (XDR)
  • Internet of Things (IoT) device protection
  • Autonomous artificial intelligence (AI) detection
  • Cloud Infrastructure Entitlement Management (CIEM)
  • Security orchestration, automation, and response (SOAR)

According to a study conducted by SecurityWeek, these types of security mergers and acquisitions (M&A) occurred 435 times in 2021. After bouncing back from the Covid-19 pandemic in early 2020, global technology deals reached record highs. Integrations and mergers can lead to heightened efficiency, lower prices, and increased value when compared to industry competition.

The Risks to Consider

With every security company offering different services and having different approaches, it can prove quite the task for managed service providers (MSPs) and small and midsize businesses (SMBs) to choose their security vendor(s). In this blog post, we aim to provide some guidelines to consider when you are evaluating your options. One specific approach is to outsource your 24/7 SOC. According to SANS’ 2021 Survey of SOCs, a combined 149 out of 244 businesses use either an outsourced 24/7 SOC, a mix of internal and outsourced efforts, or simply do not have one. Although this approach leads the majority, businesses should consider the following when looking into a security company with outsourced technology:

  • Is the solution inefficient due to vendor differences?
    • Vendors may be unable to effectively communicate due to limited network visibility or differing standards for their APIs. Therefore, the success of their merger or integration may be unsuccessful.
  • Integrations and mergers are often public knowledge, which can be a security threat.
    • If a malicious actor knows you work with a vendor, and they are partnered with another vendor, the malicious actor now has three avenues to attempt malicious connection with your business.
  • Are you paying inflated prices?
    • Often, if a certain vendor’s technology is taken under the umbrella of a larger company, their prices rise.
  • Is the technology quality, talent pool, or function quality of one vendor decreasing due to who they are partnered with?
  • What is the overall integrity of both security vendors?
    • They will both have eyes on your network and data. Is that a security risk?
  • With a shared responsibility model, are there clear expectations for whose job it is to protect and respond to different threats?
    • If a malicious actor isn’t caught, will you be able to pinpoint responsibility?

Acquisition, in and of itself, is risky. In a survey conducted by Forescout, 62% of participants agreed their company faces significant cybersecurity risks due to acquisitions and that cyber threats are their main concern post-acquisition. Therefore, it is important to assess the compatibility of all companies involved. Be sure to:

  • Read up on any M&A the company has undergone,
  • Look into their service integrations,
  • Research the success of the merger or integration according to clients, and/or
  • Ask their sales representative about outsourced resources.

Why Fast Matters in Cybersecurity 

A key element to consider is security response times. The speed with which a 24/7 SOC detects and responds to cyber threats is crucial. If any part of a security company’s technology is outsourced, there may be varying delays in responding to issues that could be handled within minutes. During those delays, malicious actors can secure their foothold and begin to pivot laterally through the environment to locate their targeted assets. When time is of the essence, you can’t afford to spend time contacting a third party. That is why security operations with in-house, around-the-clock technology, are pivotal to your business’ security. Only then can you stay ahead of malicious actors’ advancing tactics, techniques, and procedures (TTPs), stopping cyber threats before the threat actor is even aware.

SNAP-Defense: The In-House Technology that Powers Blackpoint

Blackpoint’s managed detection and response (MDR) technology, SNAP-Defense, was built from the ground up, powering each solution within our security ecosystem. We can add detection and response capabilities to your arsenal within minutes while other companies must rely on the product release cycles of third-party vendors. For example, we released a partner threat notice at the end of May regarding a new Microsoft exploit allowing for remote code execution in Office products. Because our technology is in-house, we were able to quickly update configurations to response to this developing threat. In fact, the vulnerability was taken care of before more than one article regarding the threat even existed. If our technology was outsourced, configuration updates to account for this vulnerability may have taken days. In the current threat landscape, you need the ability to adapt quickly to emerging indicators of compromise and threats.

Instead of relying on the integration of numerous, disjointed third-party technologies, SNAP-Defense was designed from scratch to directly support MDR objectives and workflows. The benefits of building our own nation-state-grade security operations and incident response platform include:

  • Rapid addition of new threat detection capabilities and responses, as seen above,
  • A technological foundation to easily expand on as our services grow, and
  • Streamlined billing and onboarding processes for the Blackpoint ecosystem.

SNAP-Defense was developed using knowledge of how cyberattacks unfold, reviewing the shortcomings of other security technology, and focusing on common tradecraft and tactics. Blackpoint’s focus has always been to create technology that provides valuable context leading to immediate response. At a time when such technology did not have these goals or capabilities, we knew SNAP-Defense would fill this gap common security stacks exhibit.

With monitoring, detection and response all built-in, we can automatically collect and correlate metadata around suspicious events through unparalleled visibility into hacker tradecraft, lateral spread, and privileged activity. With native interoperable technology, Blackpoint protects you where legacy tools cannot. Our ecosystem combines network visualization, insider threat monitoring, anti-malware (AM), traffic analysis, and endpoint security into an end-to-end cyber strategy to protect you. We respond 24/7 and neutralize threats in their earliest stages, detecting breaches faster than any other solution on the market. Trust Blackpoint for high-performance, easily upgradable, and robust cybersecurity that can protect against today and tomorrow’s threats.

Blackpoint’s Far-Reaching, Cohesive Capabilities

We have several patents on our technology and continue to innovate and develop new technology and methodologies to detect, process, and respond to cyber threats. In-house technology empowers security companies to expand their capabilities at optimal times that align with the business goals and industry demands. For example, according to SANS’ 2021 Survey of SOCs, six of the 10 most popular outsourced SOC capabilities were:

  • Threat Intelligence including
    • Attribution,
    • Production,
    • Research,
    • Hunting,
    • Feed consumption, and
  • SOC architecture and engineering, specifically to systems running the SOC.

Our SOC team and Adversary Pursuit Group (APG) cover each one of these capabilities. We optimize our architecture and data to its fullest extent, ensuring robust services and valuable intel for our partners. SNAP-Defense powers the entire Blackpoint ecosystem, providing 24/7 monitoring and detection against advanced threats, active response for your cloud, hyper-efficient logging and compliance, and cyber liability insurance. These cohesive services supply our SOC with crucial data to triage around the clock, diminishing data overload or false alarms. Then, in the hands of APG, we are able to provide threat intelligence for our partner community. This context enables them to make better-informed decisions, take decisive action, create tailored defenses, and make wise investments. Opposed to outsourced technology, SNAP-Defense ensures cohesive user experiences and rapid protection in an ever-changing threat landscape.

Summary

When considering a security company, research if any of their technology is outsourced. Outsourced technology can delay detection and response times, open your network and data up to more eyes, and create security bottlenecks if the integration is ineffective. Assess your current security stack and see what vendors are providing in terms of above-and-beyond care for you and your clients. Minimize your vendor list to those core vendors and maximize their value by utilizing their suite of services. Doing so will greatly benefit the security and productivity of all businesses you protect.

If you are interested in learning more about Blackpoint’s streamlined ecosystem powered by our patented technology, SNAP-Defense, let’s connect. Trust cybersecurity experts with real-world cyber experience and deep knowledge of hacker tradecraft to protect your network with excellence 24/7/365. Talk to a Blackpoint rep today and start the conversation about robust cybersecurity blackpointcyber.com/lp/book-demo.

Want something new to listen to?

Check out our podcast, The Unfair Fight, where you can hear industry insights from Blackpoint Cyber leadership and our special guests firsthand.