Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • What Types of Security Capabilities Do Managed Service Providers (MSP) Offer?
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

What Types of Security Capabilities Do Managed Service Providers (MSP) Offer?

4 years ago David Bisson
What Types of Security Capabilities Do Managed Service Providers (MSP) Offer?

Last time, I discussed the four basic types of managed service providers (MSPs) with which organizations commonly partner. Those categories help to determine the types of services offered by MSPs. In general, MSPs provide five primary services to customers.

Regulatory Policy Compliance

The privacy regulatory landscape is constantly expanding. According to Gartner, privacy regulations will cover the personal information of 65% of the world’s population by 2023. That’s up from 10% at the beginning of 2020, with 60 jurisdictions around the world having already enacted or proposed data privacy or protection laws.

Those regulations operate at various levels, making it difficult for organizations to keep up with their compliance obligations. For instance, 26 U.S. States introduced privacy bills in the first eight months of 2021; both Colorado and Virginia ratified their respective proposals in that period. What’s more, organizations need to balance their industry-specific regulations such as the Health Insurance Portability and Accountability Act (HIPAA) with their use of Zoom and other third-party apps to meet their evolving business requirements.

Fortunately, MSPs can do the ongoing work that’s required to ensure organizations maintain system compliance with mandates such as PCI DSS, SOX, and others.

Best Practice Framework Enforcement

While compliance with privacy and data protection regulations is mandatory for in-scope entities, organizations can augment their security postures even further by opting to adopt best practice frameworks. Take the Center for Internet Security’s Security Controls (CIS Controls) as an example. These Controls consist of recommended actions that organizations can use to defend themselves against the most pervasive attacks in the threat landscape today.

In the spring of 2021, CIS released Version 8 of its Controls. The updated set includes measures that organizations can use to secure their cloud and mobile technologies. It also groups a reduced number of Controls and Safeguards (formerly Sub-Controls) into three Implementation Groups (IGs) that organizations can leverage to prioritize their implementation of the CIS Controls.

That being said, there can be significant overlap between regulatory policies and best practice standards like the CIS Controls. In cases involving adherence to internal compliance programs, organizations may also need to undergo a compliance audit against a best practice framework. An MSP can help organizations to handle multiple policies and multiple audits simultaneously.

File Integrity Monitoring

File integrity monitoring (FIM) is a type of technology responsible for detecting changes that may be indicative of a digital attack. The challenge with certain FIM solutions is that they might just generate noise for organizations, thus complicating the task of identifying and investigating legitimate security concerns. They also tend to involve setting a policy, establishing a baseline for files, and other stages that might take security teams away from other important projects.

Fortunately for organizations, MSPs can take the hard work off their security team’s plate by running FIM solutions for them. They can specifically conduct continuous monitoring for change control and then act quickly to remediate risky changes that take systems out of compliance.

Vulnerability Management

Patch management is just one element of comprehensive vulnerability management (VM). Such a program also involves building a dynamic inventory of their connected hardware and software assets. Organizations can use that inventory to determine which IT assets need protecting and which IT assets they will subject to that procedure. It’s also up to organizations to scan their environments for known vulnerabilities and test patches before they deploy them.

When tasked with discovering and prioritizing vulnerabilities, an MSP can provide organizations with a dashboard view of their highest-priority vulnerabilities on any given day. Some MSPs leverage in-house vulnerability research teams whose role it is to stay on top of the latest footholds attackers are using to enter organizations’ systems. MSPs enable organizations to respond faster to emerging vulnerabilities with detailed remediation guidance.

Industrial Cybersecurity

Finally, MSPs can help organizations fulfill their industrial cybersecurity requirements. Many organizations need help specifically achieving visibility over their industrial assets. As discovered by Tripwire in 2019, only 52% of organizations use an asset inventory to track more than 70% of the industrial assets. Fewer than half of organizations have a baseline for the behavior of their operational technology (OT) assets or use a centralized log management solution for those devices at 31% and 39%, respectively.

MSPs can help organizations to fulfill their industrial cybersecurity needs. MSSPs with OT specialization in particular can implement solutions that read common industrial protocols, thus discovering and monitoring industrial assets that can’t be scanned with traditional IT tools as well as helping to meet compliance requirements in the process.

Just a Few of the Services Offered by MSPs

To learn about some of the other types of services offered by MSPs, download your copy of Tripwire’s eBook “Exploring Managed Cybersecurity Services: Mission Control for Security, Compliance, and Beyond” here.

The post ” What Types of Security Capabilities Do Managed Service Providers (MSP) Offer?” appeared first on TripWire

Source:TripWire – David Bisson

Tags: Cloud, Compliance, Privacy, TripWire, Zoom

Continue Reading

Previous 8 Daily Practices to Avoid Cybersecurity Burnout
Next Google Warns of New Android 0-Day Vulnerability Under Active Targeted Attacks

More Stories

  • Critical Vulnerability
  • Data Breach

When Cloud Outages Ripple Across the Internet

3 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks

5 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

Mozilla Adds One-Click Option to Disable Generative AI Features in Firefox

9 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group

9 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users

20 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link

22 hours ago [email protected] (The Hacker News)

Recent Posts

  • When Cloud Outages Ripple Across the Internet
  • APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks
  • Mozilla Adds One-Click Option to Disable Generative AI Features in Firefox
  • Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group
  • Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT