What is Co-Managed Security?
For a long time “managed services” meant using somebody’s blackbox software in the cloud. Clear upside: your data isn't your problem, experts do everything, and you can just get alerts about incidents. Nothing wrong with that.
A lot of the value comes from the fact that these providers have a window into a wide variety of environments. The largest managed providers see 70% of the world’s email traffic—experience that helps them to see patterns, problems, and red flags before an in-house team would easily miss.
But threats and change are only constants in cybersecurity.
This pure managed model is great for perimeter security, which is a nuts-and-bolts need that applies to every business. But it has significant limits. While outer shell security is great at catching something like malware, it's a lot less likely to spot something like an internal systems hack.
Here’s the real downside though: it does nothing to grow or mature your security program. It’s pure outsourcing, which can stunt your posture—keeping you out-of-the-loop of a vital security process as you build policy for your organization.
Meet Co-Managed Security Services.
In a co-managed model, an organization has it's own SIEM (on premises or in the cloud) and hires a specialized group to do the labor—tuning, upkeep, analysis and even some response, handled in a specialized Security and Network Operations center (SOC/NOC). Philosophically, we like this as an advisory group because anything and everything done to improve a company's SIEM will stay in-house. Every bit of fine tuning and coaxed potential will remain in the SIEM even if that particular co-managed security relationship comes to an end. It's having your cake while learning how to bake another.
An organization still gets the benefit of dedicated experts, of round-the-clock-and-calendar attention and analysis, but witout the disconnect within their security strategy. At least, that's how we see it.
The big difference is the big picture.
There are lots of shops that provide eyes-on-glass. Lots, even, that will do engineering work in your environment and some fine tuning. But we think co-managed security providers are going to start being more involved than that. Our engineers don't want to manage something that is stale—to narrow our service, without worrying about someone's greater security posture. We want all the tools we're asked to run to be in-step with the threat landscape.
This means planning, engineering, integrating, monitoring, policy tweaking and tuning—it means overall, ongoing advisory services making sure this piece is cooperating with all the others to enhance security. Right now, we're one of the only groups approaching co-managed security this way. But we don't expect to be for long.
This is where managed security is headed.