Once upon a time businesses did not care much about security. It was mostly about web filters, anti-virus and firewalls. A call from the Help Desk rarely happened but would not have been suspicious. Data Protection where I came from typically was backup software or how many LUNS you could carve out or architect in a storage infrastructure solution in case that thing broke down.
Every day things changed. More convenient web portals were built. It became easier and easier to find out information about a company and personal profiles via LinkedIn or CRM software. Threats for the majority became more frequent and real. They became more industry specific and smarter and smarter.
One day things became so bad that compromised companies became a part of the regular nightly news. It is not just big companies any more but everyone big and small. Many companies lack the security staff and budget to be able to counter attacks, see what is happening, time to carve out an incident response plan in case something went wrong and time to educate employees about what a phishing email looks like.
Because of that information security companies offer managed security services to clients to help with staffing and to monitor and manage risks as they occurred. Small and medium sized businesses were no longer alone in the trenches trying to quickly learn all of the InfoSec do’s and don’ts as well as to decipher what is really needed and what is vendor fluff. Trying to decide where to spend money, where to save, what governance framework to follow and how to execute on it by specific deadlines. Companies could then start to rely on InfoSec VAR services to do this. More and more talented VARS started to up rise up with intelligent teams of individuals and proficient skill sets that could bring to companies of all sizes.
Because of that companies became more educated and are fighting back these Wicked Spiders, Ghost Jackals and Berserk Bears. (Thank you CrowdStrike Global Intelligence Calendar). Co-Managed Security Services help to build companies Security Operations Centers from the ground up filling in with gaps of current skill sets with policy framework, incident response coordination and security architecture.
Until finally we are going to be better than the bad guys. More prepared not just with paperwork and compliance check boxes but we are all going to learn how to fish rather than given a fish for dinner. That is the point. Teach, build and make the world a more secure place. That is what co-managed security services is all about. Building or expanding on current security operations center so prepared, ready and have a plan.