LINEARSTACK
August 22, 2023

MSSPs' Role in Managing AI and Security

The role of MSSP's to manage AI & Cybersecurity both collaboratively.

Artificial intelligence (AI) is an exciting business, economic, and technical capability organisations can't seem to get enough of when considering their organisation's risk from the latest changes in the cyber threat landscape. This disruptive capability has several use cases, including increasing cybersecurity response capabilities to help prevent advanced persistent threats.

The role of AI within the security space is a two-fold discussion.

Security operations teams continue to upgrade their existing security adaptive control layers with AI-embedded capabilities. These adaptive controls include cloud-based email security, intrusion prevention, and layer 7 web application firewalls. Security solution providers, including Imperva, Cisco Systems, Microsoft, Palo Alto Networks, and Thales, have significantly invested in AI and machine learning (ML) in their various solutions, including security automation, deep visibility to help with the response to cybersecurity threats, and using behavior analytics to detect never seen potential threats.

What role does a managed security service provider (MSSP) play in assisting clients with the cybersecurity AI strategy? MSSPs hold many vendor certifications from the major solution providers. Many of their engineers have expertise in AI and ML capabilities. AI presents opportunities for MSSPs to expand their service offerings around AI-enabled security operation centers, next-generation intrusion prevention systems, and advanced threat intelligence from their Large Learning Models (LLM) and Natural Language Processing (NLP) datasets.

What is the Role of AI in Cybersecurity?

A successful AI program within an organisation requires talent, financial capital, and executive sponsorship. Some of these challenges to AI, include the following:  

  • Misguided expectations of what AI is and how it works
  • The misunderstanding of the cost of AI  
  • Confusion around AI delivering a return on investment (ROI)

Understanding What AI is Expected to Deliver

AI delivers insight and trends by processing structured and unstructured data through the LLM and NLP. The output gives organisations valuable information, including detecting complex behavior-based cybersecurity attacks within a predictive analytics model. Chief information security officers (CISOs) recognize the value of AI by moving the security strategy from reactionary to proactive protection.  

Another critical piece in setting expectations regarding AI is time and investment. LLMs take several weeks to several months to process the data. The computing costs to process LLMs are costly. Depending on the amount of information being processed, some LLMs could cost the organisation thousands or even millions of dollars. Companies like Databricks and Snowflake are creating cost-effective solutions within their cloud instances, and Lakehouses are much lower points to give clients the needed resources to develop custom LLMs.  

The cost of an AI investment could be broken out into several sub-areas, including:

  • Cost of LLM processing, including cloud computing and Lakehouse/data storage.
  • Cost of talent, including keeping data scientists and data analytics engineers.
  • Cost to migrate to AI-powered cybersecurity solutions.  

The cost of AI is expensive. However, organisations expect this investment to help reduce costs in several areas to help balance the financials. AI can help save the company in the following ways:

  • Security Operations and Automation- AI can help detect and respond faster to cybersecurity with predictive behavior analytics. This advancement will reduce the cost per cyber-attack, resulting in lower cybersecurity insurance premiums and fines.
  • Back-office Repetitive Processes - AI is critical in reducing and automating repetitive tasks in several back-office areas, including human capital management, finance, talent recruitment, and purchasing.  
  • Software Development - CoPilot AI continues to be a highly effective means of developing new source code. CoPilot provides code suggestions to application developers. This capability has improved software development by 30% and completed more tasks in less time. CoPilot also has improved product quality along with automation remediation capabilities.

These financial success factors help organisations develop cost models to help set the correct financial expectation of AI.  

Managing expectations regarding an area MSSPs can provide some valuable help. MSSPs like LinearStack have experience working with many clients migrating to AI security solutions while phasing out existing legacy adaptive controls.  

Their solutions include incident response, attack automation response, and detecting AI-based attacks.  

What Should Organisations Upgrade to AI-Powered Cybersecurity Protection Layers?

Enterprise organisations are not the only ones investing in ChatGPT and other AI capabilities.  

Hackers, phishers, cybercriminals, and state-sponsored terrorist groups also have investments in AI. Hackers, like the enterprise security operations teams, use AI to determine where within their victims' applications, network infrastructure, and cloud-based data storage.  

Hackers have used ChatGPT to create near-perfect email phishing attack content. This content has successfully bypassed legacy email security solutions. Recently, the hacker community launched Worm-GPT, like the public version of Chat-GPT, to assist with creating content for fresh attacks.

Along with email phishing attacks, hackers also use AI to direct their distributed denial-of-service (DDoS) attacks. Hackers will collect their attack telemetry into an AI Large Language Model (LLM) process. It can feed the output of datasets into hackers' machine-learning engines to identify trends within their kill chain.  

Organisations already experiencing these AI-powered cyber-attacks need to upgrade their various protection solutions with their AI.  

Establishing a Partnership with an MSSP for AI-Powered Cybersecurity

MSSPs bring several levels of expertise surrounding AI. This unique partnership between the enterprise and MSSPs helps address several challenges organisations have surrounding AI. Managing expectations, delivering on the vision of AI, creating a measurable and successful solution with AI, and creating a sustainable strategy to enhance AI's capabilities as the threat landscape continues to develop, becomes the value of an MSSP.

A critical part of delivering a successful AI strategy is access to experienced human resources. 54% of enterprises adopt AI by hiring or outsourcing for human expertise. The lack of expertise in AL prevents organisations from leveraging various advancements, including automated intrusion detection systems, firewall management, and AI-driven security management.

Keeping AI talent, specifically in data science and analytics, is challenging for many enterprise organisations. MSSPs keep in-house AI talent and access global talent pools. Many are leveraging their partnership with an MSSP with AI expertise.

LinearStack's AI Strategy and Execution of Delivery are Top Priorities.

Organisations looking to develop an AI strategy should be extra cautious when researching. Many consulting firms may have the talent for legacy security offerings. However, they could be challenged in assisting you in developing a plan for AI. Some consulting firms have some expertise in AI design; however, they may lack the ability to deliver the strategy and lack post-deployment management services.  

LinearStack's portfolio helps put customers at ease with the combined experience in AI strategy services, AI-enabled cybersecurity architecture, deployment execution, and post-deployment managed services offerings to align with the client's monitoring, management, and upkeep of their investment in AI.  

LinearStack solutions engineers start with a risk assessment of the client's environment. This assessment helps define the narrative for both LinearStack and the client to align surrounding the current security device management, cloud-based security services being consumed, and overall event management.

For example, one LinearStack's vulnerability assessment reviews the security adaptive controls to determine which ones should migrate AI-based solutions. The assessment helps the organisation set a priority of importance, specifically which technology solution should be migrated to first. LinearStack helps their client with artifacts from the assessment to help build a business justification.  

Conquering the Cost of AI

Cost is an essential factor when clients consider any form of security transformation. LinearStack's practice also includes business impact analysis(BIA).

Many organisations need more funding, time, and human capital to replace, manage, and monitor every security control and cyber-attack incident and perform a comprehensive root cause analysis. Leveraging a BIA helps provide the risk to the organisation if they consider changing the existing security protection strategy.

A Business Impact Analysis (BIA) predicts the outcome of a business disruption. BIA Assessments identify potential risks to critical business operations. BIA also considers the consequences of disruption, failure to achieve service level agreements, and the impact of future events.

MSSPs like LinearStack augment their client's security operations efforts with various offerings. Monitoring AI-based adaptive controls, including Cortex XDR, cloud-based email security, and next-generation web application firewall and DDoS protection, is part of the LinearStack portfolio of services.

About LinearStack

LinearStack is a leading Managed Security Service Provider (MSSP) and security systems integrator based in New Zealand. Since our establishment in 2013, we have built a reputation for providing world-class 24x7 security services to businesses of all sizes. We are proud to partner with some of the top technology companies in the industry, such as Palo Alto Networks, Cisco Systems, Imperva, and LogRhythm. Our excellent operational capabilities, as well as our fulfillment of business requirements and completion of rigorous technical, sales enablement, and specialization examinations, have earned us a distinguished reputation in the industry.

At LinearStack, we take pride in providing top-notch security solutions tailored to our client's needs. We aim to help businesses reduce cyber-attack risks, strengthen security posture, and maintain regulatory compliance. Our clients rely on us for our exceptional security solutions, outstanding customer service, and industry expertise.

Culture

We’re 100% privately held, grown with a family mindset. When working with clients, we’re well-integrated within their teams and act as an extension of their operations. Augmenting existing teams is a transition we manage smoothly, empowering our customers to prioritise cybersecurity strategy while we protect their business from cyber threats 24x7.

Maintaining thriving IT systems and assuring data protection are fundamental needs that all businesses deserve.

Contact Us

Want to know more about what we offer? We'd love to hear from you.

Get in touch with us today:

Phone: 0800 008 795

Email: info@linearstack.co.nz

Website: https://linearstack.co.nz


Blogs

Start Reading

Our latest blogs and news are here for you

What is Extended Detection and Response (XDR)?

Forrester defines XDR as : The evolution of EDR, which optimizes threat detection, investigation, response, and hunting in real time….a cloud-native platform to provide security teams with flexibility, scalability, and opportunities for automation.
Read More

Managed Detection and Response (MDR) to stop Supply Chain Attacks

Minimising supply chain risks and reducing impact with Managed Detection and Response (MDR)
Read More

Security Orchestration, Automation and Response - An Introduction to SOAR

How SOAR platforms help cyber security teams optimise operations and reduce response time
Read More
Are you experiencing a security issue? Call us now.