Nation-State Cyber Threats: Five Questions MSSPs Must Ask Themselves

By Britt Norwood · March 31, 2022

Trellix announced our new report, In the Crosshairs: Companies and Nation-State Cyber Threats. Written by our partners at CSIS, the report provides context around the state of global threat actors and how to address the very real threat that nation-state attackers pose to civilians' daily lives and national security. It’s chock-full of interesting findings for companies, consumers, governments, and IT service providers to consider.

For me, the findings attest to the amount of work still required by the private and public sectors as well as IT service providers to prevent and minimize threats. As Trellix’s head of global channels and commercial, learning that ten percent of organizations are without a cybersecurity strategy is alarming. Compelling too from the research is the great level of dissonance between organizations’ assessment of their technical capacity and the actual implementation of that capability. For instance, while many organizations expressed high confidence in their ability to conduct successful attribution without assistance, other results reveal most organizations rely on external assistance to identify a perpetrator. An overestimation or misunderstanding of actual technical capacity could lead to increased vulnerabilities and inefficient processes or solutions. And the reality is, in cybersecurity, self-assessments of capabilities are nearly always overreported.

These learnings are a sobering reminder that firms of every size and scope are vulnerable – including MSSPs. With the attack on Kaseya, we know MSPs are attractive to cybercriminals and from SolarWinds and research we know that IT service providers are a growing target of nation-state actors. We also know that many organizations rely on MSSPs to provide the necessary skills and expertise to deliver security services and capabilities.

Navigating this evolving threat landscape, certainly isn’t easy by any stretch for MSSPs who are already heads down defending against persistent adversaries. To add to the mix, MSSPs are also contending with lots of information about endpoint security technologies and detection and response solutions. Cutting through all the noise in the industry can be challenging. It’s important for MSSPs to assess the bigger picture and take some time to look at how endpoint security fits into their strategy and capabilities and not solely focus on using an Endpoint Detection Response (EDR). Extended Detection Response (XDR) is a logical evolution of EDR solutions into a primary incident response tool. While EDR is focused on protecting the endpoint, providing in-depth visibility and threat prevention for a particular device, XDR takes a wider view, integrating security across endpoints, cloud computing, email, and other solutions. XDR tools provide the context needed to detect sophisticated and distributed attacks, enabling MSSPs to better focus their efforts and safeguard their own organization and their clients.

All that said, it’s increasingly paramount for MSSPs to ask the tough questions about their own cybersecurity strategy and their ability to safeguard and notify their clients in case of a breach. So, what are some of the security-centric questions MSSPs should ask themselves to reassure their clients they have the necessary capabilities? Here’s my top 5 checklist:

• Are you able to not just identify – but automatically react to – threats via the EDR technology you use to serve customers, without complex integration into SOAR for every reaction?
• Are your own internal and customer service IT systems protected from advanced persistent threats (APT)?
• Are you able to link to objective, 3rd party threat campaign assessments such as those in Trellix Insights describing attack campaigns to your customers, so they understand the threat and global context?
• Does your EDR provide specific reaction directions when threats are discovered?
• Does your EDR partner compete with you in delivering managed solutions?

Living security

Trellix XDR has a differentiated ability to secure the digital experience against cyber threats using threat intelligence capabilities developed through the scale and diversity of its sensor network. Unlike some EDR solutions, we are able to drive automated responses without complex integration into SOAR for many reactions. Our solution offers the best strategy to detect complex, sophisticated threats and to connect with other security components and turn threat information into action and protection. Trellix Insights offer a unified security posture score from endpoint to cloud, delivering a more robust and comprehensive assessment across your environment. This allows you to drill down on specifics to enhance your security. It also enables more efficient, better, and faster decisions with automated investigations driven by correlation analysis across multiple vectors. Our capabilities allow you to focus on proactively predicting and prioritizing threats instead of just reacting after an attack. This means your SOC spends less time on error-prone fire drills with weeks of investigation and can respond faster to protect your organization and your customers.’ For all our partners including the ones who deliver managed detection and response (MDR) solutions, we’re here to empower you with the products and support you require to keep pace with the adversarial tactics and techniques your clients are fronting. Our open, interoperable platform approach to cybersecurity also allows you to implement the specific technologies you need to protect your own and your customers’ unique operations. It’s security that learns and adapts in a way that’s proactive, with automation doing what’s necessary across native and open connections.

Unfortunately, nation-state attackers aren’t going away. At the end of the day, MSSPs need to provide the leading-edge tools that will help their customers and partners manage their security ecosystem in the face of dynamic threat actors. Working together with our partners, Trellix is committed to addressing a rising industry need to shorten response times from security events and more easily remediate compromised systems, leading to a simplified Threat Defense Lifecycle.

If you want to prevent threats from impacting your customers and partners, we can help to evolve your security operations to adapt to new threats and accelerate detection and correction. We collaborate with an extensive network of technology partners who bring expertise and innovation to a security landscape that’s constantly changing. Whether you’re interested in working with one of our partners, or becoming one yourself, we want to work with you.