The Value of AI-driven Network Detection and Response for MSSPs

The Value of AI-driven Network Detection and Response for MSSPs

The Value of AI-driven Network Detection and Response for MSSPs

The Value of AI-driven Network

Detection and Response for MSSPs

The Value of AI-driven Network

Detection and Response for MSSPs

Henrik Davidsson
September 14, 2020

With the advent of AI, managed security service providers (MSSPs) have a huge opportunity to improve 24x7 network threat detection, response and visibility while augmenting their understanding of security events. But some key challenges must be addressed to stay relevant and add the right value.

One might wonder if traditional MSSP services are suited in today’s changing landscape with cloud, data center, enterprise and IoT networks. Simply alerting and informing a customer about an incident is no longer sufficient. MSSPs must move beyond that and deliver more relevant value to customers.

One approach provides full incident-lifecycle management. This requires a being a genuine partner when working with the customers’ security team. Traditional pure-play MSSP services are inconsequential today. By leveraging AI-driven solutions like the Cognito Network Detection and Response (NDR) platform from Vectra, MSSPs can succeed in the following three areas:

Increase wallet-share

Vectra has a vast technology partner ecosystem with third-party end point detection and response (EDR), orchestration, security information and event management (SIEM) and firewall vendors as well as open APIs to integrate these solutions in any MSSP security infrastructure.

As a result, MSSPs can increase wallet-share by creating and customizing value-added services and solutions for their customers.

Increase profitability

A key value-driver for MSSPs involves the delivery of profitable services for the duration of services contracts. With its detection and prioritization of threats and ease of integration into existing workflows, the Cognito NDR platform can significantly improve MSSP productivity.

In an actual use-case, the Cognito NDR platform from Vectra automatically detected and prioritized 14 high and critical alerts in a day. Before Vectra, the MSSP would spend days chasing-down a daily average of 400 alerts, most of which were false positives. The automatic detection and prioritization of in-progress cyberattacks is pivotal to success. This in turn will reduce attacker dwell-time, accelerate incident response, and speed-up threat investigations.

Trusted advisor

Leveraging the Vectra technology partner ecosystem will help MSSPs strengthen their position as trusted advisor to customers. MSSPs can introduce value-driven services as Vectra adds new capabilities to the Cognito NDR platform and coach customers about fortifying security resilience and maturity.

MSSPs who work with Vectra have the advantage of continuously differentiating and evolving their value proposition and remaining a top-tier innovation partner for customers.

Our current MSSP partners gain exceptional value from the award-winning Cognito NDR platform, including:

  • Detect and respond to attackers across cloud/SaaS, data center, IT, and IoT networks.
  • Automatic threat detection, triage and prioritization increases Tier-1 analyst productivity.
  • Integrate Vectra with third-party security solutions and existing MSSP workflows.
  • Faster detection and response to in-progress attacks and speedier threat investigations.

Vectra also reduces the total budget cost of SOC services, lowers staff hiring and training costs, and enables security analysts to focus on higher-value tasks, such as incident investigations and threat hunting.

About the author

Henrik Davidsson

Henrik Davidsson is director of sales business development at Vectra, where he is responsible for customer value creation & managed service providers. He has over 15 years’ experience in working with large enterprises, service providers and always stays in the frontline of new security challenges and coaching end customers and partners alike on how to augment their security posture and cyber resilience. Henrik has held leading position at companies such as Cisco, Juniper Networks, VMware, FireEye and NTT Security.

Author profile and blog posts

Most recent blog posts from the same author

Security operations

How to Gain Full Threat Visibility Where Only the Network Exists

September 21, 2020
Read blog post

The Best Way to Stay Breached

May 13, 2021
Read blog post

Are You Transforming Your SOC Yet?

June 24, 2021
Read blog post