Back to Blog

The Value of AI-driven Network Detection and Response for MSSPs

By
Henrik Davidsson
|
September 14, 2020

With the advent of AI, managed security service providers (MSSPs) have a huge opportunity to improve 24x7 network threat detection, response and visibility while augmenting their understanding of security events. But some key challenges must be addressed to stay relevant and add the right value.

One might wonder if traditional MSSP services are suited in today’s changing landscape with cloud, data center, enterprise and IoT networks. Simply alerting and informing a customer about an incident is no longer sufficient. MSSPs must move beyond that and deliver more relevant value to customers.

One approach provides full incident-lifecycle management. This requires a being a genuine partner when working with the customers’ security team. Traditional pure-play MSSP services are inconsequential today. By leveraging AI-driven solutions like the Cognito Platform from Vectra, MSSPs can succeed in the following three areas:

Increase wallet-share

Vectra has a vast technology partner ecosystem with third-party end point detection and response (EDR), orchestration, security information and event management (SIEM) and firewall vendors as well as open APIs to integrate these solutions in any MSSP security infrastructure.

As a result, MSSPs can increase wallet-share by creating and customizing value-added services and solutions for their customers.

Increase profitability

A key value-driver for MSSPs involves the delivery of profitable services for the duration of services contracts. With its detection and prioritization of threats and ease of integration into existing workflows, the Cognito Platform can significantly improve MSSP productivity.

In an actual use-case, the Cognito Platform from Vectra automatically detected and prioritized 14 high and critical alerts in a day. Before Vectra, the MSSP would spend days chasing-down a daily average of 400 alerts, most of which were false positives. The automatic detection and prioritization of in-progress cyberattacks is pivotal to success. This in turn will reduce attacker dwell-time, accelerate incident response, and speed-up threat investigations.

Trusted advisor

Leveraging the Vectra technology partner ecosystem will help MSSPs strengthen their position as trusted advisor to customers. MSSPs can introduce value-driven services as Vectra adds new capabilities to the Cognito NDR platform and coach customers about fortifying security resilience and maturity.

MSSPs who work with Vectra have the advantage of continuously differentiating and evolving their value proposition and remaining a top-tier innovation partner for customers.

Our current MSSP partners gain exceptional value from the award-winning Cognito Platform, including:

  • Detect and respond to attackers across cloud/SaaS, data center, IT, and IoT networks
  • Automatic threat detection, triage and prioritization increases Tier-1 analyst productivity
  • Integrate Vectra with third-party security solutions and existing MSSP workflows
  • Faster detection and response to in-progress attacks and speedier threat investigations

Vectra also reduces the total budget cost of SOC services, lowers staff hiring and training costs, and enables security analysts to focus on higher-value tasks, such as incident investigations and threat hunting.