We recently published the results of our 2024 MSSP Survey, an exploration of the current state of the managed security services industry, told from the perspective of those on the front lines. The survey unearthed many fascinating insights on topics like automation, AI, and how MSSPs intend to grow their businesses.
One of the most surprising findings was around what MSSPs struggle with. We asked the question, “what security operations and processes pose the biggest challenges for your organization?” and the most common answer was “effective communication and collaboration with clients”, which finished ahead of all the options related to security operations.
Similarly, when we asked about the tasks that tie up too much time, the top answers weren’t related to alert overwhelm, incident response, or any other security tasks. The first and third most common answers were reporting and client communication.
We found these answers fascinating. They suggest that the administrative aspects of running an MSSP cause more pain than actually providing the services. Fortunately, our Smart SOAR platform isn’t just for automating SecOps tasks; it also streamlines and automates client interactions for MSSPs. Let’s take a detailed look at a couple of the ways MSSPs can relieve their client communication headaches with Smart SOAR.
A unique feature of Smart SOAR is its integration with a native client portal. This was built so that MSSPs don’t have to use third-party ticketing tools and can instead push any incidents that require their client’s feedback to a dedicated queue. Additionally, tasks in playbooks can be assigned to client roles to make collaboration between their ticketing queue and the playbook engine seamless.
Classification task assigned to client
Pending task visible from client’s point of view.
Playbook progresses after receiving the client’s response.
For common software that MSSPs often use to communicate with their clients, Microsoft Teams is at the top. Going back and forth on team channels and direct messages is time consuming and tedious. But what if there was a way to automate delivery of messages to these channels and have your client’s response trigger automated actions back in your SOAR workflows? This is what the out-of-box integration between D3 and Microsoft Teams enables.
In the workflow below, we see a conditional task evaluating as a high risk level for the IOCs involved in a security incident. Then, the user is asked if permission is needed to execute response actions.
When the workflow progresses it reaches a task connected to Microsoft Teams. The task is set to dynamically fill the content and require approval from the recipient in order to activate the rest of the workflow.
From your client’s point of view, they will receive a form within a designated Teams channel that lists the available response actions and gives them the ability to select the response actions and then approve or reject the request.
Back in Smart SOAR, we can see the playbook reactivate and the appropriate response actions triggered.
This is one example of how MSSPs can leverage common tools to work synergistically with their SOAR platform. As SOAR tools have become a core requirement for efficient service delivery, leveraging them to automate client communications is a high ROI activity.
A similar workflow can be triggered with email as the primary communication method. Oftentimes, MSSPs will use the Global List feature within Smart SOAR to dynamically assign the email recipient based on which client’s environment generated the alert.
Inside the email is a response form that functions similarly to the interactive Microsoft Teams message. The recipient can approve or reject the requested response actions and their input is fed directly back into the playbook.
MSSPs aren’t just security teams; they’re also businesses. What we learned in our survey is that the challenges of running a business pose a real threat to the success of many MSSPs. That’s why we consider the whole picture when designing our MSSP-specific features.
Our 2024 MSSP Survey is filled with other interesting insights. You can download your copy here.
The post MSSPs Say Client Communication Is Too Hard. Here’s How We’re Helping. appeared first on D3 Security.
*** This is a Security Bloggers Network syndicated blog from D3 Security authored by Pierre Noujeim. Read the original post at: https://d3security.com/blog/mssp-client-communication-smart-soar/