New compliance regulations for businesses that come in this October present MSSPs with opportunities to sell to customers, says Innes Muir, regional manager, MSSPs, UK, EIRE and RoW, Logpoint.
Compliance regulations are stepping up and with them the pressure on organisations to meet more stringent cybersecurity demands. For financial companies with business in the EU, DORA came into force in January, and PCI DSS 4.0 becomes mandatory from April.
Meanwhile, many operating within the EU (including those in the UK with dealings on the continent) will need to comply with NIS2 from October. Now much broader in scope than its predecessor, it is thought about 160,000 entities will need to comply, including SMEs with a high risk profile, and the UK may well follow suit by amending NIS UK.
NIS2 also steps up reporting obligations with an early warning to be made within 24 hours, an incident notification within 72 hours, an intermediate report upon request and a final report due no later than a month after the incident notification was made. Personnel can also be held personally accountable and the fines for non-compliance are expected to be punitive: up to €10 million or 2% of global annual turnover for essential organisations and €7 million or 1.7% of global annual turnover for important entities.
Meeting the requirements
The aim is to increase cybersecurity, resilience and incident response across all relevant sectors in the EU, to reduce any inconsistencies under NIS and align cybersecurity capabilities, and to improve joint situational awareness and the collective ability of the states to prepare for and respond to incidents. This will be achieved by facilitating the sharing of threat intelligence between the authorities and establishing response procedures for handling major incidents.
For these goals to be realised, controls need to be put in place so NIS2 legislates for stronger incident response and crisis management, vulnerability handling and disclosure, supply chain security, risk management policies and procedures, cyber hygiene, the use of cryptography and human resource and asset management. And this is where the MSSP can play a critical role in enabling their customers to comply with the regulations.
It’s important to clarify that MSSPs cannot achieve compliance on behalf of their customers but they can help to facilitate it through services such as managed detection and response and threat detection and incident response (TDIR) as well as offering ease of reporting through GenerativeAI-enabled tools.
Adding value
NIS2 requires organisations to implement an information security management system for cyber and information security and in addition to this deploying a security incident and event management (SIEM) solution that offers threat detection can provide the centralised log management and detection and response capabilities required to comply.
A SIEM can reduce the time taken to detect and respond across the entire threat landscape by encapsulating TDIR within one interface. Log collection and analysis are used to verify the level of the threat and the SIEM automatically generates incident reports for the immediate notification. When it comes to the final report, case management can be used to combine related incidents into a single case with relevant information added from threat intelligence, data enrichment and other investigations to give a complete picture.
MSSPs can also more easily manage multiple SIEM tenants through a central management console, enabling the security analyst to view all those deployments. Should they need to, they can then drill down into those environments to carry out a task or conduct an investigation.
NIS2 provides MSSPs with a real opportunity. By aligning their services to the requirements of the standard they can ride the wave of compliance, adding value and differentiating their offering from the competition.
