Unlocking A Splunk MSSP Perspective on Today’s Cybersecurity World

With the increasing pressure from complex cybersecurity threats, many security leaders are turning to specialized expertise–such as a managed security services provider (MSSP or Splunk MSSP)–for help. 

In this Q&A, Matt Yonchak, a Splunk and security expert who has been working in the field for more than 15 years, shares his insights on today’s security challenges as well as tomorrow’s MSSPs. He also talks about how Hurricane Labs drives customer success by providing actionable intelligence to improve their cyber threat resilience.

Considering a Splunk-powered MSSP for your use case?

Let’s connect to discuss your requirements and find out if Hurricane Labs is the right fit for you.

Why is security more important now than ever?

Not only are attacks becoming more common but keeping up with the geopolitical world we live in today has really driven customers to spend more money on security. What we see with Russia and the Ukraine, Log4j, and all the different attacks–these are the things happening around the world that are driving security budgets. 

In the past two or three years since COVID really hit, we’re seeing a lot of circumstances where a new CISO is brought into a company, they take a look at what’s going on from a security perspective, and they see how little the organization is spending on security, or how lax the security posture is, that’s one of the first areas they fix.

What are some of the biggest cybersecurity challenges the industry is facing today?

For Hurricane Labs, when we look at the world today, one of the biggest drivers is the fact that the talent market is generally impossible. There are more jobs than there are people with the right qualifications to fill them–and everyone’s feeling the crunch of competing for the same spots in the cybersecurity space. 

So when Hurricane Labs can come in with an offering that delivers on the expertise and the ability to provide services 24x7x365, these are capabilities that our customers need, because they can’t find them themselves. Being able to leverage the talent we have and retain that talent, puts us in a position to be able to offer something to our clients at a price point that they’re just not going to be able to fill on their own without hiring 4, 5, 6 sometimes in terms of headcount to be able to staff appropriately. 

A lot of our clients come to us and say, “Hey, we need help because we just lost our main Splunk admin.” Or, “We just lost two of our analysts and there’s just no world where we can staff 24×7.” 

It’s expensive to build out a 24×7 SOC operation on your own, especially if it’s not something you’ve done before. And so, we’re in a unique position to really help customers proceed along that journey of maturing their security program. 

What does the future look like for MSSPs?

From an MSSP perspective, the world has shifted quite a bit in the last two years. 

For what I would consider a long time, especially in the world of security, managed security was basically: we’ll manage your firewalls, we’ll do some intrusion work, and we’ll manage your SIEM. That is no longer remotely good enough. Fortunately, this is something we at Hurricane Labs have been out in front of for a while. We’re always looking at what’s next. 

So when we look at SIEM management, the logical progression next is automation, and from there you start to look at things like–well, from a managed services perspective it’s called XDR, but for clients it’s more like EDR or MDR. Pushing forward–where the industry is going–is an approach that’s integrated across the board with all of these different technologies to be able to offer the client something that is way more comprehensive than it was a long time ago.

What’s the mindset that security pros–and MSSPs–should adopt in order to keep up with where the world of security is heading?

Well, when we’re talking about security it’s an adapt or die mindset. 

As a Splunk MSSP like Hurricane Labs, whenever something new comes out–say there’s a new security problem or maybe our client is acquiring a new line of business–and the client needs to think about securing it, they’re likely asking: “So what do our detections need to look like?” 

Something that has always been a push for our security architects is the concept of not being stagnant but always thinking about what’s next. What are we going to be doing to address it? What’s the next thing we need to build? What’s the next way we can help secure your organization?

Fundamentally, from our architects to our customer success managers, everybody is really looking at maturity from the standpoint of how do we keep our clients maturing, which means we’re constantly looking ahead. 

How does Hurricane Labs help its customers? And what does your Splunk MSSP do differently than others?

With our 24x7x365 security operations services, we help our customers develop new content, whether that’s building new content in ES or helping them to get a handle on things like the MITRE framework. As their Splunk MSSP, we help them align with those things and to drive not just the maturity of their program overall but also the maturity of their detection profiles.

We also have our Splunk MSSP or Splunk Management Services for non-security Splunk use cases. 

So when there’s a client that is having a hard time getting their hands around just making Splunk function, making it work, they’re struggling to get the value out of Splunk, because they either don’t have the expertise or the time to get it done, we have a service that can help them. 

And when we talk about Hurricane Labs differentiators outside of Splunk specifically, a lot of it has to do with the fact that we have a very customizable service that we’re delivering. 

When we’re having conversations with our customers, the focus is on what are they are trying to accomplish and how can Hurricane Labs pivot to accomplish that, rather than having the client be locked in to a space where they’re told, “Here are the things you can possibly do and here’s all the stuff that is out of scope.” So they have to work with the limited options or capabilities from the MSSP, when their environment may require something more tailored to them. 

In terms of differentiators in the MSSP–and Splunk MSSP–world, for us, it’s really more about depth of expertise. It’s about the ability to be a little more customizable or more sensible when it comes to what our customers are trying to accomplish. 

Looking for an MSSP that provides customizable 24/7 SOC services?

Hurricane Labs understands your business has unique requirements and we’ll adapt our services to get you where you need to be. Let’s discuss your use case to find out if we’re a good fit today.

What does Hurricane Labs do when it comes to Splunk automation?

Not only was the Hurricane Labs team one of the early pioneers of Splunk but we were also the first ones here in North America to be able to offer the Splunk SOAR-as-a-Service and package it the way it is. 

So when our clients start to look at SOAR, or we start to talk about Mission Control or UBA, we look at it in terms of a logical progression when it comes to security and Splunk products.

Ultimately, being able to take a customer through the maturity journey along the Splunk security platform–from security essentials all the way to SOAR and Mission Control–is what Hurricane Labs executes on very well.

Additional Resources

Learn more about Hurricane Labs’ Managed Splunk or Security (Splunk MSSP for SIEM + SOC) Services. 

For more expert Splunk and cybersecurity insights all in one place, subscribe to the Hurricane Labs monthly newsletter.

And follow Hurricane Labs on LinkedIn!