Top Ten Requirements for Managed Security Services Providers
John Humphreys, Senior Vice President, Proficio
According to research by the Ponemon Institute, cybercrime is increasing significantly and the cost of the average data breach has risen to a $3.92 million. With security threats becoming more prevalent and more costly, many organizations are choosing to partner with a Managed Security Services Provider (MSSP) as an extension of their internal security team.
MSSPs provide 24/7 Security Operations Centers (SOCs), efficient workflows that improve time to remediation for security issues, access to security expertise, research and threat intelligence, and significant cost savings and scalability. While the benefits of partnering with an MSSP are wide ranging, choosing an MSSP is a complex decision for many organizations.
Below are the top ten requirements you should look for in an MSSP.
- Advanced Threat Detection. Industry leading MSSPs use a combination of people and technology to accurately detect and prioritize indicators of attack or compromise. Components of advanced threat detection include 24/7 investigations by security analysts, customized SIEM use cases, business context modeling, threat intelligence profiling and AI-based threat hunting models.
- Managed Detection and Response. Managed detection and response (MDR) services will assist your team by leveraging technologies at the perimeter, core and endpoint to detect and contain threats both in on-premise and cloud-based environments. MDRs also offer vulnerability management and extensive incident response services.
- Security Orchestration and Automated Response. Automation or semi-automation is required to quickly contain high-fidelity security events and allow time for incident responders to investigate and remediate threats before they cause damage.
- Risk Scoring. MSSPs should provide their clients with security dashboards and data that show each client’s risk compared to their peer group. They can also provide their clients with visibility into their security posture to help identify blind spots.
- Full Lifecycle Management. Many organizations lack the resources to manage their security products and keep them running to vendor recommended standards. MSSPs with the capability to manage or co-manage these devices help off-load IT teams to do more important tasks while maximizing the value of next generation tools.
- Dedicated Client Success Team. In addition to the support of a 24/7 security team, MSSPs should assign their clients a client success team that is focused on account management and strategic security advisory functions, ultimately understanding and supporting both the business and technical needs of the organization throughout the relationship.
- Flexibility and Customization. Every organization is unique, and an MSSP should be able to customize their services to the needs of each organization they work with. Flexibility spans customizing use cases, reports, dashboards, escalation rules, incident response actions and more – all required to meet each organizations’ requirements. Mapping the managed security service to each organizations’ needs improves the quality of cyber defense and minimizes operational disruption.
- Powerful Case Management. MSSPs should provide access to an enterprise-class ITSM tool for case management and workflow automation. This allows for better visibility into the MSSP’s actions and tighter integration between the client and MSSP’s security team.
- Global SOC Operations. Global MSSPs offer both continuity of operations and unrivaled visibility into advanced threats. Their 24/7 operations, combined with the volume and breadth of their client base, allows global MSSPs to see more advanced threats on a recurring basis and puts them in a stronger position to respond quickly.
- SOC Type 2 Compliance. An MSSP should complete an annual audit to demonstrate that it follows strict information security policies and procedures that encompass the security, availability, and confidentiality of customer data.
There is much to consider when evaluating a managed security service provider – after all, you’re placing your company’s security posture in the hands of a third-party provider. Undertaking a thorough review of an MSSP’s capabilities reduces the chance of surprises and keeps your peace of mind going forward.
About the Author:
John is a Senior Vice President at Proficio, an award-winning Managed Security Service Provider (MSSP) offering Managed Detection and Response (MDR). John has more than twenty years of experience defining and executing breakthrough marketing strategies for IT information solution providers.