3 common problems with security services and what you should be getting
Just two years ago, enterprises were spending more on security products than on security services–today it’s the reverse. According to Forrester research, in 2018 services overtook products in every spending bracket. But if you have a managed security services provider (MSSP), there’s a good chance you may not be getting the service you want and need. Several common pain points are illustrative of limitations with some MSSPs and are hampering the security value you should be getting from an MSSP. Here are the frequently encountered issues today and what the right partner can and should be doing to help strengthen your security posture.
Three common problems with MSSPs
All too often, MSSPs behave more like an alert factory, forwarding streams of alerts generated by security tools directly to the client, without doing adequate triage and assessment of the underlying security issue at hand. Client alert overload remains the problem, because MSSPs aren’t adequately addressing the incident response process. What’s really needed is for the MSSP take on more of the responsibility, addressing alert triage and incident resolution in order to free clients from this time consuming process. This way, clients can get back to tending to their core business.
MSSPs who are good at incident resolution:
- Have a solid understanding of the client’s key information assets and business processes, so they can focus on what matters most with the least amount of disruption during response
- Have mature, yet flexible, incident response playbooks that can be customized to a client’s particular requirements, risks and business processes
- Certified tenured security analysts that are highly engaged with clients because they enjoy what they are doing and have the best tools in the business to accomplish their mission
The reality is that many mid-sized enterprises are struggling to get their security program maturity to the point where it can be effective at proactively managing cyber risks–instead of being in a continual reactive mode, only responding to the most obvious security issues of the day or week. Many of these enterprises are turning to MSSPs as a partner to provide expertise, process, and an outside perspective to help advance the maturity of their security programs. This requires MSSPs to make the right investments in helping the client on an ongoing basis. After all, new value-add opportunities open up as initial security concerns are addressed–the security mission is never complete.
MSSPs focused on security improvement should be able to:
- Support periodic risk assessments to identify new risks and controls gaps, and help implement fixes with the client
- Map current security practices against best practices, such as the NIST Cybersecurity Framework, and help clients build action plans for short and longer term
- Periodically review current MSSP-client processes and make continual improvements with the above in mind
The third pain point is related to the disappointing caliber of security analysts clients encounter when they need support. Anecdotally, I’ve heard multiple clients describing security analysts at big name MSSPs reading from scripts and decision trees, not really understanding what they are trying to achieve. People are considered 50% of the success equation, and the quality of the MSSP is fundamentally determined by the caliber and engagement level of the security analyst answering the client’s phone call. This is when critical decisions need to be made, and the stakes are too high for mistakes or inaction.
Critical factors for judging security talent include:
- Tenure: On average Tier 1 analysts should have more than two years of experience. Tier 2 and 3 analysts should have 6+ years.
- Certifications: Analysts should have security certifications–often multiple certificates–to ensure a baseline of knowledge that compliments pragmatic on-the-job training.
- Accessibility: The time to reach an analyst by phone should be short–less than one minute–and the process escalation to Tier 2 and 3 should be rapid.
Tactical, strategic, financial: What you should be getting out of your partner
There are a number of MSSPs out there, and if you pick the right one, it will help you at the strategic level by helping you understand your own security maturity and to fix any security control gaps so you are actively managing cyber risk. A good MSSP has the right turn-key tools to provide the needed visibility, awareness, and controls to avoid any security “surprises” (saying it nicely) that nobody wants.
For network security monitoring, turn-key tools include:
- Fundamentals such as SIEM log monitoring and vulnerability scanning
- Network packet capture for network traffic analytics
- Network visibility tools for capturing and analyzing flow data
All of this must be integrated with global threat intelligence capabilities to optimize effectiveness against the latest threats.
For cloud infrastructure and applications, MSSPs should offer clients:
- Managed security services with cloud access security broker (CASB) technologies for SaaS
- Cloud workload protection tools for IaaS
Complementing the above, endpoint detection and response capabilities protect the weakest link — usually endpoints and users, stopping threats before they can progress to inflicting real harm. Tying it all together should be the latest Security Orchestration Automation and Response (SOAR) capabilities, which is fed by high quality alerts enabled by machine learning and behavioral analytics.
At the tactical level, the right MSSP acts as a trusted security extension to your own team, offloading the large majority of the incident response effort. This is enabled by ticket integration options and flexible processes that fit with your own corporate standard operating procedures. And all this should be done quickly with an easy to deploy solution – nobody wants more work to do.
Finally, the right MSSP will optimize your limited budget, often at a cost less than a full-time employee. And most importantly, the right MSSP will leverage your existing security investments to optimize what you already have–not force you to buy or re-buy technologies that are already a part of your existing security stack.
Masergy offers solutions that combine technology, analytics, and threat response services all-in-one, so it’s easier to increase awareness and accelerate response while still taking the load off your IT staff. Contact us today to expand your security coverage without overburdening your resources.
Managed Security? We're here to answer all of your questions.
Call us now to arrange a consultation (866) 588-5885.
Or arrange for a consultation through our request form.
How does Cloud Access Security Broker (CASB) fit into the SASE paradigm?
CASB serves as of one of SASE’s fundamental purposes. Here’s how it works within a SASE framework to mitigate security risks.
The permanency of remote healthcare calls for UCaaS + SD‑WAN + Security
Healthcare IT leaders are reducing the complexity of digital transformation by addressing UC, the network, and security in one unified strategy.
Masergy Announces Zenith Partner of the Year Awards
Extending secure SD-WAN to secure SD-Branch: The convergence of WAN and LAN at the edge
SD-WAN is giving way for terms like SD-Branch. Understand the benefits and how SD-Branch is addressing security challenges at the network edge.
Network security and automation: Why you need user identity analytics now
Here’s a guide to understanding the value of user identity analytics and why these details are increasingly important for security today and network automation tomorrow.
Advancing SD-WAN security and control, Masergy introduces identity-based WAN analytics
SD-WAN management portals typically track only IP traffic for entire sites, but Masergy’s SD-WAN gives you per-user analytics as a standard offering.
The autonomous enterprise: Building your digital vision
Masergy's CTO, Chris MacFarland, teaches you how to reach the milestone of true autonomy. This article originally appeared in Forbes.
COVID-19: Prioritizing health & safety
Learn how Masergy is acting with urgency to protect employees, clients, and business continuity. We explain how Masergy helps clients respond and how he virtualized the company.
Masergy wins Stevie® award for Sales & Customer Service
How security threats are evolving now: the cause and effect on security strategy
How do you keep up with advanced threats? Explore the causes behind more frequent attacks and the assumptions your security strategy needs to make now.
20 things you didn’t know about Masergy
With 20 years of history, Masergy is full of fun factoids. Explore the pioneering moments, pivotal transformations, and tales from the startup days.
Masergy celebrates 20 years of success marked by service excellence and early SD-WAN innovation
Masergy’s biggest innovation milestones
2020 marks Masergy’s 20th anniversary. The celebration starts with our top innovation landmarks and where we’re going next.
Small beginnings, big impact: Terry Traina reflects on Masergy’s legacy
In celebration of Masergy’s 20th anniversary, we’re honoring our greatest leaders and key players. Here’s the story of Terry Traina, Masergy’s Chief Digital Officer.
Scrappy startup delivers leading network performance: Mark McCann explains Masergy’s early innovation
Fortinet & Masergy: The security-driven approach to SD-WAN
Here’s a fully managed SD-WAN solution that helps organizations truly transform the WAN edge with a security-driven approach.
Shadow IT: Getting the visibility you need
Think you only have 30-40 apps running on your network? It’s probably more like 900+. Here’s a quick guide to handling the blind spots of shadow IT.