Just two years ago, enterprises were spending more on security products than on security services–today it’s the reverse. According to Forrester research, in 2018 services overtook products in every spending bracket. But if you have a managed security services provider (MSSP), there’s a good chance you may not be getting the service you want and need. Several common pain points are illustrative of limitations with some MSSPs and are hampering the security value you should be getting from an MSSP. Here are the frequently encountered issues today and what the right partner can and should be doing to help strengthen your security posture.
All too often, MSSPs behave more like an alert factory, forwarding streams of alerts generated by security tools directly to the client, without doing adequate triage and assessment of the underlying security issue at hand. Client alert overload remains the problem, because MSSPs aren’t adequately addressing the incident response process. What’s really needed is for the MSSP take on more of the responsibility, addressing alert triage and incident resolution in order to free clients from this time consuming process. This way, clients can get back to tending to their core business.
MSSPs who are good at incident resolution:
The reality is that many mid-sized enterprises are struggling to get their security program maturity to the point where it can be effective at proactively managing cyber risks–instead of being in a continual reactive mode, only responding to the most obvious security issues of the day or week. Many of these enterprises are turning to MSSPs as a partner to provide expertise, process, and an outside perspective to help advance the maturity of their security programs. This requires MSSPs to make the right investments in helping the client on an ongoing basis. After all, new value-add opportunities open up as initial security concerns are addressed–the security mission is never complete.
MSSPs focused on security improvement should be able to:
The third pain point is related to the disappointing caliber of security analysts clients encounter when they need support. Anecdotally, I’ve heard multiple clients describing security analysts at big name MSSPs reading from scripts and decision trees, not really understanding what they are trying to achieve. People are considered 50% of the success equation, and the quality of the MSSP is fundamentally determined by the caliber and engagement level of the security analyst answering the client’s phone call. This is when critical decisions need to be made, and the stakes are too high for mistakes or inaction.
Critical factors for judging security talent include:
There are a number of MSSPs out there, and if you pick the right one, it will help you at the strategic level by helping you understand your own security maturity and to fix any security control gaps so you are actively managing cyber risk. A good MSSP has the right turn-key tools to provide the needed visibility, awareness, and controls to avoid any security “surprises” (saying it nicely) that nobody wants.
For network security monitoring, turn-key tools include:
All of this must be integrated with global threat intelligence capabilities to optimize effectiveness against the latest threats.
For cloud infrastructure and applications, MSSPs should offer clients:
Complementing the above, endpoint detection and response capabilities protect the weakest link — usually endpoints and users, stopping threats before they can progress to inflicting real harm. Tying it all together should be the latest Security Orchestration Automation and Response (SOAR) capabilities, which is fed by high quality alerts enabled by machine learning and behavioral analytics.
At the tactical level, the right MSSP acts as a trusted security extension to your own team, offloading the large majority of the incident response effort. This is enabled by ticket integration options and flexible processes that fit with your own corporate standard operating procedures. And all this should be done quickly with an easy to deploy solution – nobody wants more work to do.
Finally, the right MSSP will optimize your limited budget, often at a cost less than a full-time employee. And most importantly, the right MSSP will leverage your existing security investments to optimize what you already have–not force you to buy or re-buy technologies that are already a part of your existing security stack.
Masergy offers solutions that combine technology, analytics, and threat response services all-in-one, so it’s easier to increase awareness and accelerate response while still taking the load off your IT staff. Contact us today to expand your security coverage without overburdening your resources.