IT leaders are increasingly aware of the security risks and resource limitations they’re up against today, which is why a large majority of mid-size companies lean on Managed Security Services Providers (MSSPs) or Managed Detection & Response (MDR) services to step up their security posture. These providers can be a big help given what companies face these days:
With this low starting point, you’d think it would be easy for an outside provider to step in and provide meaningful value. But the truth is that many MSSPs and MDR services fall short on the job. The biggest provider pitfalls include:
So, how do you ensure you’re getting the right combination of expertise, operational excellence and effective security tech stack all in one provider? This evaluation framework includes RFP questions to help you upgrade your provider.
Both MSSPs and MDR providers must be able to assist clients with a comprehensive approach — not just more alert-generating security products. An effective approach must entail:
What most mid-market leaders struggle with are sound security processes based on proven frameworks and focused on the specific risk management needs of the business. Worse, most companies don’t have any formal security program in place, based on a recognized framework, and that’s a fundamental roadblock for managing cyber risk. Gartner’s “Market Guide for Managed Security Services” sums this up well by advising that an effective security program is: “60% process, 30% expertise, and 10% technology.”
When it comes to a security attack, time is not on your side. The longer it takes your team to contain the threat, the more damage and cost to your business. And if 50% of your employees work from home it typically takes 58 days longer to identify and contain a breach. This explains why MSSPs and MDR providers must be able to quickly and efficiently detect, respond, and also recover.
Providers should also help clients build and improve their security program, aligning it with the customer’s chosen security framework. These are some of the most well-respected security frameworks, which should serve as a general game plan for your provider that the customer team has chosen to follow.
Key questions to ask
The rubber meets the road with the quality of the providers’ security analysts. Analysts make or break the overall effectiveness of the managed security service.
Key questions to ask:
Over the last decade plus, the Managed Detection and Response service segment has sprung up because of the clear need. Nearly all organizations can use help — not just large enterprises. The highly asymmetric nature of cybersecurity has proven that protection strategies, while still mandatory, do regularly fail. Hence the need for catching the attacker’s kill chain with detection and response, before major damage is done in the form of data exfiltration. This requires a specific technology strategy.
While most large enterprises have the budget, expertise, and resources to figure out the required tech stack on their own, largely all mid-market companies cannot. Therefore, they rely on providers to bring these capabilities to the table in a manner that is non-disruptive, fast to deploy, and cost effective — not always an easy task.
Having said that, most mid-market companies have already made significant security investments and it makes enormous financial and operational sense for the security provider to leverage these existing tools as much as reasonably possible. The goal: consolidate point solutions to create a holistic approach to security. Establish a unified threat management platform where all alert information and log data comes together and is evaluated by an advanced analytics engine and optimized to deliver a correlated picture of your security posture and prioritized list of identified threats.
Key questions to ask
Correlation is key to success, and SOAR tools help tie everything together. They serve as the glue that brings the strongpoints of each individual technology into one environment. SOAR systems are where incident analysis and triage are performed through a combination of AI-based intelligence and human investigation. Using SOAR, security teams define, prioritize, and drive standardized incident response activities through digital workflows. Moreover, they can leverage the technology to automatically respond to security threats, keeping analysts focused on only the most urgent and important events.
While SOAR is not always a customer-facing tool, it undoubtedly improves the efficiency and effectiveness of security analysts. It should be carefully implemented with critical decision points always landing upon the experience of the qualified analyst—not automation script. Look for evidence that the provider has thoughtfully implemented automation so that “mistake automation” isn’t also a consequence.
Any IT leader that finds themselves “pumping” or even “slamming the brakes” on their digital transformation initiatives every time a security issue comes to light likely doesn’t have the right security controls and program in place. Ultimately, the organization is responsible for committing the resources and leadership oversight needed to implement a formal security program. However, with a program in place, the provider should be a valuable asset to ensure the appropriate technology, process, and expertise is in place to proactively manage cyber risks that come with the digital transformation strategy.
For example, many mid-market companies are aggressively adopting Software as a Service, because it deploys quickly, is highly accessible for all stakeholders (including partners and customers), and minimizes demands on internal IT resources. However, SaaS also creates risks such as phishing attacks and data loss (e.g. work from anywhere, partners) that must be addressed proactively, otherwise it’s inevitable that a security breach will happen. A provider that offers CASB coupled with response services, understands these risks, and puts the appropriate security controls and practices in place for the organization, ensuring effective risk management and success of the digital transformation strategy. This enables executive confidence in their strategy and ultimately accelerates the business plan.
Like this article? Download the white paper and get all the RFP questions in PDF format.
There is a lot of confusion and overlap in the market regarding the different types of security services: Managed Security Services (MSS) versus Managed Detection & Response (MDR) versus Security Operations Centers (SOC) services or SOC as a service (SOCaaS). This guide can help untangle the differences. At the end of the day, Masergy covers all three of these arenas with security technology, expertise, and process all in one solution.
Call us now to arrange a consultation (866) 588-5885.
Or arrange for a consultation through our request form.
Learn about what business leaders should do to create a technology-forward, future-ready enterprise.
What is EDR and how is different from XDR? Masergy explains that and more.
Zero Trust Network Access gets mixed up with Zero Trust and SASE. Understand the differences and how it strengthens security.
Companies today have more security weaknesses. Explore three common blindspots and how to turn on the light switch.
The best digital strategies foster an IT ecosystem where checks and balances allow emerging technologies to synthesize with security and the network.
A company applying for a cyber insurance policy must demonstrate that it has effective cybersecurity policies and countermeasures in place.
Security for cloud migration is the new imperative. Forrester’s best practices report includes these four key guidelines.
The accelerated transformation has spurred new governance phases. Rebalance innovation and security by putting these checks and balances in place.
How sustainable is your hybrid work strategy? It's time to unite the disciplines of connectivity, cybersecurity and collaboration.
As a leading managed security services provider, Masergy earns one of Cyber Defense Magazine’s most prestigious awards. Here’s why.
Comcast Business and Masergy have joined forces - We are your one provider for all your secure networking needs.
Masergy succeeds in making remote work actually work well for IT teams in the long run.
Masergy's Trevor Parks talks to Cybernews about security threats in modern multi-cloud environments.
The catalogue of security services abbreviations keeps getting longer. Here are some quick definitions and tips to help compare offerings.
The “Log4Shell" or “Log4j/Shell” vulnerability is one of the most serious cyber threats in recent history. Why is it such a serious concern and what can you do about it?
A growing number of cyberattacks and the explosion of hybrid work have pushed security resources to the brink, exposing the need for more managed services backed by machine learning.