IT leaders are increasingly aware of the security risks and resource limitations they’re up against today, which is why a large majority of mid-size companies lean on Managed Security Services Providers (MSSPs) or Managed Detection & Response (MDR) services to step up their security posture. These providers can be a big help given what companies face these days:
With this low starting point, you’d think it would be easy for an outside provider to step in and provide meaningful value. But the truth is that many MSSPs and MDR services fall short on the job. The biggest provider pitfalls include:
So, how do you ensure you’re getting the right combination of expertise, operational excellence and effective security tech stack all in one provider? This evaluation framework includes RFP questions to help you upgrade your provider.
Both MSSPs and MDR providers must be able to assist clients with a comprehensive approach — not just more alert-generating security products. An effective approach must entail:
What most mid-market leaders struggle with are sound security processes based on proven frameworks and focused on the specific risk management needs of the business. Worse, most companies don’t have any formal security program in place, based on a recognized framework, and that’s a fundamental roadblock for managing cyber risk. Gartner’s “Market Guide for Managed Security Services” sums this up well by advising that an effective security program is: “60% process, 30% expertise, and 10% technology.”
When it comes to a security attack, time is not on your side. The longer it takes your team to contain the threat, the more damage and cost to your business. And if 50% of your employees work from home it typically takes 58 days longer to identify and contain a breach. This explains why MSSPs and MDR providers must be able to quickly and efficiently detect, respond, and also recover.
Providers should also help clients build and improve their security program, aligning it with the customer’s chosen security framework. These are some of the most well-respected security frameworks, which should serve as a general game plan for your provider that the customer team has chosen to follow.
Key questions to ask
Having said that, most mid-market companies have already made significant security investments and it makes enormous financial and operational sense for the security provider to leverage these existing tools as much as reasonably possible. The goal: consolidate point solutions to create a holistic approach to security. Establish a unified threat management platform where all alert information and log data comes together and is evaluated by an advanced analytics engine and optimized to deliver a correlated picture of your security posture and prioritized list of identified threats.
Key questions to ask
Correlation is key to success, and SOAR tools help tie everything together. They serve as the glue that brings the strongpoints of each individual technology into one environment. SOAR systems are where incident analysis and triage are performed through a combination of AI-based intelligence and human investigation. Using SOAR, security teams define, prioritize, and drive standardized incident response activities through digital workflows. Moreover, they can leverage the technology to automatically respond to security threats, keeping analysts focused on only the most urgent and important events.
While SOAR is not always a customer-facing tool, it undoubtedly improves the efficiency and effectiveness of security analysts. It should be carefully implemented with critical decision points always landing upon the experience of the qualified analyst—not automation script. Look for evidence that the provider has thoughtfully implemented automation so that “mistake automation” isn’t also a consequence.
Any IT leader that finds themselves “pumping” or even “slamming the brakes” on their digital transformation initiatives every time a security issue comes to light likely doesn’t have the right security controls and program in place. Ultimately, the organization is responsible for committing the resources and leadership oversight needed to implement a formal security program. However, with a program in place, the provider should be a valuable asset to ensure the appropriate technology, process, and expertise is in place to proactively manage cyber risks that come with the digital transformation strategy.
For example, many mid-market companies are aggressively adopting Software as a Service, because it deploys quickly, is highly accessible for all stakeholders (including partners and customers), and minimizes demands on internal IT resources. However, SaaS also creates risks such as phishing attacks and data loss (e.g. work from anywhere, partners) that must be addressed proactively, otherwise it’s inevitable that a security breach will happen. A provider that offers CASB coupled with response services, understands these risks, and puts the appropriate security controls and practices in place for the organization, ensuring effective risk management and success of the digital transformation strategy. This enables executive confidence in their strategy and ultimately accelerates the business plan.
Like this article? Download the white paper and get all the RFP questions in PDF format.
There is a lot of confusion and overlap in the market regarding the different types of security services: Managed Security Services (MSS) versus Managed Detection & Response (MDR) versus Security Operations Centers (SOC) services or SOC as a service (SOCaaS). This guide can help untangle the differences. At the end of the day, Masergy covers all three of these arenas with security technology, expertise, and process all in one solution.
Masergy’s final prediction for 2022 is one of the most important. Here are our tips for breaking down silos and taking a holistic approach to security.
In our third prediction for 2022, Masergy foresees wider IT convergence, more collaboration, and more interconnected IT ecosystems.
Only the largest businesses can handle security 100% internally, but finding an MSSP can be hard. These tips come from Nemertes Research.