Your security service provider needs an upgrade: RFP questions to find a true partner

Avatar for Jay BarbourBy Jay Barbour|Jan 4, 2022|7:30 am CST

IT leaders are increasingly aware of the security risks and resource limitations they’re up against today, which is why a large majority of mid-size companies lean on Managed Security Services Providers (MSSPs) or Managed Detection & Response (MDR) services to step up their security posture. These providers can be a big help given what companies face these days:

With this low starting point, you’d think it would be easy for an outside provider to step in and provide meaningful value. But the truth is that many MSSPs and MDR services fall short on the job. The biggest provider pitfalls include:

So, how do you ensure you’re getting the right combination of expertise, operational excellence and effective security tech stack all in one provider? This evaluation framework includes RFP questions to help you upgrade your provider.

Bang-for-your-buck: What an effective provider looks like

Both MSSPs and MDR providers must be able to assist clients with a comprehensive approach — not just more alert-generating security products. An effective approach must entail:

What most mid-market leaders struggle with are sound security processes based on proven frameworks and focused on the specific risk management needs of the business. Worse, most companies don’t have any formal security program in place, based on a recognized framework, and that’s a fundamental roadblock for managing cyber risk. Gartner’s “Market Guide for Managed Security Services” sums this up well by advising that an effective security program is: “60% process, 30% expertise, and 10% technology.”

Process: Evaluating a provider’s operations and service delivery

When it comes to a security attack, time is not on your side. The longer it takes your team to contain the threat, the more damage and cost to your business. And if 50% of your employees work from home it typically takes 58 days longer to identify and contain a breach. This explains why MSSPs and MDR providers must be able to quickly and efficiently detect, respond, and also recover.

Providers should also help clients build and improve their security program, aligning it with the customer’s chosen security framework. These are some of the most well-respected security frameworks, which should serve as a general game plan for your provider that the customer team has chosen to follow.

58 DAYS: The additional time it takes to identify and contain a breach when employees work remotely

Get a free consultation

Key questions to ask

Effective security programs are 60% process, 30% expertise, and 10% technology.

Get a free consultation

Expertise: Evaluating the ability to source and train security talent

The rubber meets the road with the quality of the providers’ security analysts. Analysts make or break the overall effectiveness of the managed security service.

Key questions to ask:

Technology: Expanding existing tools to create a consolidated tech stack

Over the last decade plus, the Managed Detection and Response service segment has sprung up because of the clear need. Nearly all organizations can use help — not just large enterprises. The highly asymmetric nature of cybersecurity has proven that protection strategies, while still mandatory, do regularly fail. Hence the need for catching the attacker’s kill chain with detection and response, before major damage is done in the form of data exfiltration. This requires a specific technology strategy.

While most large enterprises have the budget, expertise, and resources to figure out the required tech stack on their own, largely all mid-market companies cannot. Therefore, they rely on providers to bring these capabilities to the table in a manner that is non-disruptive, fast to deploy, and cost effective — not always an easy task.

Having said that, most mid-market companies have already made significant security investments and it makes enormous financial and operational sense for the security provider to leverage these existing tools as much as reasonably possible. The goal: consolidate point solutions to create a holistic approach to security. Establish a unified threat management platform where all alert information and log data comes together and is evaluated by an advanced analytics engine and optimized to deliver a correlated picture of your security posture and prioritized list of identified threats.

Key questions to ask

Understanding SOAR: Importance and Best Practices

Correlation is key to success, and SOAR tools help tie everything together. They serve as the glue that brings the strongpoints of each individual technology into one environment. SOAR systems are where incident analysis and triage are performed through a combination of AI-based intelligence and human investigation. Using SOAR, security teams define, prioritize, and drive standardized incident response activities through digital workflows. Moreover, they can leverage the technology to automatically respond to security threats, keeping analysts focused on only the most urgent and important events.

While SOAR is not always a customer-facing tool, it undoubtedly improves the efficiency and effectiveness of security analysts. It should be carefully implemented with critical decision points always landing upon the experience of the qualified analyst—not automation script. Look for evidence that the provider has thoughtfully implemented automation so that “mistake automation” isn’t also a consequence.

True partners should be effective business enablers

Any IT leader that finds themselves “pumping” or even “slamming the brakes” on their digital transformation initiatives every time a security issue comes to light likely doesn’t have the right security controls and program in place. Ultimately, the organization is responsible for committing the resources and leadership oversight needed to implement a formal security program.  However, with a program in place, the provider should be a valuable asset to ensure the appropriate technology, process, and expertise is in place to proactively manage cyber risks that come with the digital transformation strategy.

For example, many mid-market companies are aggressively adopting Software as a Service, because it deploys quickly, is highly accessible for all stakeholders (including partners and customers), and minimizes demands on internal IT resources. However, SaaS also creates risks such as phishing attacks and data loss (e.g. work from anywhere, partners) that must be addressed proactively, otherwise it’s inevitable that a security breach will happen. A provider that offers CASB coupled with response services, understands these risks, and puts the appropriate security controls and practices in place for the organization, ensuring effective risk management and success of the digital transformation strategy. This enables executive confidence in their strategy and ultimately accelerates the business plan.

Like this article? Download the white paper and get all the RFP questions in PDF format.

How Masergy has your security services covered

There is a lot of confusion and overlap in the market regarding the different types of security services: Managed Security Services (MSS) versus Managed Detection & Response (MDR) versus Security Operations Centers (SOC) services or SOC as a service (SOCaaS). This guide can help untangle the differences. At the end of the day, Masergy covers all three of these arenas with security technology, expertise, and process all in one solution.

Get a free consultation.

Interested in learning more about Managed Security?

Call us now to arrange a consultation (866) 588-5885.
Or arrange for a consultation through our request form.