The Top 9 Questions to Ask an MSSP

Share :

Services are the fastest growing segment of the cybersecurity market – and for good reason. Because these providers allow them to realise cost efficiencies and scalability, many organisations now outsource the bulk – if not all – of their IT functions.

Services such as managed security services providers (MSSPs) and managed detection and response (MDR) are a great way to improve your security posture when you operate with a limited staff or budget. Before you engage a provider, however, you need to understand which option is most viable for your organisation.

Understand MSSP Differentiators and Limitations

MSSPs are often considered when organisations think about their outsourcing needs. A few considerations to bear in mind when you evaluate MSSP options include:

Hidden costs and fees

Some providers charge based on log volume or other variables. This makes it difficult for you to budget because you can far exceed your typical costs if you have unexpected spikes in activity.

Liability and responsibility for threat detection and response

Many MSSPs don’t offer threat detection and response as part of their services. That means that you’re still liable for this function in-house or need to engage an additional supplier.

Support tiers

When you outsource services, you depend on knowledgeable suppliers who can provide answers. Understanding communication processes and whether you get dedicated services will help you to avoid frustration when you need that expertise.

Customisation and reporting 

For certain industries, regulatory compliance can be critical to your bottom line. Consider whether the MSSP offers custom reports tailored to your industry.

Technology platform and its credibility

Many traditional tools, such as legacy antivirus, are no longer effective against today’s advanced threats. Work with a provider that uses a state-of-the-art technology stack that addresses the latest threats.

Exception handling and incident response capability

Incidents are inevitable no matter how strong your cybersecurity is. When they happen, will you need to rely on additional providers, or does the MSSP have the capability to quickly provide this next level of support?

Engagement and communication 

Get assurances that when you have a question or an issue, the lines of communication will stay open so that things are addressed promptly.

Top Nine Questions to Ask an MSSP

1. What are your security staff hiring and training practices?

If you view your managed services provider as an extension of your team, you need to understand who deploys and manages your security. Who are the experts that you’ll interact with regularly and what kind of ongoing training do they receive?

Additionally, find out how the MSSP retains its staff. With today’s cybersecurity talent shortage, security professionals are able to change jobs frequently – a high turnover will be detrimental to the quality of the service that you receive.

2. Will I have a dedicated team of experts?

Working with a dedicated team has tremendous advantages. Such experts build relationships with you and get to understand your business and challenges, which makes the action they take more effective.

You also need to know if you get a dedicated security engineer without a tiering system. If not, are you comfortable working with different individuals on every tier, especially since they don’t know your business?

Five cybersecurity employees in a data center.

3. What is your supply-chain supplier selection process?

Ask about the supporting technologies that the provider uses and the integrations it has made. How are they maintained and updated?

Your IT landscape is constantly evolving and you update your devices and systems regularly. Work with a security supplier that can keep up with these changes. If the MSSP still uses a legacy platform, that’s an immediate red flag signaling for you to look elsewhere.

4. What is your typical SLA and incident response plan?

Mean time to detect (MTTD) and mean time to respond (MTTR) are two critical metrics in cybersecurity. What’s the MSSP’s service-level commitment in these areas and will it meet your needs?

Research shows that a lengthy incident and data breach lifecycle can be very costly to the overall health of a business. If the security service doesn’t monitor and investigate alerts in real time, doesn’t integrate threat intelligence and doesn’t supplement human analysts with artificial intelligence capabilities, it’s not doing enough to maintain a short detection and response cycle.

Only 52.6% of organizations had an MTTD of less than 24 hours.

5. How do I know the service is working and keeping my organisation secure?

Your goal is to make sure that your security service works for you and that you make timely adjustments. Understand how, when and what will be reviewed.

Getting hundreds of reports from your supplier every month is not good enough. Nor is it helpful if you don’t have the time and resources to understand them.

In fact, you can generate reports yourself with off-the-shelf tools. However, the true value of a security service comes not from more reports, but from more actionable intelligence that you receive in real time.

6. Will I need to implement new security technology?

Cost-savings is one of the main advantages of outsourcing security. Yet some providers require you to implement additional tools, rather than adjusting their own to your environment.

If the MSSP requires you to invest in new technology, your savings can go out of the window. Look for a supplier whose technology stack fits your IT system requirements.

7. Do you conduct your own threat hunts?

Point-in-time scanning of signatures doesn’t keep up with advanced threats, and proactive threat hunting is an important component of mature security services.

MSSPs that provide 24/7 automated tools without 24/7 human analysts – or only react to threats rather than hunt them proactively – may not be well-positioned to handle the constantly evolving threat landscape.

8. How much will this cost?

Consider whether the MSSP has predictable pricing. A fixed recurring price that’s based on your attack surface rather than your log volume or other variable factors helps you to budget appropriately while avoiding unexpected or hidden costs.

9. What is my exit strategy?

Managed security is a long-term relationship. You hand over the keys to your kingdom, which requires you to trust the partnership. However, business priorities change, mergers and acquisitions happen and you may need an exit plan.

Understand the costs, fees, business impact, data formats and ownership, plus continued support during such a transition. The more you know about the exit plan, the better you can trust your managed security supplier.

The Top 9 Questions to ask an MSSP graphic with headlines from the nine entries in the article.

Bottom Line: Is an MSSP Right for You? Or Should You Turn to MDR?

Many MSSPs do not have the technology capabilities to effectively detect threats. What’s more, even when they’re able to detect threats, the technology they rely on often limits the context required to effectively analyse and respond to threats.

Managed detection and response (MDR) is another managed security option. MDR providers employ different foundational technologies. They leverage cloud technologies, machine learning and big data to provide more advanced techniques, such as network- and host-based tools that act as internet gateways, while collecting internal logs, network flows and traffic.

When evaluating your service options, keep these differentiators in mind. These considerations will help you to select a partner who’s the best fit for your organisation. To learn more, read our white paper.

Arctic Wolf

Arctic Wolf

Arctic Wolf provides your team with 24x7 coverage, security operations expertise, and strategically tailored security recommendations to continuously improve your overall posture.
Share :
Table of Contents
Categories