Debunking Cybersecurity Myths: Part VI—The Dangers of Relying on a Managed Security Service Provider

March 4, 2019 Todd Thiemann

Last time we cracked the myth about artificial intelligence and machine learning; now it’s time to tackle the subject of managed security service providers (MSSPs).

I hear frequent confusion at trade shows and in customer conversations around whether managed security services are the best fit for security operations. Managed security services have been around for more than 20 years, becoming ever-more prevalent as companies outsource management of infrastructure like firewalls, email gateways, and intrusion prevention systems (IPS). This has led to a misperception concerning what managed security service providers typically do for your security operations, including their abilities concerning managed detection and response (MDR).

Myth #6—A Managed Security Service Provider is the Best Fit for Security Operations

MSSPs typically have a menu of service options to maintain security infrastructure. Their focus is remote management of security devices. Their offerings are a mile wide and an inch deep in any particular area.

Monitoring Versus Managing

Effective MDR services require continuous monitoring, such as Arctic Wolf’s 24×7 monitoring services. MSSPs, however, focus on security devices such as SLA-based changes to firewall rules, and typically don’t provide 24×7 eyes-on-glass monitoring and threat hunting in your environment. For some MSSPs, 24×7 monitoring means network operations cventer (NOC) monitoring for networks, but NOCs are a different beast from security operations centers (SOCs) and security monitoring. MSSP management also typically covers an MSSP’s designated IT stack rather than your security infrastructure (antivirus, firewall, and etc.).

Detecting and Responding

MDR services reduce threat dwell time by accelerating how quickly analysts can detect a threat. That means enriching log data with threat intelligence, correlating events in a SIEM,  and threat hunting in your environment to find the bad stuff. This also means providing a holistic view of your attack surface by ingesting events from on-premises and cloud sources.  For instance, cloud assets like software-as-a-service (Office 365, G Suite, Salesforce, and so forth) or infrastructure-as-a-service (AWS, Azure).

The R in MDR is critical. Response with a SOC-as-a-service provides full context and details to promptly respond to an incident, not a response along the lines of, “Your house is on fire. Good luck putting it out.” MDR services provide detailed information so you understand the significance of the threat and how to effectively stomp it out. MDR services reduce the demand on IT teams by evaluating threats and minimizing the noise, only bringing your IT team into the fray when significant threats need their attention.

Know the Difference Between MDR and MSSP

Security operations require sifting through the noise to find real threats without disrupting important initiatives and endeavors by enterprise IT staff. Enterprises that use an MSSP risk sifting through a lot of false positives. Alternatively, MDR providers often provide outcomes that enable enterprise IT staff to quickly remediate threats.  To learn more about how MDR compares to MSSPs, download this white paper.



About the Author

Todd Thiemann

Todd Thiemann is a Product Marketing leader at Arctic Wolf Networks. He writes and engages in thought leadership on behalf of Arctic Wolf because, as he describes, Arctic Wolf is an innovative security startup that is radically changing how enterprises perform managed detection and response.

You might also be interested in...
Previous Article
All Things Cybersecurity on Display and in Discussion at RSA 2019
All Things Cybersecurity on Display and in Discussion at RSA 2019

Cybersecurity insiders and dilettantes alike came from near and far to San Francisco last week to RSA Confe...

Next Article
Meet the Wolf Pack at the 2019 RSA Conference
Meet the Wolf Pack at the 2019 RSA Conference

Arctic Wolf Networks (AWN) is excited to be a first-time exhibitor at the RSA 2019 Conference, March 4-8, a...


Get cybersecurity updates delivered to your inbox.

First Name
Last Name
Yes, I’d like to receive marketing emails from Arctic Wolf about solutions of interest to me.
I agree to the Website Terms of Use and Arctic Wolf Privacy Policy.
Thanks for subscribing!
Error - something went wrong!