At a high level, managed security service providers tend to have the most affordable, low-maintenance cybersecurity offers on the market. At the opposite end of the spectrum, do-it-yourself cybersecurity tends to be costly, while also requiring a certain level of expertise to manage. Even the majority of enterprises find fault in the price of in-house SIEM management.
That’s not to say one method is superior to the other. Like any component of your IT infrastructure, the approach you take to cybersecurity must be contextual. It’s all about what works best for your business and its unique needs.
The question is, how do you know when to build or buy? And if you do settle on buying, which services should you use?
The buy versus build quandary
The immediate benefits of buying from an MSSP include:
- Low overhead.
- Speed and ease of deployment.
- Little to no in-house expertise needed.
As enticing as these qualities look on paper, there are caveats to the MSSP model, namely, control. In a recent SC Magazine webinar, Arctic Wolf Networks director of product marketing, Sridhar Karnam cited the most immediate tradeoff of buying over building as a lack of visibility and control. He also explained that MSSP offerings will typically charge according to “the depth and speed” of log data collections, which could be problematic for organizations that experience high volumes of network traffic.
Another possible drawback is that it’s somewhat more difficult for MSSPs to tailor their offerings to the unique needs of their clients. For some organizations, this wouldn’t necessarily be a concern, but in compliant industries such as health care, finance and legal, among others, it would be a deal breaker.
All of these are factors that need to be considered when choosing between the options of building out and managing your own cybersecurity strategy, or outsourcing to an MSSP.
So which MSSP offerings is best for your business?
“Giving total control to an MSSP would make some CISO’s spines shiver.”
Again, that’s really going to depend on the unique needs of an organization. Perhaps a small marketing firm would be content with a one-size-fits-all offering managed SIEM offering backed up by a few out-of-box security tools.
But a hospital or small health-care practice that uses many internet connected medical endpoints is operating under a very different set of circumstances. In theory, they can work with MSSPs; however, they need much more viability and control in order to be compliant with industry regulations. Furthermore, there’s so much at stake for health care organizations, banks, credit unions, law firms and so many other mid-market specialty areas. Just the thought of putting complete faith in the hands of an MSSP is enough to make a CISO’s spine shiver.
The problem with trying to do apples-to-apples comparisons between MSSPs is that there are just so many different offerings, and so many companies that claim to do the same better than the other guy. In the SC Magazine webinar, Karnam supplies more detailed insight into how to choose between them, and the types of signs and metrics to look for as you shop around for MSSPs.
Then of course, there’s the third, more novel option …
Maybe the best answer is no MSSP at all
For many organizations, cybersecurity is a private endeavor, and the task of shopping for MSSPs and then vetting them is simply too grueling to deal with. At the same time, a completely in-house threat detection and response strategy is too expensive for a bevy of reasons.
Of course you can’t not have cybersecurity strategy. But what you can do is work with a Managed Detection and Response (MDR) provider that can help you determine what tools you actually need in order to optimize your security posture to detect and respond to cyberthreats. The beauty of MDR is that SIEM is a non-issue, because a managed security operation center is part of the package. Instead of running the SOC like a managed SIEM, security engineers actually analyze log data, and then report back with an end-to-end explanation of a cyberthreat’s lifecycle.
Additionally, because MDR service providers actually do the work to supply this information, they can help you strengthen your overall cybersecurity strategy, as well as your incident response plan.
From here, deciding what services you actually need is a breeze.