Services are the fastest growing segment of the cybersecurity market—and for good reason. Because these providers allow them to realize cost efficiencies and scalability, many organizations now outsource the bulk if not all of their IT functions.
Services such as managed security services providers (MSSPs) and managed detection and response (MDR) are a great way to improve your security posture when you operate with a limited staff or budget. Before you engage a provider, however, you need to understand what option is most viable for your organization.
Understand MSSP Differentiators and Limitations
MSSPs are often considered when organizations think about for their outsourcing needs. A few considerations to keep in mind when you evaluate MSSP options include:
Hidden costs and fees
Some providers charge based on log volume or other variables. This makes it difficult for you to budget because you can far exceed your typical costs if you have unexpected spikes in activity.
Liability and responsibility for threat detection and response
Many MSSPs don't offer threat detection and response as part of their services. That means you're still liable for this function in-house, or need to engage an additional vendor.
When you outsource services, you depend on knowledgeable vendors who can provide answers. Understanding communication processes and whether you get dedicated services will help you avoid frustration when you need that expertise.
Customization and reporting
For certain industries, regulatory compliance can be critical to your bottom line. Consider whether the MSSP offers custom reports tailored to your industry.
Technology platform and its credibility
Many traditional tools like legacy antivirus are no longer effective against today's advanced threats. Work with a provider that uses a state-of-the-art technology stack that addresses the latest threats.
Exception handling and incident response capability
Incidents are inevitable no matter how strong your cybersecurity is. When they happen, will you need to rely on additional providers, or does the MSSP have the capability to quickly provide this next level of support?
Engagement and communication
Get assurances that when you have a question or an issue, the lines of communication will stay open so things are addressed promptly.
Top 9 Questions to Ask an MSSP
1. What are your security staff hiring and training practices?
If you view your managed services provider as an extension of your team, you need to understand who deploys and manages your security. Who are the experts you’ll interact with regularly and what kind of ongoing training do they receive?
Additionally, find out how the MSSP retains its staff. With today’s cybersecurity talent shortage, security professionals are able to change jobs frequently—a high turnover will be detrimental to the quality of the service you receive.
2. Will I have a dedicated team of experts?
Working with a dedicated team has tremendous advantages. Such experts build relationships with you and get to understand your business and challenges, which makes the action they take more effective.
You also need to know if you get a dedicated security engineer without a tiering system. If not, are you comfortable working with different individuals on every tier, especially since they don't know your business?
3. What is your supply-chain vendor selection process?
Ask about the supporting technologies the provider uses and the integrations it has made. How are they maintained and updated?
Your IT landscape always evolves, and you update your devices and systems regularly. Work with a security vendor that can keep up with these changes. If the MSSP still uses a legacy platform, that's an immediate red flag signaling for you to look elsewhere.
4. What is your typical SLA and incident response plan?
Mean time to detect (MTTD) and mean time to respond (MTTR) are two critical metrics in cybersecurity. What's the MSSP's service-level commitment in these areas—and will it meet your needs?
Research shows that a lengthy incident and data breach lifecycle can be very costly to the overall health of a business. If the security service doesn't monitor and investigate alerts in real time, doesn't integrate threat intelligence, and doesn't supplement human analysts with artificial intelligence capabilities, it's not doing enough to maintain a short detection and response cycle.
5. How do I know the service is working and keeping my organization secure?
Your goal is to make sure that your security service works for you and that you make timely adjustments. Understand how, when, and what will be reviewed.
Getting hundreds of reports from your vendor every month is not good enough. Nor is it helpful if you don't have the time and resources to understand them.
In fact, you can generate reports yourself with off-the-shelf tools. However, the true value of a security service comes not from more reports, but from more actionable intelligence that you receive in real time.
6. Will I need to implement new security technology?
Cost-savings is one of the main advantages of outsourcing security. Yet some providers require you to implement additional tools, rather than adjusting their own to your environment.
If the MSSP requires you to invest in new technology, your savings can go out the window. Look for a vendor whose technology stack fits your IT system requirements.
7. Do you conduct your own threat hunts?
Point-in-time scanning of signatures doesn't keep up with advanced threats, and proactive threat hunting is an important component of mature security services.
MSSPs that provide 24/7 automated tools without 24/7 human analysts—or only react to threats rather than hunt them proactively—may not be well-positioned to handle the constantly evolving threat landscape.
8. How much will this cost?
Consider whether the MSSP has predictable pricing. A fixed recurring price that's based on your attack surface rather than your log volume or other variable factors helps you budget appropriately while avoiding unexpected or hidden costs.
9. What is my exit strategy?
Managed security is a long-term relationship. You hand over the keys to your kingdom, which requires you to trust the partnership. However, business priorities change, mergers and acquisitions happen, and you may need an exit plan.
Understand the costs, fees, business impact, data formats and ownership, and continued support during such a transition. The more you know about the exit plan, the better you can trust your managed security vendor.
Bottom Line: Is an MSSP Right for You? Or Should You Turn to MDR?
Many MSSPs do not have the technology capabilities to effectively detect threats. What’s more, even when they're able to detect threats, the technology they rely on often limits the context required to effectively analyze and respond to threats.
Managed detection and response (MDR) is another managed security option. MDR providers employ different foundational technologies. They leverage cloud technologies, machine learning, and big data to provide more advanced techniques, such as network- and host-based tools that act as internet gateways while collecting internal logs, network flows, and traffic.
When evaluate your service options, keep these differentiators in mind. These considerations will help you select a partner who's the best fit for your organization. To learn more, read our white paper.