A Guide to Finding a Trusted MSSP

MSSPs can be essential in helping organizations complete their security posture. Here’s what to look for.

Enterprises often lack the internal resources to do security right, especially considering tasks and responsibilities are ever-expanding. Internal network activity, endpoints and remote users must all be continuously monitored for a potential security compromise. This requirement for ongoing focus leaves massive amounts of information for enterprise security teams to decipher and little time to actually react. 

Enter managed security service providers (MSSPs). 

Increasingly, enterprises are hiring MSSPs to fight cyber attacks for them—asking partners to act on identified threats in place of their internal personnel. Although this offering has helped free up internal resources for many organizations, trust is an essential component. Here are some guidelines to help you determine which MSSP is the best fit for your organization: 

Key Criteria

MSSPs take traditional managed security monitoring services one step further, actually acting on behalf of the customer (the in-house IT team) to mitigate the threats. When shopping for these extended services, it’s important to look for providers who will act as a natural extension of the internal team and are willing to design a program and processes around existing security operations. Customizable service level agreements and customized reporting processes enable organizations to design their own program and success metrics and receive reports that present data in the ways that make the most sense for executives.

It’s also important that the MSSP has response plans in place that incorporate threat intelligence to respond quickly and effectively to various situations. These threat response playbooks should be maintained and continually updated, blending a company’s customized response process and best practices as a go-to guidebook.

Must-Have Tools and Services

To make the fastest, most accurate threat evaluation, security analysts need insight into historical network activity as well as real-time information. This is why complete network visibility can reduce the amount of time it takes the MSSP to assess threats and react. Advanced visibility tools mean faster service across all stages: threat awareness, examination, identification, confirmation and response.

When it comes to network visibility technology, companies should look for:

  • Tools that show real-time activity by location, application and user.
  • Machine learning and behavioral analytics that use algorithms to rapidly identify anomalous outliers and pinpoint suspicious activity happening inside the network.
  • Integrated endpoint detection and response (EDR) capabilities—beyond just antivirus or anti-malware software, these tools help find and isolate compromised endpoints before any real damage is inflicted.
  • Integrated security and network analytics—the most advanced providers unite security and network analytics into a single dashboard, providing a holistic view of consolidated information for the highest level of insights.

Flexible Capabilities Addressing SD-WAN, Cloud and On-Premises Environments

A partner’s security capabilities should be able to cover an organization’s full IT infrastructure—including on-premises, cloud and hybrid environments. Enterprises are required to secure the cloud applications and services they use, but with a long list of officially sanctioned and unmanaged Shadow IT tools, security is not always easy. That’s why a Cloud Access Service Broker (CASB) is helpful. CASBs are designed to work with any SaaS applications, enabling detection and response for cloud apps. 

Additionally, cloud-first strategies and migration to IaaS/PaaS can make security complex because traditional security tools don’t work well in the cloud. But many MSSPs are making cloud workload protection far easier with solutions that monitor servers, virtual machines, cloud operating systems and containers. These monitoring services deploy automatically and receive updated security policies every 60 seconds from the SaaS-based management platform. This way, the MSSP can identify misconfigurations, vulnerabilities or indicators of compromise and act accordingly in response.

The world is abuzz with artificial intelligence, machine learning and behavioral analytics that get closer to simulating human decision-making. While modern technologies add immense value to defense mechanisms, these advances shouldn’t overshadow the continued importance of human talent. Still considered at least 50% of the success equation, experienced security professionals remain the single most valuable element in strengthening any enterprise security posture. As such, the human factor should be a mainstay in decision-making criteria.

Featured eBook
SANS 2019 Threat Hunting Survey: The Differing Needs of New and Experienced Hunters

SANS 2019 Threat Hunting Survey: The Differing Needs of New and Experienced Hunters

SANS threat hunting experts Mathias Fuchs and Joshua Lemon capture the different needs within organizations that are just starting their threat hunting journey, versus those who are honing their skills and programs. Read the report to help grow your program and improve threat hunting with: Definitions of threat hunting Methodologies of performing threat hunting Spending ... Read More
Authentic8
Craig DAbreo

Craig DAbreo

Craig oversees the managed security, threat intelligence and security professional services departments at Masergy. He is responsible for Masergy’s proactive enterprise cybersecurity threat management and operations program. Craig holds a bachelor’s degree in computer science and an MBA in information security. He is a Certified Information Security Systems Professional (CISSP) with over a decade of experience in the security industry and holds various network security certifications. He has written on various security blogs, spoken on a range of industry panels and is a recognized thought leader in the cybersecurity space.

craig-dabreo has 2 posts and counting.See all posts by craig-dabreo