The rationale behind choosing a managed security services provider (MSSP) can be numerous, but one of the primary reasons is to overcome the cybersecurity skills shortage. Finding the right talent in cybersecurity and retaining skilled professionals once they’ve been trained is very difficult.
There are other challenges worth highlighting when considering outsourcing to an MSSP. One is that service descriptions are very complex and difficult to understand. For example, service level agreements (SLAs) can be a challenge to compare, such as what is included and what’s not.
Customers often have limitations in terms of what they need, what they ask and what they look for in an MSSP relationship. Customers must have a clear understanding about what the MSSP will deliver versus what resources you need to deliver.
It is therefore very important to understand:
What does a threat detection service from an MSSP normally look like? An ideal MSSP service should be built around the SOC Visibility Triad model, which was introduced by Gartner. The triad combines network detection and response (NDR), endpoint detection and response (EDR) and event logs, which are commonly handled via a SIEM. Using this model, MSSPs can correlate and provide incident notifications in a reporting portal.
There are other MSSP services that can be procured, but the surge in threat detection services is estimated to receive a majority of investments according to several research firms, such as Gartner, IDC and Forrester.
To anticipate the dynamics and responsibilities between you and your MSSP, it is advisable to consider a few scenarios:
To wrap up, always consider dedicating a project manager to oversee the implementation, no matter which area you start in. Also ensure to have monthly operations meetings with your MSSP and quarterly business reviews. This will enable you to think strategically about how to build out a productive working relationship and identify new areas of improvement in the service as well as its overall value.
Henrik Davidsson is director of sales business development at Vectra, where he is responsible for customer value creation & managed service providers. He has over 15 years’ experience in working with large enterprises, service providers and always stays in the frontline of new security challenges and coaching end customers and partners alike on how to augment their security posture and cyber resilience. Henrik has held leading position at companies such as Cisco, Juniper Networks, VMware, FireEye and NTT Security.