The Top 5 Things to Look for in an MSSP: Don't settle for just 24/7 monitoring
- Thursday, August 18, 2016
Lainie Vande Woude
Director of Sales, MidAtlantic Region
Today’s businesses face a rapidly evolving security environment. This ever-shifting landscape requires businesses to reconsider how they protect themselves. For many businesses, partnering with a Managed Security Services Provider (MSSP) makes sense from the perspective of cost, capabilities, and resources. However, not all MSSPs are created equal.
Now, as much as any time over the past decade, businesses should ensure that who they partner with, the nature of services contracted, and how those services are delivered all make sense for them. Below are five points to help you evaluate whether MSSPs are properly positioned to protect your business in today’s security environment.
- Look beyond traditional. Established MSSPs are fine for traditional security. But today’s threats are increasingly non-traditional from the types of attacks and attackers to the multiplying threat vectors. So why rely on a traditional MSSP’s existing defenses when faced with non-conventional threats? Look for MSSPs that leverage more sophisticated, adaptive techniques. Proactive investigation and incident response should be part of the core offering. The ability to manage infrastructure you already have in place is also important from an ROI perspective.
- Keep your data close. Cyber security best practice is to keep your data inside your own environment. Why increase risk by extending your perimeter to the MSSP? Instead, have the MSSP’s security program integrate with your program, leveraging any existing investments you've made (i.e., your SIEM or NSM) and using your data kept in house and on site. Look for an MSSP that won’t long haul your data offsite while still providing the capability for long-term historical and trend analysis.
- Know your team…by name. Your MSSP should be an extension of your IT team. The MSSP team should know your team and understand your business. And you should know by name the security analysts who regularly protect your business. Look for an MSSP that provides a shared services model. This will increase collaboration between your in-house team and the MSSP, while enabling a select handful of analysts to become deeply familiar with your business. A security analyst’s in-depth knowledge of a specific IT environment is often key to recognizing sophisticated attacks.
- Balance flexibility and effectiveness. Adversaries don’t attack your resources according to gold, silver, and platinum levels. Nor do they attack only during business hours. So how effective will defenses structured this way really be? The goal should be to shorten the window of compromise and triage, without affecting the business, regardless of the timing or sophistication of the attack. Make sure your MSSP balances flexibility and effectiveness in its delivery model.
- Seek relevance in threat intelligence. Security eats, drinks, and breathes data - 24/7/365. It digests this massive quantity of raw data and produces intelligence, far more than most people can read. Seventy percent of it appears to be similar, with critical differences in the details. What your business really needs more than information quantity is automation and quality guidance - actionable advice to protect your business so you can get on with business. Work with an MSSP that helps you achieve this both efficiently and effectively by automating the management of many types of threat intelligence, correlating it, ranking it to identify indicators of compromise, and then providing concrete advice on actionable defenses. Relevance should be the watchword.
For more information on Raytheon Foreground Security’s approach to protecting your business in today’s security environment, click here.