Guarding your network
5 Things to Look for in a Managed Security Services Provider
Malware. Phishing. Denial of service attacks. Data exfiltration.
To protect themselves from these digital-era threats, many organizations partner with a Managed Security Services Provider. It makes sense from the perspective of cost, capabilities and resources, but not all MSSPs are created equal.
Below are five tips to help you evaluate whether a provider is properly positioned to protect your business in today’s security environment.
1. Look beyond the traditional. Today's threats are increasingly non-traditional — from the types of attacks and attackers to the multiplying threat vectors. So why rely on a traditional MSSP’s existing defenses when faced with non-conventional threats? Look for MSSPs that leverage more sophisticated, adaptive techniques. Proactive investigation and incident response should be part of the core offering. The ability to manage infrastructure you already have in place is also important for return on investment.
2. Keep your data close. A cybersecurity best practice is to keep your data inside your own environment. Why increase risk by extending your perimeter to the MSSP? Instead, have the MSSP’s security program integrate with your program, working with any existing investments you've made, like a Security Information and Event Management tool, and using your data in house and onsite. Look for an provider that won’t long-haul your data offsite while still providing long-term historical and trend analysis.
3. Know your team…by name. Your provider should be an extension of your IT team. The MSSP team should know your team and understand your business. And you should know by name the security analysts who regularly protect your organization. Look for an MSSP that provides a shared services model. This will increase collaboration between your in-house team and your provider, while enabling a select handful of analysts to become deeply familiar with your business. A security analyst’s in-depth knowledge of a specific IT environment is often key to recognizing sophisticated attacks.
4. Balance flexibility and effectiveness. Adversaries don’t attack your resources according to gold, silver, and platinum levels. Nor do they attack only during business hours. So how effective will defenses structured this way really be? The goal should be to shorten the window of compromise and triage, without affecting the business, regardless of the timing or sophistication of the attack. Make sure your MSSP balances flexibility and effectiveness in its delivery model.
5. Seek relevance in threat intelligence. Security eats, drinks and breathes data — 24/7/365. It digests raw information and produces intelligence, far more than most people can read. Seventy percent of it appears to be similar, with critical differences in the details. What your business really needs more than information quantity is automation and quality guidance — actionable advice so you can get on with business. Work with a provider that helps you achieve this both efficiently and effectively by automating the management of many types of threat intelligence, correlating it, ranking it to identify indicators of compromise, and then providing concrete advice on actionable defenses. Relevance should be the watchword.
This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations. E16-TJ2Z
Last Updated: 09/30/2016