Among the many crises facing cybersecurity today—the continual evolution of malware, the constant data breaches and security exploits, the increase in state-sponsored threat actors—the most dire might be the staffing issue and evaporating talent pool in the field. Enterprises and small-to-medium sized businesses (SMBs) alike are having trouble finding the staff and leaders they need to manage their cybersecurity needs. Even if they do have a dedicated InfoSec team, that team may be severely overworked, understaffed, and unprepared for the task at hand.
Perhaps unsurprisingly then, more and more companies are utilizing Managed Security Service Providers (MSSPs) to help them patch the gaps in their InfoSec platforms.
A MSSP can conduct the oversight and administration of your cybersecurity, either in-house or remotely via cloud services. Some MSSPs specialize in SIEM or identity management exclusively, whereas others are fully integrated solutions. Both types are designed to provide security expertise and capable staff to manage security processes for your enterprise while being minimally intrusive to everyday business processes. They can provide continual monitoring and keep your platforms up-to-date automatically—all of which can help relieve the burden on your own staff and save you money and energy.
But are you ready to select an MSSP solution? Is your enterprise prepared to transition to an MSSP? Here are the top 4 questions you need to ask first:
1. How am I utilizing my current cybersecurity staff?
As said above, MSSPs can relieve the burden on overworked cybersecurity staffs trying to keep up with the demands of modern enterprises. If you do have InfoSec talent on hand (which you may not), you need to consider what that staff is most preoccupied with before you select an MSSP.
How much intellectual and physical bandwidth does your cybersecurity staff have on hand? Are they capable of staying up to date with SIEM maintenance? Or application permissions auditing? Are they primarily focused on an assigned task, such as compliance? Asking these questions will be crucial to determining where you enterprise is most vulnerable and if an MSSP is necessary in the first place. Which ties into…
2. What kind of MSSP do I need?
Is there a broad security gap you need filled– such as, for example, not having a cybersecurity team on hand? Or a team that doesn’t have the time for proper SIEM deployment and management? Or do you need something more specialized, like protection from denial-of-service attacks? You may not need a full-suite MSSP if you have staff working on certain aspects of cybersecurity but are neglecting others.
Looking at MSSPs more broadly, do you need an MSSP with a global presence to handle your enterprise’s needs? Or will a more local option suffice for your SMB? The answer to these question can help you save in the long run.
3. How will this MSSP handle deployment? And how will my enterprise prepare for it?
Deployment is a crucial aspect to any solution, especially a managed one. Therefore it is crucial to evaluate how your MSSP candidates deploy their solutions. Are they entirely cloud-based, and if so can your company handle that? How quickly will your MSSP be able to deploy their solution across your enterprise? Will it take months? Weeks? What might delay the deployment, and will the MSSP need to deploy in stages across your business?
These questions are important because you will need to make sure you have some continuity with your current cybersecurity policies and platform, and that your staff and employees are prepared to work within the new system. Otherwise you may to deal with confusion that leaves you vulnerable.
4. How will your MSSP line up with your needs in one year? Five years?
This is a question we ask whenever you’re considering a solution, and a managed security solution is no different. Selecting a solution is always a huge decision, and you want to make sure you do so carefully. Attempting to patch problems quickly through disparate solutions can leave you with a patchwork without the coordination to really catch malicious activity in time.
Is this MSSP just another part of your cybersecurity platform? Is this meant to be a long-term solution, or a temporary one as you build your own extensive InfoSec team? Are you interested in fostering a bring-your-own-devices culture, and will your MSSP fit into that plan? Or with a transition to the cloud?
If you intend to bring your enterprise into the era of digital transformation, having an MSSP to cover your cybersecurity needs will be a huge first step. But make sure you take that first step with a defined path ahead…or risk a mis-step.
If you are considering an MSSP, you might want to download this Managed Security Service Provider Success Checklist, courtesy of SIEM vendor AlienVault.
Latest posts by Ben Canner (see all)
- Top Ten LinkedIn Groups for SIEM and Security Analytics Professionals - October 18, 2018
- New Deloitte Poll Suggests Incident Response Plan Ignorance - October 16, 2018
- Solutions Review Releases SIEM Vendor Map To Assist Enterprise Decision-Makers - October 15, 2018