Selecting an MSSP: Ask These Questions to Succeed
Managed security services providers (MSSPs) have risen in popularity. The recent report, “Security Advisory Services Market by Service Type – Global Forecast to 2022,” indicates that the security advisory services market is expected to grow nearly 20 percent annually from USD $5.77 billion in 2017 to USD $13.57 billion by 2022.
There are several factors driving an increase in MSSP demand, including the expense of maintaining 24×7 network and cloud visibility, the need for specialized equipment, capital expenses, and the shortage of trained cyber security personnel. MSSPs can close the gaps in these areas.
If you’re thinking about hiring an MSSP, but don’t know where to start, you’re not alone. Not all MSSPs are created equal, and none have identical offerings and capabilities. Selecting the best match for your business can be complex, so here are some essential questions to help you succeed.
What’s Your Staff’s Average Number of Years of Experience and Certifications?
Staffing costs are the number one reason to seek out MSSP help. Depending on your requirements, for the same cost of hiring one or two full-time analysts, you can get the expertise of an entire MSSP staff to keep an eye on your network and alert you to any issues.
Some things you should find out about your MSSP are what certifications their staff has, and the average number of years of experience on the team. Price is going to be a key factor, as retaining highly-talented, certified, and experienced analysts can be expensive. We recommend roughly five to eight years of average experience teamwide. In addition, a good rule of thumb is that at least 75 percent of their staff has completed rigorous technical certifications such as GCIH, GCIA, CCNP Security, or OSCP.
If you have someone technical on your team, you could ask more security-minded technical questions. Then again, it’s more likely than not that you’re seeking an MSSP because your team wouldn’t know a SQL injection if it hit them with decorative soaps.
Where is Your Security Operations Center (SOC) Located?
I recommend selecting an MSSP with at least one operations center in your home country of operation. Of course, this will depend on your data privacy requirements as well. For instance, are you comfortable with your company’s data leaving your home country? If your MSSP will provide onsite remediation services (sometimes this is included, but usually it comes at a cost), selecting a provider near your geographical location will be key.
What Was the Last Remediation You Performed and How was it Executed?
When the MSSP does find something malicious, who is responsible for taking action? Do they provide remediation services? If so, what actions are they allowed to perform? For example, can they block an inbound connection? If so, on which device?
If you and your IT staff perform the actual remediation with advisory assistance from your MSSP, you can retain administrative control over your devices.
What Type of Information Are You Pulling from Our Devices, and Where is it Going?
Your MSSP is most likely going to aggregate your logs and events from multiple systems in your environment. Typically, it’s an aggregation of ones, zeros, and the occasional alert. However, in some cases, it could include Privacy Act information or information you may deem business confidential.
Ask your candidate MSSP what kind of information they’ll be pulling from your devices and where that information will go. Some MSSPs’ security architecture will involve keeping your data on your premises. Keeping the information at your site is ideal. However, if they need to take it offsite, they should encrypt the data in transit and at rest at the storage location.
What Kind of Reports Will You Provide and How Often?
Ask your MSSP for a sample report or two, and get them to walk you through what type of information they report on. Find out if they can customize reports for you if and when you need them. If you fall under a compliance or regulatory scheme, remember that there are certain reports you’ll have to run periodically (i.e., account lockouts). Your MSSP should be able to provide all this for you.
Other questions you should consider: Is there a “self-help” function you can use to run a report yourself? How can your organization consume these reports?
When it comes down to it, try to brainstorm questions that revolve around the people, processes, and technology of the MSSP and how those functions align with yours. Finding an MSSP is like adopting a rescue puppy – sometimes you need to meet a few before you find the one that you want to take home.
For additional advice on how to select the right MSSP for your business, check out our best practices guide, “Top 10 Tips for Selecting an MSSP.”