TThe rationale behind choosing
to outsource elements of your
cybersecurity operations to a managed
security services provider (MSSP) can
be numerous. For one, organisations
are increasingly transforming into ‘digital
businesses’, where almost all of their
operations are conducted online –
documents created, stored and edited
in the cloud, communications via email,
meetings held over Skype or Zoom.
This creates a greater attack surface
for cybercriminals, yet businesses have
limited time, money, people and skills
with which to secure their operations. In
fact, overcoming the cybersecurity skills
shortage is arguably the number one
reason that organisations look to MSSPs
– finding the right talent in cybersecurity
and retaining skilled professionals once
they’ve been trained is very difficult.
There are other challenges worth
highlighting when considering
outsourcing to an MSSP. One is that
service descriptions are very complex
and difficult to understand. For example,
service level agreements (SLAs) can be
a challenge to compare, such as what
is included and what’s not. Then there
is the fact that the threat landscape is
continuously changing and data privacy
regulations are getting tighter.
FEATURE
• If you are buying an incident
response service, have you agreed
which rights or limitations this
service includes? For example, can
the MSSP quarantine your CEO’s
laptop or block a port on your
firewall? What are the business
consequences? Early detection and
mitigation of attacks are critical,
especially with ransomware.
• In many areas, there are discussions
about use cases, which serves many
good purposes, particularly when
procuring a managed service.
• What are the agreed-upon key
performance indicators (KPIs) and
how are they measured? Do you fully
understand what the KPIs mean?
Overcoming the
cybersecurity
skills shortage is
arguably the number
one reason that
organisations look
to MSSPs.
Henrik Davidsson, Director Business
Development, Vectra
To cope with these challenges, many
businesses are outsourcing specific
security capabilities to MSSPs, but
they need to look at whether these
are the right ones to outsource –
customers often have limitations in
terms of what they need, what they
ask and what they look for in an MSSP
relationship. They must have a clear
understanding about what the MSSP
will deliver versus what resources the
organisation needs to deliver.
To that end, before even considering an
MSSP, it is important to clearly define:
• What do you want to protect? Do
you know where your critical assets
are located?
• Who is responsible for responding
appropriately to an incident from an
MSSP? Are your internal processes
aligned and staffed to successfully
interact with an MSSP?
What does a managed detection
and response (MDR) service
from an MSSP normally look like?
No defences are perfect. MDR
services seek to reduce the time that a
cyberattacker can operate undiscovered
inside your organisation.
An ideal MSSP service should be built
around the SOC Visibility Triad model,
which was introduced by Gartner. The
triad combines network detection and
response (NDR), endpoint detection and
response (EDR) and event logs, which
are commonly handled via a SIEM.
Using this model, MSSPs can correlate
and provide incident notifications in a
reporting portal. A good starting point
is to begin with the network and cloud
using a service based upon Network
Detection and Response (NDR). NDR
is device-agnostic and so can monitor
www.intelligentciso.com | Issue 29
49