How to select a managed security service provider (MSSP)

Traditionally, Managed Security Service Providers (MSSPs) have offered security services such as managed anti-virus, managed firewall, and web filtering which consist of conducting tasks such as implementing new config, applying software/firmware updates and providing monitoring to determine if the software/device is functioning as expected.

But the security game has changed. Today, cyberattacks are a real concern for every business – not just those at the big end of town or in specific industries. Malware and ransomware attacks are now widespread. While the above-mentioned traditional activities are still important, when hit by a cyber-attack, organisations need additional support from their MSSP to identify and deal with an incident as most organisations don’t have large security teams or skill sets to do this on their own.

Evidence of a breach can quickly vanish, so if you don’t have someone on the case early enough, you might not have the data to analyse what went wrong. Dealing with a cyberattack requires a collaborative effort from the organisation and their MSSP and therefore it is important for organisations to evaluate the MSSP on what supporting services they offer as a part of their managed security services agreement as this could be the key capability that protects an organisation from damage at the time of an incident.

On the other hand, MSSPs need to realise this as well. As stated by a Gartner analyst at a recent presentation in Sydney, most MSSPs would treat a customer incident as just another ticket, but this no longer cuts it. If a customer has an incident, it should be regarded as an incident for the MSSP. When a serious incident occurs, often the customer can be in a state of panic, which is when they need their MSSP to go above and beyond to help the customer resolve the situation quickly.

At Content Security, we offer incident response services in conjunction with our managed services and therefore we can advise the customer on how to prevent a cyberattack from affecting their business. We also have threat monitoring built into our managed services to monitor for threats on a 24×7 basis. This helps us to detect the threat early and get the incident response team in to help our clients prevent a breach or minimise the damage from a breach. We can even provide evidence for the courts and media to ensure that customers are able to publicly share the right information, rather than being left to identify and report on what happened on their own.

In Australia, under the Notifiable Data Breach (NDB) scheme, organisations that have obligations to secure personal information under the Privacy Act are required by the government to provide a report on the breach, but the organisation’s priority usually lies with containing the breach and determining what’s happened. Furthermore, often the right skills are not available to organisations internally for analysis and reporting of incidents, which is where a MSSP can greatly assist.

Gartner states that part of the role of the modern day CISO and CSO is becoming a good project manager, as it includes engaging the MSSP that is equipped with the requisite skills to work together with the different departments within their organisation to solve an incident.

Businesses are subjected to cyber attacks on a regular basis, and either don’t have the resources or time to be constantly dealing with these issues – they want an MSSP to come in, identify and solve the issue and then guide them and advise them on how to prevent such issues in future.