Optimizing Your Managed Security Services Provider

The modern digital age is more susceptible than ever to cyberattacks. Malicious actors relentlessly deploy new strains of malware — the complexity, speed and scale of which will escalate for years to come. For those reasons, many organizations tap third parties to shoulder the burden of protecting critical assets. These Managed Security Services Providers, or MSSPs, offer services such as cybersecurity monitoring, device management and threat detection, including threat monitoring and advanced threat hunting.

There’s no silver bullet that addresses all cybersecurity challenges. But MSSPs can tailor solutions to integrate a customer’s needs and processes if the customer communicates clearly with them about their infrastructure and needs. Here are four key issues:

Issue 1: Know what types of services your organization wants and needs
Discuss with all stakeholders the assets needing protection and together weigh various service options MSSPs can provide. Some organizations say they want 24/7/365 threat hunting services, often a premium service that brings in cyber professionals to hunt threats. What they really want is threat monitoring with common content deployment, which can include dashboards, alerts and rules — usually lower tiered and less expensive.

Whether it’s managed detection and response or a dedicated SOC, knowing the customer’s needs helps the provider customize solutions. Is the organization looking for compliance level support or enhanced homegrown security teams and capabilities? Do they have security tools, or are they looking for the MSSP to provide tools? Are they looking for extra coverage for their existing team or for the MSSP to be the primary provider for security operations?

At Raytheon Intelligence & Space, we have a 30-question scoping questionnaire of to understand what customers are seeking. An organization looking for an MSSP should have a similar list they answer internally to help kick start the conversation with potential providers.

Issue 2: Communicate early and often
Provider communication is essential. Not understanding what the service entails is a recipe for failure. Many MSSPs support customers around the clock. It’s vital the customer shares soft spots and feedback, so the vendor can chart a roadmap to provide appropriate services. Once the roadmap is in place, customers should continuously provide feedback to the vendor to ensure both parties are satisfied. Ask the vendor for data and reporting metrics to ensure maximum value.

If issues or concerns arise, customers should let the vendor know immediately so they can work to remediate and improve service. The last thing any MSSP wants to hear is something is suddenly an issue when it was brought up in the last six calls where the customer did not provide feedback. Take time to build a partnership with the MSSP and truly allow them to ensure your success. Ultimately, both parties have the same end goal: protecting the customer.

Issue 3: You get what you pay for
Many organizations choose an MSSP because they lack the financial muscle to bankroll an entire in-house cybersecurity team or have issues finding cyber talent. If they outsource these services, it comes with a more palatable price tag. Everyone wants 24/7/365 advanced cybersecurity protection. But if an organization were to internally hire highly-skilled cyber experts for around-the-clock protection, most organizations would find that it’s not affordable or practical. Knowing the desired services helps the customer do an apples to apples comparison of MSSP service and price. If two bids are on different ends of the cost scale, one of the vendors probably didn’t understand the service the customer sought. Finally, organizations need to be willing to pay for the service they request. Avoid basing decisions on cost alone. Consider the value of security services as well as costs to recover from incidents.

Issue 4: Visibility
Visibility into data sources within the Security Information and Event Management (SIEM) solution is key to MSSP success. A lack of visibility into IT security infrastructure and tools can be a barrier if the customer neglects to provide the keys to the entire security architecture and data.

Work with MSSP experts to understand what data is useful, where barriers lie, and the impacts of visibility restrictions. The MSSP has been doing this for years. Trust them to help their customer build and prioritize the visibility roadmap. For example, as part of Raytheon Intelligence & Space’s service delivery we provide the top 10-12 log /data sources critical to enabling our service and provide a monthly update on how a customer is doing in providing access or getting logs into the SIEM.

Raytheon Intelligence & Space’s MSOC Cloud is a proactive protection solution proven to identify advanced threats. Watch the video to learn more.

Outsourcing cyber services may be the best strategy for providing a competitive advantage to optimize enterprise cyber security. Partnering with the vendor, understanding the organization’s needs and knowing the funds needed are crucial to ensure a successful partnership with an MSSP. Learn more about Raytheon Intelligence & Space’s full range of MSSP services.

About the Author: Dylan Owen, Senior Manager for Cyber Services, Raytheon Intelligence & Space

Dylan Owen has almost 20 years of cybersecurity experience. As Senior Manager for Cyber Services, Dylan provides Managed Detection and Response to government and commercial customers. Previously, Dylan supported the National Geospatial-Intelligence Agency, including managing their insider threat monitoring program.