A Managed Security Service Provider (MSSP) is an easy sell for most organizations navigating the modern digital landscape. Considering the time and effort needed to develop an in-house security program – not to mention the budget that goes along with it – managed services can be a valuable contribution to any business’s security posture.
But on the topic of “value,” how is this really quantified when working with an MSSP? Do all MSSPs perform the same? More importantly, though, how do you know you’re getting the same value from your MSSP now that you did during the first year of the relationship?
There are many ways to evaluate your MSSP’s performance to ensure you’re getting full value out of the service, but all of them can be categorized under one umbrella – transparency. By understanding what your MSSP is delivering and how it measures up to your standards (and the industry’s), you can hold them accountable for their performance over the long term.
To help manage these expectations, here are some important questions you should be asking yourself and your MSSPs:
What is Included in the MSSP’s Scope of Work?
By far, the first thing you should do before working with an MSSP is thoroughly review their scope of work. This not only involved identifying exactly what is included in their proposed coverage but also what is not included. You should be provided with a clearly outlined pricing model and any supplemental costs associated with additional services rendered that fall outside the documented scope.
One of the things to consider here is if they have any potential caps on their service interactions. While not all MSSPs will have this, it is important to understand how much the service will cost if you exceed their maximum threshold. The last thing you want is to inadvertently use ad-hoc services that aren’t included in your contracted rate. This can lead to unexpected costs and frustration at the end of the month.
You should also inquire whether their service fees will change over time and, if so, what the expected growth rate may be. Although your MSSP may not be able to give you an exact figure, they should give you a rough estimate of your expected subscription costs after a certain period or set a maximum ratio of increase.
Do They Regularly Test Solutions Against Emerging Threats?
Qualified MSSPs know and accept the evolutionary state of cybersecurity and are never complacent regarding protecting your environment. This means they are constantly testing the effectiveness of their solutions against emerging threats. To do this, they should employ a threat assessment model conducted on a regular basis to identify when there needs to be an adjustment in their security protocols.
Due to the severity and frequency of ransomware events and the resulting data breaches, an effective MSSP should be engaged in periodic simulations to ensure their solutions are able to identify and respond to this type of cyber attack. They should also have dedicated teams and resources to follow important industry updates and best practices and share these insights openly with their clients.
Is Their Threat Intelligence Customized for Your Business Environment?
There is no one-size-fits-all solution for cyber security, and your MSSP should recognize that the security requirements of your business environment are unique. More importantly, they should be able to implement a comprehensive solution that doesn’t just replace existing tools and security investments you’ve already made. Rather, a qualified MSSP will allow you to use costly SIEM or XDR solutions you already have in place and find ways to improve their efficacy with tailored threat intelligence.
How Do They Ensure They Avoid False Positive Alerts?
Working with an MSSP should simplify your security workflows, not make them cumbersome. This is why the solutions your MSSP helps you integrate should significantly minimize the false positive alerts you receive. While false positive alerts will happen occasionally, a reputable MSSP will have processes in place to minimize these events while keeping your security environment as efficient as possible. This includes using advanced correlation techniques to detect more complex threats and setting up automated processes to reduce noise and alert fatigue.
Before forwarding any alerts to your team, your MSSP should also have a human analyst review them to ensure accuracy. Investigative services are critical to verifying and analyzing any potential security incidents. So, you should ask what your MSSP’s investigative processes are and how quickly their team can provide these services when new alerts are identified.
Are They Actively Providing Recommendations To Improve Security Over Time?
An effective MSSP should be able to detect and respond to security incidents and work proactively to identify areas of improvement within your organization’s security posture. Recognizing your strengths and weaknesses can help you develop a robust cybersecurity strategy that minimizes risks and maximizes protection.
Your MSSP should periodically assess your security infrastructure, policies, and procedures. These assessments should identify potential vulnerabilities and areas for improvement and highlight strong practices that should be maintained or expanded upon. These assessments should go beyond compliance checks and vulnerability scans and instead paint a picture for you as the client on different ways to further minimize risk and maximize your operational efficiency.
Are They Transparent About Where They Fall Short – and Can They Provide Mitigation Strategies?
Honesty and transparency are essential in any successful relationship, and working with an MSSP is no different. They should provide you with a clear picture of their successes and areas where they could do better – and have a plan to remedy the latter.
It’s not uncommon for an MSSP to face issues due to technological changes, external threats, or even operational challenges. If they are transparent about their shortcomings, it will enable you to determine whether those deficiencies can be addressed quickly or require more advanced strategies. Your MSSP should provide detailed guidance on how these issues can be mitigated – either through additional services or specific available solutions – so that you know exactly what options you have to maintain a secure system.
Do They Provide Expert Services?
Not all cyber security challenges can be solved by software and automated solutions. When you need the expertise to navigate your security landscape, it is important that your MSSP has the resources and know-how to provide these services.
You should inquire about their team’s qualifications and capabilities and any certifications they possess. You should also ask if they have a dedicated incident response team that can be deployed to help you in the event of a breach. While some of these expert services may come at an additional cost, a qualified MSSP should be able to provide them on demand when larger, more complex security issues arise.
How Well Do They Interact With Your Team?
While your MSSP is accountable for managing and safeguarding your system, it’s essential to understand that ensuring security is not solely their responsibility but yours as well. Investing in an MSSP should support and enhance your internal IT department’s functionality, efficiency, and productivity through effective communication.
The level of interaction between your MSSP and internal IT teams will vary depending on the size of the organization and its security requirements. You should ask your prospective MSSP how they interact with internal teams, any training they provide for onboarding new personnel, and what processes are in place to ensure that everyone is informed of key security updates and changes in policy.
It’s crucial to check if your MSSP provides solutions accessible to all employees, not only security staff. This ensures that everyone in the organization is knowledgeable about the latest cyber security measures and can collaborate to safeguard your company against possible threats.
Take the Time to Analyze the Performance of Your MSSP
Ensuring transparency and accountability in your MSSP relationship is crucial for maintaining your organization’s highest level of cybersecurity. By requesting performance metrics, ensuring your providers stay relevant to industry changes, and benchmarking their successes and failures over time, you can hold your provider accountable and make informed decisions about your partnership in the long term.
