5 Key Questions You Need to Ask Your MSSP

April 5, 2018 | Ryan Clancy
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

Managed security services providers (MSSPs) are increasingly popular. The new report, “Security Advisory Services Market by Service Type – Global Forecast to 2022,” indicates that the security advisory services market is expected to grow nearly 20 percent annually from USD $5.77 billion in 2017 to USD $13.57 billion by 2022.

There are several factors driving an increase in MSSP demand, including the expense of maintaining 24×7 network and cloud visibility, the need for specialized equipment, capital expenses, and the shortage of trained cyber security personnel. MSSPs can close the gaps in these areas.

If you’re thinking about hiring an MSSP, but don’t know where to start, you’re not alone. Not all MSSPs are created equal, and none have identical offerings and capabilities. Selecting the best match for your business can be complex, so here are some essential questions to help you succeed.

Where is Your Security Operations Center (SOC) Located?

I recommend selecting an MSSP with at least one operations center in your home country of operation. Of course, this will depend on your data privacy requirements as well. For instance, are you comfortable with your company’s data leaving your home country? If your MSSP will provide onsite remediation services (sometimes this is included, but usually it comes at a cost), selecting a provider near your geographical location will be key.

What’s Your Staff’s Average Number of Years of Experience and Certifications?

Staffing costs are the number one reason to seek out MSSP help. Depending on your requirements, for the same cost of hiring one or two full-time analysts, you can get the expertise of an entire MSSP staff to keep an eye on your network and alert you to any issues.

Some things you should find out about your MSSP are what certifications their staff has, and the average number of years of experience on the team. Price is going to be a key factor, as retaining highly-talented, certified, and experienced analysts can be expensive. We recommend roughly five to eight years of average experience team wide. In addition, a good rule of thumb is that at least 75 percent of their staff has completed rigorous technical certifications such as GCIHGCIACCNP Security, or OSCP. You can read more about the OSCP in this helpful blog.

If you have someone technical on your team, you could ask more security-minded technical questions. Then again, it’s more likely than not that you’re seeking an MSSP because your team wouldn’t know a SQL injection if it hit them with decorative soaps.

What Was the Last Remediation You Performed and how was it Executed?

When the MSSP does find something malicious, who is responsible for taking action? Do they provide remediation services? If so, what actions are they allowed to perform? For example, can they block an inbound connection? If so, on which device?

If your MSSP offers remediation, that means they will need some sort of administrative credential on your network. How comfortable will your CISO be with that? How about your legal department?

If you and your IT staff perform the actual remediation with advisory assistance from your MSSP, you can retain administrative control over your devices.

What Type of Information Are You Pulling from Our Devices, and where is it Going?

Your MSSP is most likely going to aggregate your logs and events from multiple systems in your environment. Typically, it’s an aggregation of ones, zeros, and the occasional alert. However, in some cases, it could include Privacy Act information or information you may deem business confidential.

Ask your candidate MSSP what kind of information they’ll be pulling from your devices and where that information will go. Some MSSPs’ security architecture will involve keeping your data on your premises. Keeping the information at your site is ideal. However, if they need to take it offsite, they should encrypt the data in transit and at rest at the storage location.

What Kind of Reports Will You Provide and How Often?

Ask your MSSP for a sample report or two, and get them to walk you through what type of information they report on. Find out if they can customize reports for you if and when you need them. If you fall under a compliance or regulatory scheme, remember that there are certain reports you’ll have to run periodically (i.e., account lockouts). Your MSSP should be able to provide all this for you.

Other questions you should consider: Is there a “self-help” function you can use to run a report yourself? How can your organization consume these reports?

Conclusion

When it comes down to it, try to brainstorm questions that revolve around the people, processes, and technology of the MSSP and how those functions align with yours. Finding an MSSP is like adopting a rescue puppy – sometimes you need to meet a few before you find the one that you want to take home.

For additional advice on how to select the right MSSP for your business, check out our best practices guide, “Top 10 Tips for Selecting an MSSP.”

Ryan Clancy

About the Author: Ryan Clancy
Ryan Clancy is a Senior Consultant with Delta Risk. He has more than 15 years of experience in the information technology and cyber security domain providing consulting services, hunt operations, threat intelligence, cyber exercises, enterprise defense assessments, and training in defensive and offensive network security operations. His areas of expertise include network security architecture, incident response, and programming.
Read more posts from Ryan Clancy ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
GET PRICE FREE TRIAL