Among the hundreds of potential vendors available in the market, the process of choosing the most suitable managed security service provider (MSSP) is not an easy task.
However, as corporate boards and executives become increasingly interested in cybersecurity spending, finding objective criteria for evaluation is becoming essential to finding your ideal vendor. To do this, here are 9 essential considerations.
N°1: Identify your objective
The first thing to consider is the objective: are you more concerned with compliance requirements or the ability to counter actual attacks? The reality of today’s threat landscape shows the duality between compliance and security.
Although the majority of regulatory requirements have been enacted in the hope of enhancing safety, this is not always the case. At the same time, the tactics and techniques of hackers evolve at the same rate as the environments. In other words, if you are only looking for compliance, choose the cheapest provider.
On the other hand, if a careful assessment of the risks facing your business reveals that it would be useful to reduce exposure to cyber risks, you should seek the provider most likely to achieve the detection and response objective. to attacks and therefore refer you to suppliers specializing in anti-piracy and knowledge of attack techniques.
No. 2: Improve visibility
Infrastructures are more diverse than ever, systems are increasingly interconnected, and attack surfaces continue to expand. Therefore, security becomes more difficult to maintain. And yet, without the right security telemetry and visibility, it’s impossible to effectively monitor and detect threats.
The best thing to do is to look for a vendor that can eliminate “blind spots” to get a holistic view of your security and the most important telemetry sources, based on your goals and the types of attacks you are going for. to face. Ideally, look for an organization that can help you gain visibility into multi-technology environments such as: on-premises infrastructure, cloud, endpoints, industrial control systems (ICS) and operational technology (OT) .
No. 3: Negotiation
Once you have found your supplier, the sticking point can sometimes be financial. If necessary, a negotiation is almost always possible.
One way to reduce the cost of managed detection and response (MDR) services is to reduce the scope of the mission. The most valuable abilities focus on response detection. You can remove lower-level tactical activities (such as managing password resets, managing vulnerabilities, or supporting an identity and access management (IAM) solution) from the contract while benefiting from the best services offered by the supplier. It is usually possible to train someone internally to perform these functions.
No. 4: Do not multiply suppliers
Limiting costs by reducing the field can be interesting, but should not be done at the expense of vigilance. If you have multiple providers, one in charge of endpoints, and another in charge of security information and event management (SIEM), visibility problems will be inevitable. Therefore, they will not be able to be fully effective. Cyberattacks occur in multiple stages and have multiple phases, during which hackers use a variety of different tactics, techniques, and tools. To fully understand a sequence of events that began on an endpoint device, security teams must be able to understand what happened in different parts of the network that potentially do not have EDR sensors installed.
N°5: Be a strategist!
In some cases, it makes sense to outsource certain operational functions to your in-house team. This can be an advantage, because your employees will have access to knowledge that will make them much more efficient than an external provider.
However, recruitment can be extremely difficult. Sensing engineering is a glaring example. Detection engineers are in high demand and it is difficult to train someone effectively. Security analysts need to understand how endpoints, operating systems, cloud infrastructures, and all the other tools and technologies that are part of your environment work. Additionally, they must be able to understand the alerts provided by modern EDR tools. It is often best to rely on an MDR provider. Indeed, he will be more likely to have better access to talent, and will be able to retain them.
No. 6: Stay “results” oriented
The cybersecurity landscape is moving at high speed.
Achieving an overall security posture requires applying basic principles such as improving visibility and the team’s ability to detect and respond to threats. Rather than looking for a vendor that can support new, trending tools, focus on the expected results. It is important to understand where your gaps are so that you can fill them effectively.
No. 7: Do not hesitate to change
In some cases, you can achieve better results by leveraging technology already in place; in others not. Analyzing and not hesitating to modernize is therefore crucial.
Having a relationship of trust with your security service provider can make it possible to discuss the technologies they support. It’s unlikely that any one MDR vendor could be as effective with every SIEM or cloud security platform on the market today. Learning each additional tool requires time, money and training. Like everyone else, security vendors have to compromise on which technologies to prioritize.
N°8: Choose the right service levels!
If your goal is to detect malicious activity and respond to it quickly to prevent ransomware from spreading, the number of resources dedicated to your account should be significant.
Service level agreements (SLAs) stipulate, for example, that critical alerts must be dealt with within 5 minutes, and low-criticality alerts within 6 hours. But it is not possible to really understand if an alert is critical without verifying it. Often, a small breadcrumb that triggers a low or moderate severity alert leads to the discovery of something more serious.
A provider that is too focused on SLAs risks achieving these service levels at the expense of service quality. It is still important to have contractual SLAs in order to define general expectations for response times.
#9: Let Stakeholders Have the Final Word
Purchasing departments often seek to achieve business goals at the lowest possible cost and may not understand the different nuances between vendors or your organization’s security goals. Make sure the people making the final decision fully understand the issues.
#Managed #Security #Services #Provider #Considerations