Managed Security Services (MSS) is an essential component of any organization’s cybersecurity-in-depth approach. While the ownership of cybersecurity is always with the Chief-Information-Security-Officer (CISO), various other parties within and outside the organization must work together to secure the data and assets of the organization.

 

Emergence of cybersecurity as a geopolitical weapon

Emergence of cybersecurity as a geopolitical weapon has led to continued investment in offensive cybersecurity technology. It has become easier and cheaper to launch large scale cybersecurity attacks by malevolent actors. On the defensive side, the CISO organization is required to constantly play catch up with the emerging threats.

The increase in threats has led to an explosion in demand for skilled cybersecurity professionals. The scarcity of trained resources is a major issue for any CISO today. According to ISC2 report ‘the global cybersecurity workforce needs to grow 65% to effectively defend organizations’ critical assets” [source: ISC2-Cybersecurity-Workforce-Study-2021.ashx]. This is where a Managed Security Service Partner (MSSP) is crucial for successful implementation of the cybersecurity strategy.

 

Dealing with scarcity of cybersecurity resources

An MSSP is a specialist with a large pool of trained cybersecurity professionals who can operate across a wide range of security technologies and processes. The MSSP continuously invests in developing the skillsets and provides a career path to cybersecurity professionals, which may be more challenging for a CISO organization to provide. As the MSSP has a pool of professionals from early to a more mature skillset, they also provide a more cost-effective solution across the cybersecurity value chain.

However, to obtain a robust outcome from the partnership, it is important that your MSSP has the orientation to proactively support and bring value to your cybersecurity vision. The MSSP can provide a wide range of services such as (among others):

  • Managed Security / Compliance Monitoring
  • Penatration Testing and Vulnerability Assessments
  • Product Resale
  • Cybersecurity consulting

[Source: Wikipedia Managed security service – Wikipedia]

Six key questions to ask your current or prospective MSSP

 1. Transparency:To what extent will my in-house team have access to the same data the MSSP analysts have ?

One of the key challenges faced by the in-house security operations teams is that they are unable to analyse the alerts sent over for action by the MSSP. This is driven by lack of access to the data (and systems) that the MSSP monitoring and analysing the alerts. Due to lack of this data / system access, the in-house analysts struggle to take appropriate actions quickly. They are also unable to answer questions from the senior management and other internal stakeholders.

Your MSSP should provide an adequate level of access to the data to your in-house analysts.

2. Collaboration:What are the engagement points for between your in-house analysts and your MSSP to enable seamless team working ?

One of the issues often seen relates to the MSSP working in a silo, away from your other cyber defence teams. This may lead to gaps in the security processes where one team does not follow up where the other team ends their workflow. Many security breaches are a result of routine alerts left unattended even when they were reported. 

Hence, there needs to be a close working relationship between the analysts from the MSSP and your in-house team. This will enable smooth hand-off between the two teams as well as sharing of contextual knowledge.

 3. Flexibility:How does your MSSP stretch to support the ebb and flow of your business requirements ?

At times, the rigid service boundaries between the organization and the MSSP can become a roadblock for security. While it is important to clearly define the scope of responsibilities between the various parties, no amount of detailing can address new emerging situations. For example, there may be a case of sudden surge in the number of alerts due to an event in the external environment. Or it may be a supply chain vulnerability impacting a wider range of the organization’s assets, requiring immediate attention.

The combined resources of the in-house team and the MSSP need to work together to tide over exigencies and keep up the defences. In the true spirit of a partnership, many a times, this would need one of both teams to work beyond their written scope and SLAs. Of course, this may also mean that the MSSP is compensated for the out-of-scope or over-the-SLA, if that is to be sustained over a long period of time.

4. Threat Management:Which areas of your security has your MSSP helped to improve to proactively address new threats ? 

One of the risks faced by organizations is the evolving threat landscape. All components of the security framework need to be updated to deal with the new threats as they emerge. Elements like prevention and detection rules need to be updated, as do the standard operating procedures. The CISO needs all parts of their cybersecurity strategy to proactively keep up with the new threats.

In such a dynamic scenario, the MSSP needs to be an engine of ideas driving the change for better protection. This would include identifying gaps to be filled in the current set up or looking out for extensions for better coverage.

5. Leverage:How is your MSSP helping maximise the value of your broad investments in cybersecurity ? 

For a security-in-depth approach, organizations are making investments in various solutions for cybersecurity. This allows for same risks to be addressed at different levels, providing reduction in the overall risk posture. However, often the MSSP restricts their remit to a single layer or a thin slice of the entire cybersecurity toolset available to the organization. This increases the overhead on the in-house team, who are left with the task of keeping the overall risk posture in view.

To address this, your MSSP should deploy a broad set of skills such as security consulting, security engineering and security operations. This will enable the MSSP to help leverage the entire gamut of your investments.

6. Value addition:What information and reports does your MSSP share to help demonstrate the value they are helping to add to your business ?

As cybersecurity has gained higher prominence in the executive radar, the escalating cost is a growing concern. This includes the cost of cybersecurity tools, software, infrastructure, in-house team and the MSSP subscription. The CISO organization is often required to demonstrate how the cost of cybersecurity is being optimised. This entails development of executive ready reports and benchmarks. Often the reports received from the MSSP are tactical and not interesting for the senior executives of the organization. This can cause rework for higher level reporting.

As a partner in cybersecurity, your MSSP should provide periodic reports that can be readily shared with senior management and intuitively demonstrate value of money.

To learn more about how Positka can support you as an MSSP, please