kras99 - stock.adobe.com
Cybersecurity often tops the IT priority list for many organizations. IT security spending is a growing portion of technology budgets as businesses look to safeguard critical assets. But the challenge of protecting the network from fast-evolving threats with limited internal expertise drives many organizations to seek help from third-party managed security service providers.
Several types of providers are available for enterprises, including systems integrators with managed and consultative services, telecom-attached providers and pure-play security companies. Given the hundreds of major MSSPs offering a wide array of security services, the search for the best network security service provider can be daunting.
While the cybersecurity needs and challenges of each enterprise can vary, some common considerations apply to all organizations when selecting managed security services. Before narrowing down the list of prospective providers, organizations should have a firm understanding of their managed security service needs. Here are some common questions organizations should ask themselves:
- What gaps exist in the current security infrastructure and personnel?
- Is the company looking to augment staff to better support its current security infrastructure, or does the enterprise want to fully outsource security operations?
- Does the company have a good handle on network infrastructure monitoring and management but is more concerned with incident response?
Determine your network security needs
Some companies may need to consult with a third party about their security architecture. Others may opt for a MSSP because they're looking for distributed denial-of-service (DDoS) mitigation. Additionally, enterprises may seek support from an MSSP for a whole host of other elements, ranging from security infrastructure integration to governance, risk and compliance management.
Many companies build their initial prospective list by the type of provider based on certain needs. For example, a company that needs traffic monitoring and DDoS mitigation might focus on telecom-based network security service providers. Another company looking for more consultative support on developing policy and improving its compliance posture may choose a systems integrator.
IT administrators and others involved in procurement should narrow down the list of potential providers to those that deliver the security services they need now and adjacent services that could be on the horizon.
Industry insight and reputation are vital
Several factors should go into picking top candidates, but none are more important than determining if the provider is trusted by its existing clients. In an industry that values innovation, it's just as important that the MSSP has a solid reputation for delivering security services over many years.
Organizations should ask prospective MSSPs for reference customers. It's also helpful if the MSSP has experience providing security services for other companies within the same vertical. This is beneficial for compliance management and understanding the specific threats and vulnerabilities within a particular industry.
MSSPs build their reputations on service delivery, which relies on a combination of personnel and technology resources. Providers may use a combination of third-party developed technologies for service delivery.
How experienced is the staff?
Organizations should find out how many security analysts and professional services staff members the provider employs and what technology certifications they have.
If an organization wants an MSSP to take over its firewall management and the administration of other security devices on its infrastructure, the provider needs sufficient resources and expertise with the enterprise's security infrastructure.
Organizations looking for security operations center (SOC) services should investigate the MSSP's security infrastructure. For instance, does it have multiple SOCs for greater availability and redundancy? If a business is international with locations in multiple countries, then having a similarly resourced MSSP may be beneficial.
Enterprise security buyers also need to find out what kind of service-level guarantees the prospective MSSP offers and if they're competitive with other providers. Providers will offer service-level agreements (SLAs) around metrics like the timing of emergency notifications and proactive maintenance. Another common SLA metric is time to resolution in the event of an incident.
Cost is always a consideration
With respect to threat management, more clients are pressing MSSPs to quantify the accuracy of their alerts. One of the biggest drags on security operations teams is the volume of false alerts. A flood of alerts that are harmless anomalies can lead to complacency. In that case, security teams might miss real and potentially harmful threats.
Security buyers should also look at how the individual providers manage the client relationship. Some vendors offer a team of dedicated analyst contacts; others may provide the option of having a security staff on the customer's site.
Lastly, cost is also a major consideration. For organizations that don't need much consultative support, highly automated services with limited professional contact can help make the services more economical. But many customers can justify a significant spend based on the fact they can't afford the downtime or other losses associated with a costly breach.