The managed security service provider market is crowded with 5,000+ companies worldwide offering some degree of MSS. That’s good news and bad news for customers. Competition should drive quality of service up across the board. But it also presents a paradox of choice, and many customers find themselves with buyer’s remorse.
A good MSSP, however, is invaluable. The variety and volume of security technologies available create a web that becomes too complex and costly for the enterprise to manage and maintain itself. Complexity, after all, is the enemy of security.
What Is an MSSP, and What Is It Not?
Before we begin, it’s important to understand what you should expect from your MSSP.
At its most basic, a managed security services provider is an outsourced partner who monitors and manages security technology on behalf of the enterprise to aid in incident detection and response. MSS, however, can be much more than that. The right provider will understand the bigger security picture for the enterprise and be able to contextualize the threat, reduce time to detect the breach, and, ultimately, lessen its impact.
Most traditional MSSPs aren’t set up to achieve those outcomes, however. Instead, they’re comprised of bolted-on services primarily driven by sales opportunities. A customer purchases a large amount of technology and asks if they might also be able to manage that technology. Then another technology is purchased, and more services are created and sold.
The problem with this approach is it simply shifts the complexity to a different team. That team may have more technical knowledge, but the services are still siloed and independent from the total security strategy and ecosystem.
Understanding the differences in approaches is critical to the long-term success of your MSSP relationship. So how do you tell a good MSSP from a bad one? Here are seven red flags to look for.
7 Signs It’s Time to Move on from Your MSSP
#1 Their portal has an ugly interface.
Forgive us for being vain, but the usability of the MSSP portal absolutely matters. The portal should be beautiful, easy-to-use, and, most importantly, provide value and context from the very first screen. Many portals today are outdated and not user friendly. If your MSSP has a portal, and you never log into it, that’s a problem.
#2 They are just an alert factory.
Is your MSSP simply “alerting” you to alerts? You deserve more! Your MSSP should be able to provide insight and context as to why that alert is or is not relevant to you. If the alerts you receive are generic and templatized, you’re essentially paying your MSSP to manage escalations.
#3 They can’t give you a unified view of incidents across environments.
In this day and age, providing management and visibility across environments—IT, OT, Cloud, etc.—is table stakes. If your MSSP can’t give you a unified view of incidents across environments, or if they can’t provide security visibility regardless of where your data resides, it’s time to move on.
#4 They say they do threat hunting, but can’t prove it.
Threat hunting has become a buzzword that MSSPs use to lure in prospective clients. But can they actually back it up? Threat hunting should not be abstract. In our case, we show clients exactly which threats we’ve detected and relevant incidents right in their portal. This should be the norm, not the exception.
#5 They have restrictive SLAs and a nickel-and-dime attitude.
This one is pretty simple. If your MSSP is holding you to an SLA, or if their own SLAs are prohibitive, they do not have your best interest at heart. Similarly, if they charge for every extra hour or request outside your retainer, they’re loyalties lie with their bottom line, rather than your security wellbeing.
#6 They can’t give you real-time visibility into the service you’re paying for.
Do you know if the services you were promised are being delivered? If service was interrupted, would you be able to tell? If not, it’s time to look for a better provider.
#7 You’re only with them because they were easy to get through procurement.
Would you believe that often customers don’t actually choose their number one MSSP? It’s true! Customers often end up choosing the MSSP that’s best from a budget, procurement or MSA perspective, rather than the one that offers the best services. With a service that you’ll interact with nearly every day, it’s important not to fall into the “procurement trap.”
3 MSSP Requirements You Shouldn’t Compromise On
If you decide it’s time to let your MSSP go, it’s important not to repeat the same mistakes you have in the past. Here are three criteria to add to your checklist when selecting an MSSP.
Modern interfaces and collaboration tools. Today’s security engineers have been raised on mobile devices and chat apps. Streamlining the user experience and offering more real-time collaboration will ultimately lead to better client satisfaction.
Tailored, strategic service. An MSSP that customizes its services to your specific environment and is committed to your long-term success will ultimately be more successful than one that relies on a more transactional approach.
Honesty and transparency. Your MSSP will likely not be able to “do it all.” There may be areas where your team is stronger or where a technology vendor may be able to provide better service. Your MSSP should work with you to define and shape requirements rather than claim they can check all the boxes.