Three things all businesses should know about MSSPs

Organizations can benefit by outsourcing, letting security providers assume risk

 
Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Man­aged secu­ri­ty ser­vices providers, or MSSPs, con­tin­ue to rise in pres­ence and impact—by giv­ing com­pa­nies a cost-effec­tive alter­na­tive to hav­ing to ded­i­cate in-house staff to net­work defense.

Relat­ed pod­cast: As threats mul­ti­ply, more com­pa­nies out­source secu­ri­ty to MSSPs

Tom Gorup, Rook Secu­ri­ty direc­tor of secu­ri­ty oper­a­tions

In the thick of this emerg­ing mar­ket is Rook Secu­ri­ty. I spoke with Tom Gorup, Rook’s direc­tor of secu­ri­ty oper­a­tions, about this at RSA 2017. A few take­aways:

Out­sourced SOCs. MSSPs essen­tial­ly func­tion as a con­tract­ed Secu­ri­ty Oper­a­tions Cen­ter, or SOC. Most giant cor­po­ra­tions, espe­cial­ly in the finan­cial and tech sec­tors, have long main­tained full-blown SOCs, manned 24÷7÷365. And so the top MSSP ven­dors, which include the likes of AT&T, Dell Secure­Works, Syman­tec, Trust­wave and Ver­i­zon, are aggres­sive­ly mar­ket­ing MSSP ser­vices to mid­size com­pa­nies, those with 1,000 to 10,000 employ­ees.

At the oth­er end of the spectrum—catering to very small businesses—you have con­sult­ing tech­ni­cians, oper­at­ing in effect as local and region­al MSSPs. These ser­vice providers may have one or two employ­ees. They make their liv­ing by assem­bling and inte­grat­ing secu­ri­ty prod­ucts devel­oped by oth­ers, work­ing with sup­pli­ers such as Solar­Winds MSP, which pack­ages and white labels cloud-based secu­ri­ty solu­tions for very small busi­ness­es.

So what about the com­pa­nies in between, those with, say, 50 to 999 employ­ees? Secu­ri­ty ven­dors rec­og­nize this to be a vast­ly under­served mar­ket, one that prob­a­bly has pent-up demand for MSSP ser­vices.

What MSSPs pro­vide. For mid­size and large enter­pris­es, MSSPs deliv­er an added lay­er of exper­tise that can help big­ger orga­ni­za­tions actu­al­ly derive action­able intel­li­gence from mul­ti­ple secu­ri­ty sys­tems already in place, such as fire­walls, intru­sion detec­tion sys­tems, sand­box­ing and SIEMs. The top MSSPs tap into all exist­ing sys­tems and pro­vide deep­er threat intel­li­gence ser­vices, such as device man­age­ment, breach mon­i­tor­ing, data loss pre­ven­tion, insid­er threat detec­tion and inci­dent response.

For small busi­ness­es, local MSSPs focus on doing the basics to pro­tect end­points and servers. This relieves the small busi­ness oper­a­tor from duties such as stay­ing cur­rent on anti-virus updates, as well as secu­ri­ty patch­es for Microsoft, Apple, Adobe and Lin­ux oper­at­ing sys­tems and busi­ness appli­ca­tions that are con­tin­u­al­ly probed and exploit­ed.

 Who needs one? Every busi­ness today is stark­ly exposed to net­work breach­es. So who could use an MSSP? The cal­cu­la­tion for mid­size and large orga­ni­za­tions is straight­for­ward. The goal is to pro­vide more data pro­tec­tion at less cost, based on thought­ful, risk-based assess­ments. The most suc­cess­ful MSSPs will help com­pa­ny deci­sion-mak­ers build a strong case for their ser­vices.

At small­er com­pa­nies, the first ques­tion to ask is this: How mature is my secu­ri­ty pos­ture to begin with?

Gorup observes: “Is secu­ri­ty even on the radar right now? In small­er orga­ni­za­tions, you might have just one per­son, part-time, work­ing IT. Secu­ri­ty is kind of sec­ondary. I’d rec­om­mend seek­ing more advi­so­ry ser­vices to help detect phish­ing attacks, help build some process­es, help under­stand what tech­nolo­gies you should invest in. This will allow growth to occur. And then you can make a nat­ur­al tran­si­tion into build­ing an SOC or seek­ing SOC ser­vices.”

For a deep­er dive into this top­ic, please lis­ten to the accom­pa­ny­ing pod­cast.

More sto­ries relat­ed to man­aged secu­ri­ty ser­vices:
Man­aged secu­ri­ty ser­vices help SMBs take aim at secu­ri­ty threats
New net­work defens­es leave intrud­ers with no place to hide
As threats mul­ti­ply, cyber insur­ance and tech secu­ri­ty indus­tries start to merge