Managed security service providers (MSSPs) have become important to every organisation's security operations. Their benefits are well-publicised: they scale security provisioning while keeping costs reasonable; they invest in a talent pool to strategically allocate according to customer needs; and have the means and infrastructure to provide scalable, 24-7 security monitoring.
There are other MSSP advantages that well-informed security leaders already know, such as investing in new security technologies. Security stakeholders also know the standard questions to ask an MSSP: What are your experience and past case studies? What are your qualifications? Who are your vendor partners? How do you customise your services to fit my organisation?
But these and similar questions are no longer sufficient to evaluate an MSSP
Despite advances in security technologies and methods, the risk of cybercrime is not shrinking. This problem is creating a reckoning in the industry, which must ask: what exactly is the way to ensure better security?
The answer is increasingly to focus on business risk as a starting point and overall framework, led by new risk-first security frameworks such as Gartner's CTEM (Continuous Threat Exposure Management).
This shift in perception begs the question: is your MSSP still up to the task? To test that assumption, here are questions we suggest you ask your MSSP provider:
● How do you identify security issues in my environment?
● How do you reduce alert fatigue and false positives?
● How do you include my business stakeholders?
● How do you use risk to prioritise my security?
How do you identify security issues in my environment?
Cybercriminals exploit the gaps in your complex and layered technology stacks. It's futile to expect any security service or team to cover all those gaps, even if they systematically try to hunt down every problem. Good security requires clear information gathered agnostically from your environment, sourced as close to real-time as possible, and then analysed and prioritised for the most effective responses.
Performanta uses Encore, our in-house system analysis platform. It doesn't rely on vendor agents but directly queries every security appliance and generates robust information and dashboards on security readiness.
How do you reduce alert fatigue and false positives?
Many security teams are understaffed and overworked. These two problems are related—security professionals routinely have to check and weigh thousands of event alerts sent at all times. Making sense of alerts and responding appropriately is crucial, affecting the mean time to respond.
Too many MSSPs don't have a good answer to handling alert fatigue. But Performanta leverages technology smartly to overcome these issues. For example, we deploy Microsoft's Copilot of Security generative AI to help security professionals quickly understand complex alerts and deploy layered playbooks to address elaborate situations. Copilot for Security is so effective it even helps non-technical staff understand security situations. Performanta was the first Microsoft partner to build an API interface for Copilot for Security, which we integrate as part of Safe XDR.
How do you include my business stakeholders?
For years, the security industry has said that business and cybersecurity should collaborate. Yet, in most organisations, security remains reactive and struggles to involve the business side, which keeps looking at the former as a necessary but expensive cost centre. While MSSPs reduce cost pressures, they are rarely successful at bringing security closer to the business.
We solve this issue with the market's first Risk Operations Centre (ROC). This is a virtual office where one of our risk managers leads our strategy for every client. They determine the client's most pressing security risks based on business priorities, working with a hand-picked team of professionals that suit the client's requirements. The ROC develops a unique security blueprint which our other security services, such as the Security Operations Centre, Event Detection, and Investigative Teams, follow to provide what a client needs. The ROC is a cornerstone of Safe XDR.
How do you use risk to prioritise my security?
Check how your MSSP determines your security priorities. Too often, security solutions focus on specific areas and not how they impact the organisation's vulnerabilities. For example, they use an endpoint detection solution to secure devices and a data leakage prevention solution to manage data security. But how do they know which devices and what data should be prioritised? How do they know if the situation changes?
Performanta was founded on risk-based analysis, and we employ numerous risk and business analysis professionals. We don't sell solutions; we sell targeted risk mitigation. Safe XDR and its parts—the ROC, Encore, artificial intelligence, automation, and more—all reflect this approach.
Managed Security Service Providers offer a lot of benefits and reduce costs. But to secure your organisation, they need to keep evolving. Risk-based strategy has become the new frontier of effective cybersecurity. So, ask your MSSP these four questions, and if you don't like their answers, come talk to Performanta.
Comments