When it comes to security, preparedness is a never-ending challenge that requires round-the-clock monitoring. Cybercriminals, hacktivists, and nation states never seem to sleep, so how can you?
Many companies don’t have the budget or the skills to create their own 24/7 security SWAT team. Managed security service providers (MSSPs) can deliver much-needed relief.
Look for an MSSP with a service set broad enough to cover all your requirements. Many offer more than core remote administration services. The Gartner 2019 Magic Quadrant for Managed Security Services, Worldwide defines MSSPs as “the remote 24/7 monitoring of security events and security-related data sources.” Also, “the administration and management of IT security technologies.” Lastly, as “the delivery of security operation capabilities via shared services from remote security operations centers (SOCs), not through on-site personnel nor remote services delivered on a one-to-one basis to a single customer.”
CenturyLink security experts suggest you consider the following when choosing an MSSP: “Security technology administration and management of firewalls, unified threat management (UTM), intrusion detection and prevention system (IDPS), endpoint protection platform (EPP), endpoint detection and response (EDR), secure web gateway (SWG) and secure email gateway (SEG).”
An MSSP may offer firewall management, but don’t forget to check how much it charges for incident response as part of this service. CenturyLink offers its managed firewall customers an incident response service without the need for a retainer.
If you are a user of cloud-based services, be sure to check that your provider also monitors your chosen software as a service (SaaS) applications in the cloud alongside your own on-premises infrastructure.
Analysis methods and metrics
It is important to understand what the MSSP does behind the scenes to deliver its services. Just as a car engine’s inner functions determine how well it performs, the technology behind the MSSP’s security scanning services will influence the effectiveness of its results. Consider:
Sourcing. What methods and tools does the MSSP use to support its offering? Some may use other suppliers’ tools or even repackage their online services, while others may use their own home-grown tools with extra functions to offer differentiated solutions.
Technique. Ask how the MSSP builds its threat database, and how much human analysis goes into its threat intelligence assessments. Does it rely on IP and domain blacklists for its traffic filtering or does it use more advanced techniques like machine learning to detect emergent threats?
Effectiveness. Ask for detection and prevention metrics that tell you how effective the MSSP is. Customer testimonials are also a great source of information. Don’t be afraid to find the MSSP’s existing customers using news reports or its own website and call them to hear about their experiences first-hand.
Responsiveness and customer service
Before issuing your request for proposal, consider what you’re looking for in an MSSP’s customer service. Some companies with no internal technology resources might want nothing more than a black-box service they can pay for and forget about. Others want an MSSP that collaborates with their own team in a co-managed approach to cybersecurity, helping with tasks such as prioritizing vulnerabilities for software patching.
Many customers find it useful to conduct regular phone-based reviews with their MSSP. These can bring to the surface any opportunities for improvement, along with any emerging threats to watch out for.
At the least, ask about ticket management and response times. When you have a cybersecurity issue, who do you contact for help, and how long will it take for the MSSP to respond meaningfully? An MSSP doesn’t provide an on-site service, but the best ones should feel like an extension of your own team.
Quarterly reviews and email or telephone support are useful, but sometimes you’ll want to check on something for yourself. Ask the prospective MSSP about its self-service options. It should offer a highly customizable online portal that lets you query a unified set of logs drawn from your own systems. For example, CenturyLink will ingest 10Gb of log data per day for free.
Self-service portals contain sensitive data, so ask your prospective MSSP about security measures such as role-based access control.
Used wisely, an MSSP will be a valuable asset for your company, bolstering your cybersecurity defenses. Just remember that the best defenses are multi-layered. Rather than using your MSSP as your only protection, complement it with judicious internal cybersecurity measures, too.
Document your own IT environment so you can at least handle basic cybersecurity hygiene like software patching. Don‘t forget the human element. While an MSSP might scan your web traffic, if you train your employees in cybersecurity best practices, they are less likely to click on phishing links to begin with.
To find out more about what makes a good MSSP, download the Gartner 2019 Magic Quadrant for Managed Security Services, Worldwide by Toby Bussa, Kelly Kavanagh, Sid Deshpande, Pete Shoard, 2 May 2019. It now names CenturyLink as a Visionary. CenturyLink serves network services customers from smaller to very large enterprises with global services requirements. Infrastructure as a service (IaaS) and cloud service customers also use its services.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
This content is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided “as is” without any warranty or condition of any kind, either express or implied. Use of this information is at the end user’s own risk. CenturyLink does not warrant that the information will meet the end user’s requirements or that the implementation or usage of this information will result in the desired outcome of the end user. This document represents CenturyLink’s products and offerings as of the date of issue. Services not available everywhere. Business customers only. CenturyLink may change or cancel products and services or substitute similar products and services at its sole discretion without notice. ©2019 CenturyLink. All Rights Reserved.