A managed security service provider (MSSP) provides monitoring and maintenance of security devices and systems on an outsourced basis. Typical services consist of a managed firewall, intrusion detection, virtual private network, vulnerability scanning, and anti-virus services. MSSPs utilize high-availability security operation centers (either from their own facilities or from other data centre providers) to provide around-the-clock services intended to reduce the number of operational security personnel an enterprise must hire, train, and retain to maintain an acceptable security posture.
Once an organization is considering performing the activities of Security Log Monitoring, it is important to consider all of the possibilities.
To get started, WHO-WHAT-WHERE questions need to be answered or at least considered. These answers usually affect the WHEN.
Who will perform the necessary activities for a proper security log monitoring program? For most organizations, unless they are very large and/or have unusual security requirements, this will typically mean partnering with an outsourced security partner for some of these activities. The organizations that can perform all of the steps in the security monitoring value chain by themselves are few and far between. Even companies that can make a business case for keeping all of these activities in-house often choose to outsource a significant amount of them simply for the reason that security staff is hard to find and turnover is high.
What will the security analysts monitor? It is easy to put staff in front of a security log monitoring console, but what exactly does the organization get out of the service. It is important to determine which risks, use cases, reports and other forms of output the various stakeholders want to see. Once the expected activities and artefacts are determined, the best way to accomplish them can be traced back to the various logs and available tools.
Where will this infrastructure be located? It is important to consider the localization of the staff, raw logs and metadata. Each organization has each own internal security policy and compliance framework that may be impacted by the location of the monitoring center, logs and infrastructure. It is therefore important to consider these variables when planning the security monitoring program.
It is not necessary to answer each of the above questions immediately. However, the questions need to be considered in order to avoid some of the many problems that could potentially plague your nascent security monitoring program.
Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) are both third-party organizations that provide services to a company. However, these two types of service providers differ significantly in their focus. An MSP delivers general network and IT support, and services such as managed telecommunications (telco) or Software as a Service (SaaS) platforms. In contrast, an MSSP is focused solely on providing security services.
One of the clear differences between MSPs and MSSPs is their “operations center”. An MSP is likely to operate a network operations center (NOC), from which they monitor and manage their clients’ networks. An MSSP should operate a security operations center (SOC), which provides round-the-clock security monitoring and incident response.
An MSSP is intended to augment or replace an organization’s internal security team. By partnering with an MSSP, a company can reap several benefits:
Filling Vacant Roles: The cybersecurity skills gap means that filling vacant positions on an organization’s internal security team can be difficult and expensive. Partnering with an MSSP enables an organization to fill gaps within its internal security team or to replace it entirely.
Access to Specialist Expertise: Limited cybersecurity headcount isn’t the only impact of the cybersecurity skills gap. Organizations also periodically require access to specialized cybersecurity expertise (such as malware analysts or forensics specialists) if an incident has occurred. An MSSP has the scale required to retain this expertise in-house and makes it available to customers as needed.
Round-the-Clock Protection: Cyberattacks can occur at any time, not just during an organization’s standard business hours. An MSSP should provide a 24/7 SOC, providing continual detection and response to potential cyberattacks.
Increased Security Maturity: Many organizations, especially small and medium-sized businesses, do not have the level of cybersecurity maturity that they require. With an MSSP, SMBs can rapidly deploy a mature cybersecurity solution.
Solution Configuration and Management: Cybersecurity solutions are most effective when they are configured and managed by an expert. When partnering with an MSSP, an organization gains the benefit of expert security management without paying to have the required talent in-house.
Lower Total Cost of Ownership: Many cybersecurity solutions offer support for multi-tenancy and high scalability. This enables an MSSP to use the same solution to support multiple clients, spreading the cost of a robust cybersecurity infrastructure across their client base.
Compliance Support: The regulatory landscape is growing more complex as new data protection regulations (such as the GDPR and the CCPA) join existing laws (like HIPAA and PCI DSS). An MSSP can help with collecting data and generating reports for demonstrating compliance during audits or after a potential incident.
For your convenience, you can download our most recent product and service category PDF document. including our most recent valuable customer list.
Our mission is to educate our customer base, build capacity in every country we operate in and make cyber security affordable to all