Blog > Best Practices 10 Qualities to Look For in a Managed Security Service Provider

Thursday, Oct 8, 2020

BY: John Ayers - Chief Strategy Product Officer

The managed security services provider (MSSP) industry is growing at about 12% per year. This makes sense. Demand is increasing as more organizations turn to MSSPs.

Reasons vary as to why they outsource, but common benefits are:

  • Obtaining security services with 24x7x365 coverage.
  • Reduced complexity with addressing threats
  • Compliance monitoring for new privacy laws
  • Overcoming staffing or CapEx limitations.
  • Taking advantage of robust threat intelligence and threat hunting.
  • Reducing complexity, especially in environments with many point products.
  • Coping with and recovering from a breach faster and better with a formal incident response team and structured response process.

With hundreds of MSSPs from which to choose, how do you go about selecting one that is a good fit for your organization? Thinking in terms of people, processes and technology is a good first step, but where you go from there can be a challenge when you attempt to answer questions like:

  • Which people, processes and technology do I really need?
  • How do I respond to a Ransomeware?
  • How do they align with my current resources?
  • Which features and functions are critical given compliance requirements and the information and assets I need to protect?
  • How does an MSSP simplify cybersecurity, not make it more complicated?

Another important thing to keep in mind is that not all MSSPs are adapting to the constant changes in networks, endpoints, cloud, data protection techniques and threat actor sophistication. Also, some MSSPs rely on fear, uncertainty and doubt (FUD) to win business, reinforcing negativity and amping up the pressure to make decisions.

All of the above is why we identified 10 qualities that we think should be the core of an MSSP interview and selection process.

  1. Operate as an extension of your team.
  2. Demonstrate excellent listening skills.
  3. Deliver a flexible, strong onboarding process.
  4. Provide actionable alerts.
  5. Balance human intelligence and technology equally.
  6. Tailored & specialize in threat intelligence.
  7. Rapid Response
  8. Offer comprehensive endpoint detection, protection and response.
  9. Deliver 24x7x365 managed security services.

A list is just a list unless you can drill down to what’s behind each of the qualities. And know which questions to ask so you can get the answers you need to evaluate options. For this, we have developed two options to help aid your process: A MSSP white paper that explains each of the 10 qualities in depth and provides questions or a MSSP checklist of the questions to ask potential MSSP partners—and why.

Either one will help you think about cybersecurity and MSSPs more broadly, and in the context of a constantly changing threat landscape. A true MSSP partner will help you manage and mitigate threats based on a security program customized to your unique risk profile, point of view and business/industry requirements.