As the managed IT services space rapidly evolves, it is constantly flooded with new buzz words and acronyms used to describe the latest and greatest trends in technology. This information overload makes it difficult to keep abreast of current IT developments and offerings. With that being said, the goal of this post is to discuss the following two items:
- How an MSP differs from an MSSP (from an IT security stance), and
- How an MSP service/solution falls short of that offered by an MSSP.
How an MSP differs from an MSSP (from an IT security stance):
Leading IT analyst firm, Gartner, defines MSPs and MSSPs as follows:
A managed service provider (MSP) delivers network, application, system and e-management services across a network to multiple enterprises, using a “pay as you go” pricing model. A “pure play” MSP focuses on management services as its core offering. In addition, the MSP market includes offerings from other providers — including application service providers (ASPs), Web hosting companies and network service providers (NSPs) — that supplement their traditional offerings with management services. ("Managed Service Provider (MSP)," n.d., para. 1)
A managed security service provider (MSSP) provides outsourced monitoring and management of security devices and systems. Common services include managed firewall, intrusion detection, virtual private network, vulnerability scanning and anti-viral services. MSSPs use high-availability security operation centers (either from their own facilities or from other data center providers) to provide 24/7 services designed to reduce the number of operational security personnel an enterprise needs to hire, train and retain to maintain an acceptable security posture. (“Managed Security Service Provider (MSSP)," n.d., para. 1)
How an MSP service/solution falls short of that offered by an MSSP:
Now when we apply the above definitions to IT security, my experience has shown that a MSP is capable of the following IT services:
1. Remote Management and Monitoring (RMM) - RMM usually provides a set of IT management tools such as trouble ticket tracking, remote desktop monitoring, support and user information through a complete interface. RMM is the proactive, remote tracking of network and computer health. RMM helps to enhance the overall performance of present technical support staff and take advantage of resources in a much better manner.
2. Onsite Services - This is a local touch that allows your MSP to come onsite to perform a variety of IT tasks.
3. Help Desk Support - An MSP uses their ticketing system(s) to accept calls and support hardware or software usually sold by that MSP.
a. IT Security - This is often where the MSP/MSSP confusion resides. MSPs offer solutions such as Endpoint, wireless networking, gateway hardware and even basic Network Operation Center (NOC) services. These services are often limited to configuration, licensing, patching and support. NOC services are more geared towards network efficiency and operability than proactive security monitoring.
Although these are all valuable services, a more important takeaway is that an MSP lacks focus on security as a service, due to its people and processes.
Given Nuspire is a pioneer in the MSSP space with over 15 years of experience, my opinions may be strong on this front. However my 10+ years of consulting and partnering with MSPs has educated me to be able to share these differences. With that, here are some qualities of a MSSP:
1. Security Operations Center (SOC):
a. This is not to be confused with a NOC. A Wikipedia article provides the following definition ("Information security operations center," n.d., para. 7):
The SOC and the network operations center (NOC) complement each other and work in tandem. The NOC is usually responsible for monitoring and maintaining the overall network infrastructure — its primary function is to ensure uninterrupted network service. The SOC is responsible for protecting networks, as well as web sites, applications, databases, servers and data centers, and other technologies.
b. From a gateway standpoint, these SOCs would be monitoring gateway devices such as an Unified Threat Management (UTM), given the high volume of generated logs (i.e., antivirus, intrusion Prevention and Detection, etc.).
2. Security information and event management (SIEM) - A Wikipedia article provides the following definition ("Security information and event management," n.d., para. 1):
Security information and event management (SIEM) is a term for software products and services combining security information management (SIM) and security event management (SEM). SIEM technology provides real-time analysis of security alerts generated by network hardware and applications. SIEM is sold as software, appliances or managed services, and are also used to log security data and generate reports for compliance purposes.
3. Security Analysts - Security analysts are responsible for maintaining the security and integrity of a business’s data. A security analyst is required to have knowledge of every aspect of information security within the company. The main job of the analyst is to analyze the security measures of a company and determine how effective each process is. Furthermore, most SOC’s have multiple CISSP’s (Certified Information Security Systems Professional) as most are staffed 24/7/365.
4. Remediation Services – Once you have put the above pieces together, it is necessary to offer solutions for whatever issues may arise from the SOC, SIEM and/or analysts. Not only should your MSSP be alerting you of network security concerns, but also taking responsibility of remediation to allow you to continue to mitigate risk and take due diligence.
5. Constant Process Evolution – While the above bullets discuss the components and offerings of a MSSP, another key aspect of this entire offering is to keep up your systems and process, facilitating you to always stay as close to the mark as possible. These days the malware created by the Black Hats is more advanced than any prevention system, so it is critical to be able to detect when and if you’ve been compromised.
In closing, I believe it all boils down to network management & security device management (MSP) vs security event management and response (MSSP). Both are vital to maintain an adequate security posture. Users, partners, and customers should understand if their service provider is managing the network, security events, or both.
Information security operations center. (n.d.). In Wikipedia. Retrieved November 24, 2014, from http://en.wikipedia.org/wiki/Information_security_operations_center.
Managed Service Provider (MSP). (n.d.). In Gartner. Retrieved November 24, 2014, from http://www.gartner.com/it-glossary/msp-management-service-provider.
Managed Security Service Provider (MSSP). (n.d.). In Gartner. Retrieved November 24, 2014, from http://www.gartner.com/it-glossary/mssp-managed-security-service-provider.
Security information and event management. (n.d.). In Wikipedia. Retrieved November 24, 2014, from http://en.wikipedia.org/wiki/Security_information_and_event_management.
For further information on Nuspire's Partner Program, click here.