3 questions to ask when selecting the right MSSP

Today’s threat landscape is advancing dramatically, putting more and more businesses at risk. And as new threats and vulnerabilities emerge, new cybersecurity products hit the market claiming to protect against them. Though this might sound like a positive thing, the reality is a bit more complicated. 

The cybersecurity space is already extremely saturated with more than 3,500 security vendors. And that number is quickly growing. The global cybersecurity market was valued at $167.13 billion in 2020 and is expected to reach $345.4 billion by 2026. With so many options, it can be difficult for companies, especially small and mid-sized businesses (SMBs) who often lack in-house security expertise, to know which tools to use and how many tools are needed to cover their bases. This is further complicated by the fact that SMBs don’t have the billion-dollar security budgets of large corporations.

So how can SMBs choose the right security vendors and feel confident in their coverage? Many organizations have decided to partner with a modern managed security service provider (MSSP) that can do a lot of the heavy lifting in terms of dictating what kind of solutions you need. However, choosing the right one can be its own challenge.

Finding the right security partner for your business

A good MSSP should help you assemble and manage a tech stack that keeps your business protected. Though it might be tempting to opt for the MSSP with the biggest name or select the cheapest option, making the wrong MSSP choice can be detrimental to your organization. Instead, you want to find an MSSP that offers services that align with your organization. 

Here are the three most important questions to ask when assessing MSSPs and their ability to protect your business. 

1. Is this a partner that’s keeping my company safe from threats?

This is the key reason you’re even in the market for an MSSP and any partner worth considering should give you a clear answer.

Hackers don’t discriminate and businesses of all types face similar attacks, whether they’re mid-sized companies, or Fortune 100 corporations. This means MSSP needs to provide a similar level of protection for advanced threats for all their customers— independent of your industry or size.

The MSSP should be able to articulate how they can keep your organization safe.  If you reach out to an MSSP and they come back to you with questions about your budget and the type of service you need, or if they’re just looking to upsell you with flashy tech, those are red flags. They’re prioritizing the sale and not wanting to protect you. If everyone is targeted by the same advanced threats, what protection are you sacrificing with a lower service level?

It’s essential that the MSSP provides all the components to defend from advanced attackers from technology to operations. This should include 24/7 detection and response services. Hackers aren’t taking nights, weekends, and holidays off so attacks can happen any time. The faster action is taken, the more effective your defense will be. Some MSSPs might simply send you an alert when a potential threat is detected, leaving you to determine not only whether the threat is real but also how to respond. A good MSSP should own the threat validation and response process, providing you with total protection.

2. Does it address the risks across endpoints, email protection, admin privilege, and employees?

These are the most important areas organizations should focus on and any MSSP worth considering needs to actively address these areas.

• Endpoints – Endpoints are where malicious hackers compromise your organization. By protecting and monitoring endpoints, you’ll know if an attacker got in, how, and be able to respond appropriately. As organizations continue to widen their attack surface with ever-increasing third-parties, cloud-based vendors, and a distributed workforce, securing endpoints only increases in importance.
• Email protection – Many advanced techniques are carried out via email — whether they’re phishing or spear phishing, ransomware, social engineering, or BEC attacks. You need an MSSP that not only provides basic protection in the form of AV and spam filters, but also has the technology to defend against the more sophisticated techniques used by savvy attackers that are actually compromising organizations.
• Admin privilege –  MSSPs should help your organization beyond just defense, which means taking steps to mitigate damage in case you’re compromised and a hacker has entered your environment. Hackers seek to take advantage of escalated privileges to move laterally, deploy malware, and access a company’s most valuable data. An MSSP should provide Active Directory monitoring capabilities while aiding you in limiting admin privileges, restricting permissions, and enforcing a policy of least privilege where possible.
• Employees – Employees are the first line of defense against hackers as they’re bombarded with various email attacks, account compromise attempts, and social engineering attacks that can be hard to spot. An MSSP should consider employees a main area of focus, leveraging security training, attack simulations to spot unprepared employees, and readiness capabilities to assess an organization’s overall posture. Although humans are the weakest link, they’re often the most overlooked.

These are musts for any MSSP. By combining these areas of focus, you can prevent bad actors from breaking into your environment while making sure they can’t move around your environment if they do manage to break in.

3. How does it work with your current security investments?

How the MSSP integrates with your security organization is important. Can the MSSP leverage the existing technology your organization has already invested in or will you need to purchase different tech or tools to make the most of the MSSP?

Some MSSPs expect that you have already gone through the arduous process of procuring the necessary tools and solutions, which they will then take over and manage. But that’s a lofty ask for a small security department that might lack the broader expertise—and time—needed to weed through the plethora of vendors, implement them effectively, and manage them.

A modern MSSP should be flexible and either bring a highly curated tech stack that removes the guesswork of building a comprehensive set of tools or they should be able to work with the existing tools you already have while evaluating and providing guidance on whether your current set-up is sufficient enough to protect you.

Beware of rigid and inflexible MSSPs — it will be hard to have a good partnership with them as you scale, and they won’t be able to work with you to identify or address current or new gaps in your organization.

Remember that an MSSP is a combination of people and technology. Make sure to have open, honest, informed conversations with MSSPs about each tool they’re recommending, so you understand how it helps your organization address the challenges the threat landscape introduces.  

An MSSP is a security partner that needs to grow with your organization

Security is a complex and concerning topic, and it’s understandable that you’ll do whatever it takes to protect your organization. Many MSSPs like to paint the cyber world as a dangerous place, and while they’re not entirely wrong, it’s important to know which threats are real and which tools, controls, and processes are actually making an impact.

Finding the right MSSP is a challenge, but it shouldn’t be impossible. It’s up to you to do the due diligence and have the conversations needed to cut though the marketing in order to understand what an MSSP truly brings to the table. A security partner should be just that—a partner. When you outsource your security, you want to outsource all of it. 

As SolCyber, we provide a curated tech stack for you and only include the tools you need. We also provide 24/7 detection and response services, so by the time you learn of a breach, we’re already taking care of it. 

We also don’t believe in tiered services, because at the end of the day, you’re either covered or you’re not. That’s why we offer simple per-user pricing for our Foundational Coverage service. If you’re interested in engaging with a modern MSSP, we’d like to talk. No buzzwords, no flashy marketing. Contact us for an honest conversation about keeping your business safe.

FAQs

• What is an MSSP?

An MSSP (Managed Security Service Provider) is a type of service provider that delivers cybersecurity solutions and services to their clients, usually on a subscription or retainer basis. The main goal of an MSSP is to act as a third-party service provider that helps the internal IT team save time, energy, and financial resources in keeping the organization secure from cyber threats. It can also serve as an outsourced security department for organizations who aren’t able to build one in-house.

• Is an MSSP different from a MSP?

Yes, an MSSP (Managed Security Service Provider) is different from an MSP (Managed Service Provider). The MSSP provides cybersecurity services to clients, whereas the MSP helps organizations make sure their IT systems are operational (but not necessarily cyber secure.)