Looking back 20 years, the security industry was vastly different. With so few entry points, organizations needed a two-tier firewall and an intrusion protection system to secure the perimeter of their network. Small and mid-sized enterprises (SMEs) could outsource their IT needs to a managed service provider (MSP), and they would receive an alert anytime an issue was detected. Managing security was a breeze.
Then came the cloud, smart phones and IoT devices and the threat landscape expanded—enormously. The move to a data-driven world meant the perimeter evaporated and data became exponentially more valuable. This not only increased the sophistication of attackers but also the number of attacks—it is estimated that cyberattacks will cause $6 trillion USD in damages in 2021. Companies are not just fending off a handful of individuals with time on their hands, they are fighting organized professionals using advanced techniques and even nation states trying to maliciously enter their organization.
In response to growing threats, more and more vendors started popping up, offering protection for specific points in the kill chain. Now, there are 3,500+ security vendors that companies can choose from when piecing together a comprehensive defense system. So how do companies piece these solutions together and operationalize them to become cyber resilient? They often work with an MSSP.
What is an MSSP?
With so many tools to maintain and operate, many companies look to managed security service providers (MSSPs) to monitor their security tech stack. There are companies old and new, large and small, delivering MSSP services. So, before you start working with a so called “MSSP,” it is important to know what to expect from a security partner.
Types of security providers
MSSPs can be grouped into three camps: MSPs, traditional MSSPs and vendor MSSPs. To add to the confusion, you may run into several three-letter acronyms associated with MSSPs such as EDR, MDR and XDR. But which one is right for you? Here, we’ll break down the difference between three key types of security partners and where each provides value.
Traditionally, MSPs manage a business’ IT infrastructure. However, IT and security have become inseparable, almost synonymous, and some MSPs have begun adding basic security as a value-add. Many SMEs take that convenient option because they already have an established relationship with their MSP partner who knows their environment well. It also simplifies things from a billing perspective.
The difficulty is that MSPs are not natively security experts and may even be outsourcing the work to an MSSP and marking up the service. They also don’t typically provide 24x7 monitoring, which is problematic when you are dealing with 24x7 attacks. A few years ago, it was possible that SMEs could get by outsourcing their security to an MSP. It didn’t require an elevated level of security expertise to protect against yesterday’s “smash-and-grab” attacks. Today, however, hackers don’t discriminate. And they are using the same sophisticated techniques to break into organizations of all sizes. Which means organizations of all sizes, need the same coverage and expertise.
- Traditional MSSP
MSSPs are far more security savvy than MSPs. They will take over your existing security stack, alert you when there is an incident and work with you to respond to confirmed threats. Beyond securing your perimeter, these providers become an extension of your security operations, running advanced correlations and analytics on your systems. These talented security experts have deep experience in security and can offer highly customizable services to meet your organization’s needs.
While MSSPs excel at offering effective monitoring services, they don’t provide the products they are monitoring—those come from their clients. So, prior to contracting an MSSP, an organization first must familiarize themselves with the kill chain, research the 3,500 security vendors and piece together an effective security tech stack. But many companies don’t have the time or expertise to accurately assess their risk profile and choose the right tools to address it. So when a tech stack proves to be inefficient, who’s to blame? Because MSSPs need to familiarize themselves with whichever security tools their clients arrive with, they are a Jack of all trades, master of none.
MSSPs also provide a tiered pricing structure, asking clients to choose the level of coverage they need. This is extremely problematic. Attacks are binary—you’re breached or you’re not—so your security should be too. You’re either protected or you’re not. By setting various levels of service, it begs the question: “Is the basic coverage insufficient and is the top tier overkill?”
This tiered pricing structure also forces customers to not only choose the tools they need but also the level of coverage required to enhance their security posture. Something they may not be equipped to do. And since MSSPs are the security experts, wouldn’t it be helpful if they came with recommendations?
- Vendor MSSP
Vendor MSSPs provide an integrated detection and response capability based on their own tech stack. Because the tech stack is built in-house, it can be effective and efficient, sharing intelligence across tools and automating various processes. Moreover, the analysts and engineers only deal with their own tools, so they are intimately familiar with them and skilled at optimizing them.
While this might seem like the perfect convergence of MSPs and MSSPs, the tech coverage is quite restrictive and leaves several gaps that need to be filled. Does the XDR provide email coverage? What about visibility into active directory abuse? Do you need an additional MSSP to cover the gaps?
And finally, because this business model is fairly new, it is also volatile with some of the big players already selling off pieces of their business.
Filling the gaping hole in the industry
While MSPs, MSSPs and vendor MSSPs each have a place in today’s cybersecurity market, all three fail to give SMEs the coverage they deserve. Small businesses don’t have the time or expertise to weed through numerous security vendors and select the appropriate tools to build a tech stack that provides comprehensive coverage. They also can’t afford the gold- and platinum-level coverage many MSSPs are offering Fortune 100 companies.
The security market is missing an easy-to-understand, comprehensive solution that addresses the current risks at an affordable price. And that’s where SolCyber comes in. Learn more about what makes SolCyber a different kind of MSSP and how you can get the protection you deserve.
- What are the biggest differences between an MSSP and an MSP?
The biggest differences between an MSSP and an MSP lie in their focus: while an MSSP is focused on providing cybersecurity solutions and services, an MSP is more focused on making sure that an organization's IT systems are operational.
- Will an MSSP protect me from ransomware?
An MSSP can help you protect your organization from ransomware in a few different ways. For example, they can help you implement backup and disaster recovery solutions, which can limit the damage that ransomware can do to your data.
Additionally, they can also help you develop a comprehensive cybersecurity strategy that includes employee training on how to spot and avoid phishing emails that may lead to a ransomware attack.
Depending on the MSSP’s services, they can help you procure a cybersecurity insurance policy that can offset the financial costs of a ransomware attack.
- Will an MSSP help my company achieve compliance?
Yes, an MSSP can help your company with compliance. They can do an assessment of your current compliance posture and make recommendations on how to improve it. In addition, they can help you develop and implement policies and procedures that will help you meet compliance requirements. Lastly, they can also help you with incident response planning, which is often required by compliance regulations.