Learn about the different types of managed security service providers, and what capabilities are essential.MDR BUYER'S GUIDE
A Managed Security Service Provider (MSSP) is a company that takes on some – or all – aspects of a customer’s cybersecurity program. MSSP is a catch-all term for many different types of service providers, whether that’s vulnerability management, detection and response, or application security. MSSPs should be fluent in many capabilities, including:
Proactive and reactive approaches to security: A comprehensive security program needs to do more than react to threats, it needs to go in search of them and stop them before they can get near the network. Proactive methodologies like extended detection and response (XDR) should be included in the scope of an MSSP security service and its offerings, going beyond the endpoint to spot threats earlier and stop them faster.
A tailored program for your business: MSSPs should learn – and provide visibility into – your unique environment, and provide tailored guidance to reduce attacker success, respond to events quickly and confidently, and advance your security posture.
Foundational security capabilities, not just reports of alerts: A managed services customer typically will receive full access to the technology their MSSP team uses. This usually includes dashboards, reporting, and the ability to further customize information and alerts if needed.
Gartner defines an MSSP as a company that “provides outsourced monitoring and management of security devices and systems.” The key word in that sentence is “outsourced.” If a security organization is considering outsourcing functionality of its program, likely they’re very much in need of help in monitoring and securing their network.
That can be due to budget cuts, lack of skilled talent, or ramping up new services or products that need to be secured. MSSPs cover most – if not all – functionalities of a competent security program.
MDR providers typically will perform such duties as 24x7 monitoring and endpoint-based attacker intelligence to defend against advanced threats. MDR should also provide tailored service based on a deep knowledge of a customer’s environment and security goals. Service practitioners should also be able to find known and unknown attackers with multi-layered detection methodologies.
MVM experts help customers build or improve vulnerability management programs and better protect network assets. They’ll provide a comprehensive picture of threat exposures for prioritization and remediation. Features of MVM service typically will include scan configurations performed by analysts, monthly reporting, managed infrastructure maintenance, and asset discovery.
Application development is already ephemeral enough without practically forcing security upon the process and creating friction. A managed appsec provider should be able to assess, report on, and improve application security posture. They’ll typically be able to account for most modern frameworks, support internal and public internet-facing applications, and streamline results to the subset of vulnerabilities that present the most risk.
There are many reasons to use an MSSP. Perhaps chief among them is lack of personnel in one practice area or another. Upon settling on a provider, an MSSP can quickly extend a customer’s capabilities in detection and response, vulnerability management, application security, and much more.
Improved security posture: By engaging a team of experts, a SOC can uncover risks earlier, shrink its attack surface, and be ready to investigate with digital forensics and incident response (DFIR) techniques.
Unique and valued skill sets: We’ve already referenced the lack of skilled talent an in-house SOC may be experiencing. Ramping up a hiring program to attract these skilled unicorns can be costly and result in only one or two hires that may not last long. An MSSP can provide access to those specialized skills almost immediately.
Less overhead: Hiring an MSSP negates the need to own the more extensive and specialized cybersecurity solutions to defend against every threat and plug every vulnerability. Sure, the MSSP figures that cost of technology into their costs, but it's their responsibility to stay current on that technology on behalf of their customers. The provider will typically also offer customer access to network traffic analysis, user-behavior analytics, and more.
Faster threat or breach remediation: From hours and hours spent on remediation each week to minutes spent each week, a trusted MDR partner should be able to transform a SOC’s ability to perform remediation. The average time to remediate will significantly decrease with the provider’s ability to create a plan of action specifically tailored to a customer’s environment.
The difference between a Managed Service Provider (MSP) and an MSSP is that one is an IT operations service provider and one is an IT security service provider. It’s operations vs. security, but they really go hand-in-hand with one another, as companies must secure their operations to be profitable and viable. MSPs usually provide some basic security, like patching, threat detection and malware solutions, but stop short of offering more advanced capabilities like vulnerability scanning, DFIR tools, and XDR solutions.
More MSPs have been shifting their directives to include that extra “S,” as the greater need for security was accelerated in large part to the onset of the pandemic a few years back.
The signing of the agreement and the implementation of an MSSP’s services into your security organization can be an exciting time. The vendor search is over, you’ve identified your pain points, and the alleviation of stress is set to begin with the arrival of an extended team of skilled analysts ready to leverage the latest technology on your behalf.
But there is that whole searching process to go through first. How do you know who is the best, and if they’re the best for you? Let’s take a look at some considerations.
What do daily/monthly service interactions look like? Is there one point of contact or will you interact with a different service representative each time you communicate with your MSSP? Is the provider simply focused on security operations, or will they also help you advance your maturity?
Is a potential vendor focused on improving your outcomes in the age of heightened threats? Will they analyze logs and data as well as engage in threat hunts and incident management? At the end of the day, will you be able to focus on other business priorities and improve your overall security posture once the vendor has begun its work?
Can a potential MSSP both collect and analyze data? If no actionable intelligence comes from the data a vendor collects, then what’s the point? Your managed security services partner should be able to build a baseline of normal user behavior across the network, then matching new actions against what’s been learned from that baseline. Leveraging this data – or user behavior analytics (UBA) – an MSSP should be able to expose threats without relying on prior identification in the wild.
Learn more about Rapid7's Managed SOC Services