Managed security services providers, or MSSPs, continue to rise in presence and impact—by giving companies a cost-effective alternative to having to dedicate in-house staff to network defense.
In the thick of this emerging market is Rook Security. I spoke with Tom Gorup, Rook’s director of security operations, about this at RSA 2017. A few takeaways:
Outsourced SOCs. MSSPs essentially function as a contracted Security Operations Center, or SOC. Most giant corporations, especially in the financial and tech sectors, have long maintained full-blown SOCs, manned 24/7/365. And so the top MSSP vendors, which include the likes of AT&T, Dell SecureWorks, Symantec, Trustwave and Verizon, are aggressively marketing MSSP services to midsize companies, those with 1,000 to 10,000 employees.
At the other end of the spectrum—catering to very small businesses—you have consulting technicians, operating in effect as local and regional MSSPs. These service providers may have one or two employees. They make their living by assembling and integrating security products developed by others, working with suppliers such as SolarWinds MSP, which packages and white labels cloud-based security solutions for very small businesses.
So what about the companies in between, those with, say, 50 to 999 employees? Security vendors recognize this to be a vastly underserved market, one that probably has pent-up demand for MSSP services.
What MSSPs provide. For midsize and large enterprises, MSSPs deliver an added layer of expertise that can help bigger organizations actually derive actionable intelligence from multiple security systems already in place, such as firewalls, intrusion detection systems, sandboxing and SIEMs. The top MSSPs tap into all existing systems and provide deeper threat intelligence services, such as device management, breach monitoring, data loss prevention, insider threat detection and incident response.
For small businesses, local MSSPs focus on doing the basics to protect endpoints and servers. This relieves the small business operator from duties such as staying current on anti-virus updates, as well as security patches for Microsoft, Apple, Adobe and Linux operating systems and business applications that are continually probed and exploited.
Who needs one? Every business today is starkly exposed to network breaches. So who could use an MSSP? The calculation for midsize and large organizations is straightforward. The goal is to provide more data protection at less cost, based on thoughtful, risk-based assessments. The most successful MSSPs will help company decision-makers build a strong case for their services.
See also: Quest for Reliable Cyber Security
At smaller companies, the first question to ask is this: How mature is my security posture to begin with?
Gorup observes: “Is security even on the radar right now? In smaller organizations, you might have just one person, part-time, working IT. Security is kind of secondary. I’d recommend seeking more advisory services to help detect phishing attacks, help build some processes, help understand what technologies you should invest in. This will allow growth to occur. And then you can make a natural transition into building an SOC or seeking SOC services.”