Cutting through the noise and choosing the right MSSP – Managed Security Service Provider – is a vital step toward effective online security for any large organisation.
During my years as a CTO and security specialist, I’ve identified six key questions that can help eliminate confusion and identify the best MSSP for any specific company:
- How do we cut through the noise to find the MSSP services your enterprise needs?
- What role does MDR play in tackling the toughest security challenges?
- How can SOCs work more effectively to get better results?
- How can risk assessment be better tailored to an organisation’s individual needs?
- Can an MSSP minimise data collection costs without compromising security?
- Are we using real-world strategies like penetration testing to enhance threat detection?
To help me answer these vital questions I talked to my colleague Tony Campbell, Sekuro’s Director of Research & Innovation. Tony has spent many years working in and researching cybersecurity, so our conversation was both detailed and practical.
By the way, you can take an even deeper dive into security vendor selection in Sekuro’s webinar Six questions you should be asking your MSSP to strengthen your security posture. In this extensive conversation with Tony Campbell, we cover all aspects of MSSP selection from technical issues to team composition and economies of scale.
Question 1: How do we cut through the Vendor noise to find the services your enterprise needs?
As a CTO myself, I’m acutely aware of how challenging it is to keep up to date with the huge array of available security vendors and products. So, how do we cut through the noise in the marketplace and make sound technical decisions about the best vendors to partner with? When I posed this question to Tony, he approached it from the point of view of Sekuro’s clients, many of whom are struggling with this very problem.
“As a security services provider, our role isn’t to partner with all of the available security vendors, it’s to make good choices on behalf of our customers,” Tony explains.
“We look for security partners that help us either automate, remove, or address routine security tasks so that our experts can focus on important aspects of service delivery, such as threat hunting ; that sort of deeper, more intellectual aspect of service delivery.”
Tony Campbell, Director of Innovation and Research at Sekuro
Learn more about simplifying security vendor selection.
Question 2: How does leading with MDR help tackle the toughest security challenges?
MDR – Managed Detection and Response – is a central plank of building solid security perimeters because mundane threats can usually be handled by automated partner services, leaving human experts free to focus on more difficult challenges.
Tony shared: “Endpoint threats are typically the noisiest, so we will see more endpoint threats than any other type. But because they’re the most mundane threats, systems like CrowdStrike manage them completely. By removing endpoint threats, our team can focus on things that are much more complex. We can look at applications, we can look at cloud security, we can look at network security, we can look at the interconnected elements of security within the client environment and not spend most of our time chasing typical virus outbreaks and things like that.”
Learn more about Managed Detection and Response.
Question 3: How can SOCs work more effectively to get better results?
The way Sekuro organises its SOCs – Security Operations Centres – is a bit unusual. As security engineers and architects we’ve all worked in various SOC groups and the problem often arises that important tasks can be neglected because responsibility is excessively siloed. So, how do we solve this problem and motivate SOC team members to be proactive?
“We have three levels of seniority in our SOC tactical teams, and the primary objective of the person above you is to mentor you,” Tony explains. “The good thing about this approach is that if there are five outstanding alerts that need to be triaged, all three members of that team are responsible for doing that work. If the junior person is busy doing something else, the rest of the work will still be picked up by the others. There’s no, ‘Oh, that work’s yours, that work’s mine.’ It’s self-organising, and it actually works very well.”
Learn more about Sekuro’s approach to SOC tactical teams and Managed Detection and Response.
Question 4: How can we make more sophisticated risk assessments tailored to companies’ individual needs?
High-quality risk-based vulnerability management means spending time getting to know a client’s team, architecture and priorities. For instance, we need to discover what’s going to have the highest impact if it’s attacked. That human element of analysis is what elevates a managed security service above the ordinary. But, how does that work in a tactical sense? Tony explains it like this:
“We’re able to send vulnerability notifications directly to, let’s say, our customer’s server team or network team and say, ‘These three things are really important, but these three things can wait until the next patch cycle.’ They’re not necessarily based on what the threat score was, they’re based on our deep understanding of the customer’s architectures. When we escalate something to them that needs urgent attention, it’s not simply based on what the tool says, it’s understanding that that thing is three layers down inside a complex network and may be hard to get to.”
Learn more about sophisticated, bespoke risk assessments.
Question 5: Can we minimise data collection costs without compromising security?
The MSSP marketplace is flooded with vendors trying to gain insights into their client’s businesses by collecting massive amounts of data. Unfortunately, for many organisations data storage costs are making that blunt approach prohibitively expensive. I asked Tony how we can go about getting outstanding security outcomes without massive data price tags.
“We only store what we need and that way we streamline the collection and the storage. In some cases, we can save our clients up to sixty per cent on data storage requirements,” Tony said. I remember for one client, they were hitting that threshold where they were going to have to pay for a lot more storage, and we managed to get it down to twenty percent of what they were gathering previously.”
Learn more about safely minimising data collection costs.
Question 6: How do real-world strategies like penetration testing enhance threat detection?
We’ve talked a lot in this article about making threat detection more effective as well as more efficient. This hinges on knowing where to look for threats, especially in very large organisations, where attack vectors are complex and spread across a large surface.
Tony Campbell was able to neatly summarise how his teams balance the demands of real-time threat monitoring with a high-level view of longer-term security issues:
“The SOC is typically looking at information coming out of systems as they’re behaving right now in real-time. The difficulty is: how do you build logic and behavioural analysis into your SOC model that can respond to attacks from really sophisticated threat actors? The only way to do that is to use penetration testing. We use threat modelling and offensive security patterns to discover how an attacker would get from the outside to the ‘crown jewels.’ In pen testing, we’re putting on the hat of the adversary so we can better understand how our client is going to be attacked, and that allows us to plan better defences.”
Learn more about penetration testing and enhanced threat detection and response.
Take the next step toward optimising your cyber security posture
Working out what MSSP services your enterprise really needs is vital to effective cybersecurity management. MDR, endpoint detection & response, and penetration testing all contribute to cybersecurity but making your enterprise truly secure demands bespoke risk assessment by dedicated expert teams.
Take the next step toward comprehensive cyber security by viewing Sekuro’s short but informative webinar Six questions you should be asking your MSSP to strengthen your security posture. In this informative and accessible conversation, we cover the most important aspects of MSSP selection and offer real-world solutions to some of the most challenging problems facing security managers and executives.
Here’s a summary of the six questions discussed: