An MSSP Checklist for Success in the Shifting Threat Landscape

Michael O’Brien

New cybersecurity risks are arising in tandem with complex IT setups and extended network edges. As a result of the changing threat landscape, some businesses are turning to managed security service providers (MSSPs), to help them more readily gain access to cutting-edge technology and hard-to-find security expertise.

MSSPs must provide the correct mix of services and 24/7 security, as well as affordable solutions that improve risk management and compliance, to position themselves competitively in a crowded market. To provide more competitive offers, this is a two-fold issue that calls for speed and scale in detection and response.

Solutions Checklist for Modern MSSPs

Understanding clients’ security and business goals is necessary to develop a successful service offering. To assist customers with these goals, an MSSP must develop a strong set of solutions that gives customers access to the newest technology and security know-how at a reasonable cost. These solutions include:

• Advanced threat detection: This is related to the MSSP’s ability to include advanced threat intelligence in its offering. Customers seek a provider who can immediately identify threats at machine speed and has real-time access to comprehensive threat intelligence.

When combined with actionable alerts (see below) in a single pane of glass, an MSSP can help customers rapidly respond to zero-day attacks, other new threats and variants of well-known attacks, which lowers the risk of a data breach.

• Actionable alerts: Alert fatigue and information overload are common issues for security teams, so security monitoring is a key requirement. Security teams find themselves wasting too much time on erroneous alert investigations in the absence of high-fidelity warnings that effectively correlate events.

MSSPs must deliver context-rich, aggregated alerts to customers that decrease false positives while also defining, directing and accelerating investigations. MSSPs that can implement severity-based prioritizing and real-time analytics can set themselves apart from competing providers.

• Automated response: Some customers may have SOC teams that require help via automation because they are hampered by manual, labor-intensive, inefficient processes often brought on by disparate and nonintegrated systems.

MSSPs with automated response capabilities can serve a bigger market with more complex requirements by addressing higher-level criteria. MSSPs can provide very distinctive services by providing security orchestration, automation and response (SOAR) with updated playbooks.

• SOC services: Customers also turn to their MSSPs for services, including asking experts to guide them through the incident response process or even to function as their security operations center (SOC) or support their current team.

MSSPs are required to provide a variety of services from their own SOC, particularly those that can be provided at certain service levels or customized to meet the needs of specific customers. By providing fully or jointly managed SOC services, MSSPs may close the talent gap via offering not only the technology and tools customers need but the staff as well.

• Flexible deployment: Research repeatedly reveals that security is the main challenge during digital transformation. The primary issues causing businesses to look for MSSPs with flexible solutions are rising threats, cloud adoption, remote work, distributed computing and complexity.

Most customers want their MSSP to manage their compliance and cyber risk. If they want to stand out from the competition, MSSPs must provide adaptable technology such as virtual machines, appliances or cloud-delivered services, as well as pay-as-you-go options that let customers quickly and easily onboard new solutions as their needs change. MSSPs must therefore provide on-demand services with comprehensive self-service catalogs, notably for incident response and reporting.

Visibility & SIEM: Today, irrespective of company size, most customers use many point products that create visibility and control gaps. To overcome these gaps, many choose an MSSP that offers a cohesive security information and event management (SIEM) solution for a reasonable price.

The capacity to take in enormous volumes of data from a diverse variety of vendor products is one of the cornerstones to SIEM efficacy. One way MSSPs can stand out in the market is by offering centralized management and customization possibilities through API integrations. Additionally, MSSPs should think about offering granular analytics and reporting with event management, which emphasizes significant activity and alerts and offers a reasonably priced substitute for conventional in-house SIEM deployments.

Seizing the Opportunity

The opportunity is ripe for MSSPs, but the number of such organizations in the market is growing all the time.

How can you stand out amid competitors and really show prospects you’ve got the goods? Scalability and customization must go together when developing solutions. Both services and technology are crucial; offering value using the appropriate technologies to tackle the appropriate challenges at the appropriate cost is a key component of providing a solution.

The core value of MSSPs is to make technology, knowledge and services accessible and predictable. Keeping this in mind, MSSPs ought to concentrate on a platform strategy that enables the creation and delivery of flexible, scalable solutions which scale with the MSSP and their customers while bringing the highest business value to the MSSP.

Michael O’Brien is regional vice president of strategic routes to market for Fortinet. He has extensive experience in global and national channels, sales management, cloud, managed services, software-as-a-service and infrastructure-as-a-service across a spectrum of customers’ IT needs. You may follow him on LinkedIn or @Fortinet on Twitter.