Beyond the troubling data breach statistics, businesses of all sizes face a serious cyber security issue—a cyber skills shortage and the cost of hiring rare security network experts. The level of difficulty to build an expert in-house security operations center is leading companies across all industries to consider other means of improving cyber security.
One approach is to hire a third-party managed security service provider (MSSP).
While many organizations fall into the trap of thinking an MSSP can take over all security functions for them, the future belongs to a hybrid model where you partner with your MSSP to ensure you have comprehensive protection and response plans in place.
The Need for a MSSP Liaison
While there are multiple benefits of hiring an MSSP—cost savings, security expertise, and 24/7 customer support to name a few—the added value is only as good as your ability to integrate MSSP functions into your own security operations. What this means is that beyond having your own security team, you need a manager of some sort (whether it’s a CISO or a lower-level head of security) to coordinate functions with the MSSP.
According to IBM’s Senior Manager of Security Services, Michael Sanders, the functions shared between your internal security operations team and an external MSSP include:
- Rule and device administration
- Real-time collection and analysis of activities that impact IT security
- Sweeping for incidents
- Threat monitoring
- Threat analysis
- Incident response management
- Emergency incident response planning
The actual distribution of security functions will vary depending on the size of your company. A large Fortune 500 company might have the strength of a well-developed in-house security team and need an MSSP for its ability to monitor around the clock.
An SMB, on the other hand, might need an MSSP more for its expertise in designing a security infrastructure. Regardless of your specific needs, you need a liaison that can ensure your service level agreement (SLA) is being met and that you stay in control of your data.
Here’s an example of how you could split up security responsibilities with an MSSP according to Sanders:
| MSSP Functions | In-House Security Team Functions |
| Admin support (tool integration and rule administration) | Operational governance |
| Threat monitoring (threat analysis and impact analysis) | Analytics and incident reporting |
| Security intelligence (incident hunting and use case recommendations) | Incident response management |
| Supported appliance/software deployment and management | Threat response (advanced event analytics, escalations, incident management) |
| Threat triage (investigations) |
Visibility and Transparency Are Always Essential to Your MSSP Partnership
Thinking about your work with an MSSP as a partnership rather than simply outsourcing security means you have flexibility in the SLA. No matter how the functional distribution is planned out, operational transparency between the two sides is essential to realizing true value.
However, even the greatest communication between your in-house security team and your MSSP can be hindered by improper network architecture. Always ensure that your in-line security appliances and out-of-band monitoring devices are connected via proper networks TAPs. With network TAPs in place, you know that you have guaranteed visibility into every bit, byte and packet® of network traffic allowing the security tools to do their job while maintaining 100% network uptime, even when the appliance requires updates or trouble-shooting.
If you want to learn more about how network TAPs should fit into your security strategy, download our free white paper, Optimizing Network Design in Security Projects.