Checklist for creating a successful MSSP

Jonathan Nguyen-Duy, Vice President, Global Field CISO at Fortinet outlies his top tips for Managed Security Service Providers (MSSPs) for creating a successful service offering in the Middle East region.

Complicated IT environments and expanding network edges create new cybersecurity risks. In response to the evolving threat landscape, more companies have turned to managed security service providers (MSSPs) who can provide access to hard to find security expertise and the latest technology. To position themselves competitively in a crowded market, MSSPs must offer the right combination of services, around-the-clock protection as well as, cost effective solutions that deliver better risk management and compliance. It’s a two-fold challenge that requires speed and scale in detection and response for more competitive value propositions.

Managed Security Provider (MSSP) Success Checklist
Creating a successful service offering means understanding customers’ security and business objectives. To help customers achieve these goals, an MSSP must establish a robust set of offerings that offer access to the latest technologies and security expertise at a price point that makes sense.

Actionable Alerts
Most customers begin their evaluation process by reviewing an MSSP’s solutions. Information overload and alert fatigue is a common problem facing security teams so the ability to address security monitoring is a key requirement.  Without high-fidelity alerts that correlate events effectively, security teams find themselves spending too much time investigating false alerts.

To help address these problems, MSSPs must provide customers with aggregated alerts enriched with context that reduce false positives, while also helping to define, guide, and accelerate investigations. MSSPs who can enable prioritization based on severity levels with technology that streamlines task assignments and automate response can differentiate themselves from other providers.

Advanced Threat Detection
In addition to alerts, advanced threat detection is also tied to the MSSP’s ability to incorporate advanced threat intelligence into its offering. With threat actors continually improving their tactics, techniques and procedures customers want a provider with real-time access to robust threat intelligence that can quickly detect attacks at machine speed. While many customers may already subscribe to threat intelligence feeds, disaggregated information across a fragmented security architecture actually creates security gaps and increases key metrics like mean times to detect and respond.

MSSPs need to support actionable alerts with high-quality threat intelligence. When combining the two in a single pane of glass, an MSSP can help customers respond to zero-day attacks, other emerging threats, as well as variations of known attacks more rapidly, and thereby reduce the likelihood of a data breach.

SOC Services
MSSPs offer more than just access to the latest technologies. Customers also turn to their providers for services, including talking to experienced people who can guide them through the incident response process. The cybersecurity talent gap leaves many companies struggling to find the right staffing to protect their systems, network, and data. Often, customers turn to an MSSP to act as their security operations center (SOC) or support their current team.

With this in mind, MSSPs must deliver a range of services from their own SOC, specifically those that can be offered at particular service levels or tailored to individual customer needs. By delivering a fully managed or co-managed SOC service, MSSPs can fill the talent gap by providing the human resources customers need, not just the technology and tools.

Automated Response
Some customers may have SOC teams that need augmentation because they are bogged down by manual, inefficient, error-prone, and time-consuming steps. These customers need automation so that their teams can effectively filter repetitive tasks and focus on more critical issues.

MSSPs that offer automated response capabilities can address higher level requirements to address a larger market with more advanced requirements.  By offering Security Orchestration, Automation and Response (SOAR) with updated playbooks, MSSPs can offer highly differentiated services featuring enhanced detection and accelerated incident investigation and response.

Visibility & SIEM Access
Today, nearly every customer has a complex environment, regardless of company size. Most customers have multiple point products that create gaps in visibility and control. To gain that visibility, many work with an MSSP who can cost-effectively provide them with a cohesive Security Information and Event Management (SIEM) solution.

One of the keys to SIEM effectiveness is the ability to ingest large volumes of data from a wide arrange of vendor products.  The ability to provide centralized management and customization options using API integrations is one way MSSPs can distinguish themselves within the market. In addition, MSSPs should consider services like granular reporting with event management that highlights important activity and alerts – providing a cost effective alternative to traditional in-house SIEM depoloytmens.

Flexible Deployment
Many organizations are implementing digital transformation and research consistently shows that security is the primary concern.  Cloud adoption, distributed computing, remote working, complexity and increasing threats are key challenges driving customers to seek MSSPs with flexible solutions.

Most customers want their MSSP to be their “one-stop-shop” for managing cyber risk and compliance. To differentiate themselves, MSSPs need to offer customizable solutions with flexible technology in the form of appliances, virtual machines or cloud delivered services along with pay-as-you-go options that allow customers to onboard new solutions quickly and efficiently as their needs change. To do this, MSSPs need to offer on-demand services with extensive self-service catalogs – especially incident response and reporting.

The Business Benefits of Choosing & Working with an MSSP
Beyond providing the right services and technologies, MSSPs must also demonstrate their business value. Many customers recognize their security problems but cannot articulate where the MSSP fits into solving them. To demonstrate the vital role they can play in securing customer networks and enabling the business, MSSPs should consider offering the following:

Specialized Skills and Services
For most customers, gaining access to the skills and services that help them solve their unique security issues poses a significant challenge. While no two customer requirements are the same, all organizations are seeking cost effective ways to access scarce security skills and services.

MSSPs should focus on platform scalability that allows efficient customer focus without the cost of dedicated staffing. MSSPs need flexible solutions that evolve with customer needs.  In some cases, a customer may want a comprehensive technology and services package that gives them an entire team and all capabilities. In other cases, the customer may just be building out a SOC and looking to grow over time. Being able to meet customers where they are now, as they are now, and evolve with them is key to helping them understand the value.

24/7 Service
Threat actors can attack at any time of day, often outside of traditional work hours. Even companies with a SOC may not be able to have someone on-call every day, all day. MSSPs can provide that co-managed service for companies without a dedicated SOC or augment the current SOC to address these outside-of-business times.

Rapid Response
Our networks and systems are more interconnected than ever before, so the sooner a company can respond to a threat, the less damage that threat can cause. With automated response capabilities, customers can reduce response time to ensure a reduction in potential damage. Manual processes are no longer adequate as they can take anywhere from four to fifteen hours, but automated response technologies can reduce that to twenty minutes or less. Incident response is all about automation for speed and scale.

Lower Total Cost of Ownership
Building a SOC, deploying SIEM, tools and hiring the staff can be cost-prohibitive.  Accelerating business requirements and cost concerns means companies are seeking alternatives to tradition build and operate approaches. The shared services model offered by MSSPs is an increasingly attractive model that provides accelerated time-to-service along with better risk management and compliance than traditional in-house solutions. MSSPs offer a predictable, demonstrated cost model that provides better value for risk management and business outcomes.  Aligning operational metrics to customer business outcomes is a key differentiator.

Final Thoughts
Customization and scalability go hand-in-hand when building out solutions. Services are just as important as technologies; part of providing a solution is delivering value through the right technologies that solve the right problems, at right price. Providing access to technology, expertise and services is the foundational value of MSSPs. By keeping this top of mind, MSSPs should focus on a platform approach that allows highly customizable, scalable solutions with a TCO that unlocks value and growth.