Conventional MSSPs offer convenience and simplicity in staffing
Though details vary by provider and service level, MSSPs are expected to undertake several tasks that would otherwise be handled in-house by IT or dedicated security teams. In such a scenario:
- Monitoring of networks, core systems and valuable data stores (on-premises or in the cloud) are designed to detect intrusion attempts, data breaches, and the presence of malware or exploitable bugs—and to bring these to the attention of IT personnel. An often-used tool for this is an on-premises, or cloud-based, security information and event management (SIEM) system.
- Management and security tools (also on-premises or in the cloud) the MSSP utilizes can range from dedicated firewalls to malware-detection software.
- Mitigation of detected security problems as required can provide a passive or reactive approach. These functions require MSSP personnel to respond as security issues are detected by the underlying security tools, such as firewalls or malware-alerting systems. Response mitigation tools can include endpoint detection and response (EDR), firewalls or web proxies.
- Reporting and internal auditing tasks include those needed for consumption-based billing and those designed to demonstrate compliance with incident management and service requirements.
This conventional, scope-limited approach to MSS benefits organizations by providing security resources the firm may not have—for example, by allowing dedicated, around-the-clock coverage. The variety of MSS offerings available can free internal resources to concentrate on other security demands, rather than ones that can be covered by day-to-day routines. Regardless of size, virtually any organization can benefit from the cross-client visibility that MSS can provide.
However, sourcing security activities to an MSSP does not guarantee consistency across the enterprise. An enterprise can have critical gaps that must be closed to achieve greater security.
“Sourcing security activities to a managed security provider does not guarantee consistency across the enterprise.”
MSS, for instance, does not eliminate the problem of protecting data silos within an enterprise. Different threat vectors (such as application, databases, user authentication and system access) may be managed separately, or divisions within the enterprise may not share tools even when protecting similar data stores. Situations such as this mean that simply allowing a third party to manage security tools does not automatically unify an organization’s security approach.
More important, although a conventional MSSP offers convenience and simplicity in staffing even when a large security team is required, greater insights into the bigger picture of an enterprise’s security posture are not always obtained using this traditional sourcing strategy.
How do you address the challenge of threat management?
Only IBM Delivers 360 Degrees of Protection Across the Entire Threat Management Lifecycle