Tips for Choosing a MSSP
Security as a Service (SaaS) offerings are prompting many businesses to consider finding new ways to manage their network security functions. Yet there can be a high level of anxiety when you think about handing something as critical as network security over to an outside party.
The question becomes, how do you find a SaaS provider matches well with the way you want to manage your network security?
Take a look at these two models as a way to refine your answer:
1. Self-Service: If you already have experienced security staff, but don't want to make the capital investments required to keep up with the latest security technologies and tools, the self-service model is a good choice. You can reduce costs by just using the provider's monitoring service, and using your staff to perform the more complex analysis and incident response work, while leveraging the provider's state-of-the-art toolset.
2. Fully managed: Under this model, all of your security operations are supported by a managed security services provider (MSSP). You gain the advantages of both the latest security technologies and the work of the provider's security experts, who monitor and manage thousands of customer networks, which gives them insights into a broad array of security trends and threats.
The criteria below can help you choose the right MSSP for your network and business needs.
Provider Size and Experience: Number of networks monitored, dedicated and certified security personnel, security operations centers (SOCs)
Deployment Options: Choice of cloud-based, CPE-based, and hybrid cloud/CPE services to best match your network and cost considerations
Options for supplementing your internal security staff or full monitoring services:
Comprehensive Features: All key security services, such as managed firewalls, intrusion protection, antivirus, and content filtering as well as services for compliance with PCI, HIPAA/HITECH, FFIEC, GLBA, and other industry standards
Solution Supportability: The provider uses solutions from leading security vendors; not unsupported, open-source software
What factors do you think are important for evaluating a managed security services provider?
Recommended Listening: Podcast 2 in a 4 part series on Security and Compliance. Tune in for a MPLS University Q&A on "7 Tips and 2 Models: How to Choose a Managed Security Services Provider that Fits Your Business".