An Open Relationship: Maximizing Value in Security Operations

Like most third-party services, effectively integrating services from a managed security services provider (MSSP) can enhance the value of your organization’s security program. Conversely, poor integration and/or a lack of effective governance can marginalize the effectiveness of your organization’s security operations.

In a well-executed partnership, an MSSP is simply viewed as an extension of the information security organization. An MSSP’s contribution to a security operation depends upon how effectively the partnership is built and maintained.

If you currently rely on a third-party MSSP or are considering engaging one to enable your security operations capability, consider how responsibility for the following functions is distributed and/or shared between the internal (your organization) and external (MSSP) sources:

  • Rule and device administration and management;
  • Security intelligence;
  • Incident/event hunting;
  • Threat monitoring;
  • Threat analysis/impact analysis;
  • Threat triage/investigations;
  • Threat response/incident management; and
  • Emergency response (computer security incident response plan).

Often, organizations will mistakenly expect the MSSP to handle all or most of these functions without their staff being directly involved. Unless the MSSP has agreed to a full-labor-based outsourcing model and fully understands your policies, risk tolerance and executive team preferences on incident handling, it is impractical to expect a third-party MSSP to deliver these functions without your involvement.

In order to effectively plan and design a new process, it is advised to do an integrated design with your MSSP at the beginning of the contact period. One approach for up-front design is to charter a security operations optimization initiative to design the new process and approach.

Managing Security Operations

Structured governance is critical for maximizing the MSSP service’s effectiveness. One mechanism for service management governance includes the availability of a named service manager.

MSSP services typically manage and monitor an environment using centralized shared services (often referred to as a centralized security operations center). As such, much of the day-to-day operational interaction occurs via electronic tickets. In many cases, these tickets are handled by shared resources based upon a skill category and time of day and are not based upon extensive familiarity of a specific customer’s environment.

To maximize success in integrating the service and governing delivery elements, organizations will benefit from regularly communicating with a named service manager. Additionally, the organization and the MSSP can work together to structure a governance plan, which may include regularly scheduled service reviews.

Effective results from investing in an MSSP do not occur on autopilot. Results occur from the mutual efforts of your organization and the MSSP. The process and service management governance are two key elements for success, and effectively integrating the MSSP into an operation’s process is imperative to realizing the value from the relationship.


This article is a four-part series that covers various topics around the value of MSSP relationships, such as integration and governance, threat response process, knowledge of environment and tuning and health. The first part of the series discusses integration and governance. The next blog in the series will discuss the threat response process.

More from Security Services

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

39% of MSPs report major setbacks when adapting to advanced security technologies

4 min read - SOPHOS, a leading global provider of managed security solutions, has recently released its annual MSP Perspectives report for 2024. This most recent report provides insights from 350 different managed service providers (MSPs) across the United States, United Kingdom, Germany and Australia on modern cybersecurity tools solutions. It also documents newly discovered risks and challenges in the industry.Among the many findings of this most recent report, one of the most concerning trends is the difficulties MSPs face when adapting their service…

A decade of global cyberattacks, and where they left us

5 min read - The cyberattack landscape has seen monumental shifts and enormous growth in the past decade or so.I spoke to Michelle Alvarez, X-Force Strategic Threat Analysis Manager at IBM, who told me that the most visible change in cybersecurity can be summed up in one word: scale. A decade ago, “'mega-breaches' were relatively rare, but now feel like an everyday occurrence.”A summary of the past decade in global cyberattacksThe cybersecurity landscape has been impacted by major world events, especially in recent years.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today