For security intelligence, sharing of environment status and workflow (including accurate asset details) will help enhance the effectiveness of a managed security services provider (MSSP) in analyzing the potential impacts of security events. It is important that organizations maintain an efficient ticket workflow and closely manage the availability and accuracy of their asset details to ensure the MSSP can access them.

Share and Share Alike for Security Intelligence

It is crucial to be able to regularly update an MSSP’s information about your assets. The more an MSSP knows about your environment, the more effective it can be when tuning the environment and analyzing specific security events. For example, if an MSSP notices an attack is targeting a certain vulnerability in a specific asset type, it would significantly improve its analysis if it had access to an up-to-date asset inventory.

As for how to share asset details, your organization can work with the MSSP to determine which tools it has available for managing critical assets. Many MSSPs provide access to tools that enable enterprises to upload asset information and third-party vulnerability scan data as well as manually enter and edit critical server and device information.

Your organization’s network and host asset data can be used in real-time correlation with threat and vulnerability data for advanced, target-specific security risk and mitigation. For example, defining an asset’s criticality, sensitivity and regulatory status can facilitate insight regarding risk profiles.

Some MSSPs can associate risk profile information with source and destination IPs, events and vulnerability data, thereby providing organizations with a consolidated view of the threat, its potential success and the associated risks. This type of information allows organizations to make informed decisions regarding how to respond to security events, leading to better risk management.

It is important to understand that the MSSP’s ability to research a security event is dependent on its knowledge of your organization’s environment and risk policy. At a certain point, your organization must apply that knowledge to resolve or close a ticket and to take appropriate remediation actions. You should be aware that ultimate ticket resolution (as indicated by the closure of a ticket) is the organization’s responsibility internally.

Taking a Closer Look at the Ticket Management Process

A clearly defined ticket-handling process is key to enabling a closed-loop cycle. Ticket-handling procedures should include all types of tickets and should be mapped to roles and responsibilities across parties and functional areas within your organization to enable appropriate ticket assignment.

The following are some simple questions to ask:

  • What do you do with tickets and alerts? What is the workflow?
  • Do you have clear plan of ownership for various ticket types?
  • Who owns the activity to research a security alert ticket?
  • What are the remediation actions, and who owns them, if warranted?
  • Is there a need for integration of MSSP ticket data into your internal ticketing system?

If you have engaged an MSSP to perform event monitoring, MSSP analysts should monitor your organization’s security events and then perform an initial event analysis. The MSSP should analyze event data to minimize false positives and to identify, classify and prioritize events that require your attention. For events that require escalation, the MSSP should generate an incident/offense ticket and/or notify your appropriate security contacts.

Optimum value from the use of an MSSP in your security intelligence operations program requires the effective execution of activities and updates on your side to keep the provider informed. Your MSSP relies on up-to-date data from you to appropriately handle current and future security events for your organization. Put simply, an integrated security program is just better security.

This article is Part 3 of a four-part article series. In Part 4, I will highlight additional key focus areas necessary to maximize value in the MSSP relationship and summarize the overall series.

More from Security Services

39% of MSPs report major setbacks when adapting to advanced security technologies

4 min read - SOPHOS, a leading global provider of managed security solutions, has recently released its annual MSP Perspectives report for 2024. This most recent report provides insights from 350 different managed service providers (MSPs) across the United States, United Kingdom, Germany and Australia on modern cybersecurity tools solutions. It also documents newly discovered risks and challenges in the industry.Among the many findings of this most recent report, one of the most concerning trends is the difficulties MSPs face when adapting their service…

A decade of global cyberattacks, and where they left us

5 min read - The cyberattack landscape has seen monumental shifts and enormous growth in the past decade or so.I spoke to Michelle Alvarez, X-Force Strategic Threat Analysis Manager at IBM, who told me that the most visible change in cybersecurity can be summed up in one word: scale. A decade ago, “'mega-breaches' were relatively rare, but now feel like an everyday occurrence.”A summary of the past decade in global cyberattacksThe cybersecurity landscape has been impacted by major world events, especially in recent years.…

How a new wave of deepfake-driven cyber crime targets businesses

5 min read - As deepfake attacks on businesses dominate news headlines, detection experts are gathering valuable insights into how these attacks came into being and the vulnerabilities they exploit. Between 2023 and 2024, frequent phishing and social engineering campaigns led to account hijacking and theft of assets and data, identity theft, and reputational damage to businesses across industries. Call centers of major banks and financial institutions are now overwhelmed by an onslaught of deepfake calls using voice cloning technology in efforts to break…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today