September 11, 2018 By Richard P. Gingras 3 min read

Almost daily, we’re reminded of the IT skills shortage that has led to the rise of numerous managed service providers. While there are plenty of initiatives encouraging young people to build careers in IT, it’ll take time for these initiatives to provide a meaningful return. In the meantime, organizations will continue to turn to managed security service providers (MSSPs) and managed security operations center (SOC) providers to bridge the gap.

How to Choose the Right Managed Security Services Vendor

As demand grows for MSSPs, so do the number of vendors in the space looking to take advantage of a growing market opportunity. There are so many, in fact, that businesses frequently struggle to find the right vendor for precisely what they need.

Sure, you could make this decision by sending out a request for information (RFI) or request for proposal (RFP) and selecting the cheapest option or the best overall value on paper. More and more, I see this tactic replacing the effort and time it takes to select the right resource for both products and services. But the real problem with RFP-RFI is that your selection could be based on superior marketing rather than the specific capabilities your organization requires to streamline its use cases and goals.

Of course, you can look at lists of top vendors compiled by third-party analyst firms, but not all top vendors will work for every company across the board. Instead, you should make your decision based not on cost, but on a vendor’s ability to understand your business and provide a partnership that aligns with your business goals. The third-party resources can act as a supplement to help you check on this alignment, alongside testimonials about a vendor’s work.

How to Assess Your Return on Investment

The real challenge is whether or not your organization possesses the ability to assess the value of such a significant investment. That brings us right back to the selection process. If you consider the following points before you contract with an MSSP, you’ll have a way to evaluate your return on investment (ROI):

  • Set clear objectives. Have high-level discussions, but be sure to provide real-life use cases to ensure that your goals are specific.
  • Is the managed security service provider a generalist? Does it have experience managing the specific security solutions your organization has deployed? If you ignore this, you might need to prepare for a forklift upgrade when your vendor lacks experience in managing a specific tool. Consider whether it is acceptable to pay a vendor to train its staff to use the tools you deploy.
  • Is the MSSP a glorified report generation service or a real managed SOC?
  • Clearly define vendor and employee roles and responsibilities. Establish who owns what and determine the level of access or parameters on remediation.
  • Build and validate a transition plan from the current paradigm that will ensure a successful deployment. A bad start tends to linger and become the norm.
  • Don’t agree to a vague service-level agreement (SLA) or one that a vendor describes as its standard agreement. If you can’t figure out how the SLA allows you to have checks and balances to guarantee value and indemnify you when it doesn’t, don’t sign it.
  • Understand your options to exit the agreement. Nobody wants to spend a lot of time discussing penalties or collecting rebates.
  • When you talk to a reference account, find out if the vendor provides actionable information or just some indicators, leaving the organization to perform the actual research itself to find a resolution.

It’s important to remember that if the price is too good to be true, like all things in life, it probably is. As long as you engage your managed service providers as strategic partners and know exactly which services and solutions you’re looking for, you’ll get what you inspect, not what you expect.

More from Security Services

What should Security Operations teams take away from the IBM X-Force 2024 Threat Intelligence Index?

3 min read - The IBM X-Force 2024 Threat Intelligence Index has been released. The headlines are in and among them are the fact that a global identity crisis is emerging. X-Force noted a 71% increase year-to-year in attacks using valid credentials.In this blog post, I’ll explore three cybersecurity recommendations from the Threat Intelligence Index, and define a checklist your Security Operations Center (SOC) should consider as you help your organization manage identity risk.The report identified six action items:Remove identity silosReduce the risk of…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Ermac malware: The other side of the code

6 min read - When the Cerberus code was leaked in late 2020, IBM Trusteer researchers projected that a new Cerberus mutation was just a matter of time. Multiple actors used the leaked Cerberus code but without significant changes to the malware. However, the MalwareHunterTeam discovered a new variant of Cerberus — known as Ermac (also known as Hook) — in late September of 2022.To better understand the new version of Cerberus, we can attempt to shed light on the behind-the-scenes operations of the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today