October 16, 2019 By Spencer Ingram 3 min read

Business environments are forcing organizations to rapidly evolve. Security and risk leaders are realizing that a modern security strategy requires dramatic changes to program governance, technology and execution.

Yet many organizations managing their own security program can’t keep pace and lack the specialized skills and competencies needed to cost-effectively protect against the increasing range, volume and severity of threats.

These challenges often lead IT and security risk leaders to consider outsourcing core functions of security to a managed security service provider (MSSP). Forrester surveyed firms on the most important drivers for outsourcing security and found that improved quality of protection, regulatory compliance, reduced cost and greater competency were the top drivers.

Managed security done well can help organizations navigate the complexity of security and the rapidly changing nature of compliance and regulatory requirements.

Let’s take a look at five key areas of your security program and explore how your next MSSP can add value to these functions.

1. A Focus on Fast and Relevant Detection and Response

As cyberattacks change and develop over time, proactive security monitoring and management requires new techniques and tactics, including artificial intelligence (AI), machine learning (ML) and orchestration to accelerate threat detection, reduce false alerts and improve response times.

Technologies like AI and ML have brought a lot of hype, but the reality is that these capabilities, combined with human expertise, enhance the detection and response process. Cyberattackers are using AI and ML to enhance their offensive capabilities, and defenders must respond in kind.

2. Globalized Operations With Regionalization

Leaders surveyed in the World Economic Forum’s Global Risk Report stated that data fraud and theft as well as large-scale cyberattacks were among the top five biggest risks facing the world in 2019. Cybersecurity no doubt is a global issue for organizations of all types.

Cybersecurity requires a holistic approach, one that takes into account the skills, processes, technologies, business strategies and organizational culture. A global managed security services provider understands the risks at both a macro level and within the context of what’s happening locally. In addition, a global MSSP with local capabilities can offer a variety of services models, such as fully outsourced, co-sourced team augmentation or dedicated on-site delivery.

3. Ability to Demonstrate Security Impact and Effectiveness

Organizations are understandably frustrated when traditional MSSPs share meaningless metrics. Security and risk leaders want to be able to show the board and C-suite the impact of security efforts in terms that are relevant to their business. If you can’t measure it, you aren’t managing it.

MSSPs should measure strategic, operational and tactical metrics on your cybersecurity. The bigger picture should convey key performance indicators (KPIs) that track overall effectiveness, which your leaders can communicate to your business stakeholders. Key metrics might include:

  • Operational coverage of security risk;
  • Time between compromise to detection;
  • False and true positive identification driven by artificial intelligence/machine learning; and
  • Frequency, adoption and value of MSSP-recommended changes.

The MSSP should contribute to and show how your security posture improves over time. Your organization should see a natural maturity progression, such as better detection and response.

4. Risk Translated Into Context

Eighty-seven percent of organizations see tech risk management as a siloed, reactive process rather than “an organization-wide function for proactive risk management,” according to KPMG. A well-developed governance, risk and compliance (GRC) strategy aligns the business objectives to appropriately manage risk and meet compliance requirements. A global MSSP faces the same challenges and must build services that embrace risk management.

MSSP services must consume and operationalize risk data and adjust service delivery based on risk. Understanding and classifying the risks posed and then translating them into actionable context in the security operations center helps translate risk concepts into action.

5. A Trusted Advisor to Your Business

Organizations often report that MSSPs typically don’t share insights, recommendations and learnings from similar accounts. A trusted advisor helps your organization take advantage of best practices and lessons learned from working with accounts at a global scale.

A trusted advisor also understands the risks to the business and can analyze and synthesize large data sets into actionable steps for the client. For example, an MSSP should dig into specific vulnerabilities, assess your security posture and proactively identify threats based on its experience and intelligence gathering.

What Can a Managed Security Services Provider Do for You?

A modern security services provider can change the game for your organization. MSSPs must be risk-aware and operationalize risk understanding into the delivery of threat management services. MSSPs must also be able to translate a global view into local delivery and apply global insights and intelligence in an advisory capacity to the benefit of all clients. Finally, MSSPs must be transparent in their role in improving the organization’s security posture.

Download IBM’s latest MSSP buyer’s guide

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today