October 16, 2019 By Spencer Ingram 3 min read

Business environments are forcing organizations to rapidly evolve. Security and risk leaders are realizing that a modern security strategy requires dramatic changes to program governance, technology and execution.

Yet many organizations managing their own security program can’t keep pace and lack the specialized skills and competencies needed to cost-effectively protect against the increasing range, volume and severity of threats.

These challenges often lead IT and security risk leaders to consider outsourcing core functions of security to a managed security service provider (MSSP). Forrester surveyed firms on the most important drivers for outsourcing security and found that improved quality of protection, regulatory compliance, reduced cost and greater competency were the top drivers.

Managed security done well can help organizations navigate the complexity of security and the rapidly changing nature of compliance and regulatory requirements.

Let’s take a look at five key areas of your security program and explore how your next MSSP can add value to these functions.

1. A Focus on Fast and Relevant Detection and Response

As cyberattacks change and develop over time, proactive security monitoring and management requires new techniques and tactics, including artificial intelligence (AI), machine learning (ML) and orchestration to accelerate threat detection, reduce false alerts and improve response times.

Technologies like AI and ML have brought a lot of hype, but the reality is that these capabilities, combined with human expertise, enhance the detection and response process. Cyberattackers are using AI and ML to enhance their offensive capabilities, and defenders must respond in kind.

2. Globalized Operations With Regionalization

Leaders surveyed in the World Economic Forum’s Global Risk Report stated that data fraud and theft as well as large-scale cyberattacks were among the top five biggest risks facing the world in 2019. Cybersecurity no doubt is a global issue for organizations of all types.

Cybersecurity requires a holistic approach, one that takes into account the skills, processes, technologies, business strategies and organizational culture. A global managed security services provider understands the risks at both a macro level and within the context of what’s happening locally. In addition, a global MSSP with local capabilities can offer a variety of services models, such as fully outsourced, co-sourced team augmentation or dedicated on-site delivery.

3. Ability to Demonstrate Security Impact and Effectiveness

Organizations are understandably frustrated when traditional MSSPs share meaningless metrics. Security and risk leaders want to be able to show the board and C-suite the impact of security efforts in terms that are relevant to their business. If you can’t measure it, you aren’t managing it.

MSSPs should measure strategic, operational and tactical metrics on your cybersecurity. The bigger picture should convey key performance indicators (KPIs) that track overall effectiveness, which your leaders can communicate to your business stakeholders. Key metrics might include:

  • Operational coverage of security risk;
  • Time between compromise to detection;
  • False and true positive identification driven by artificial intelligence/machine learning; and
  • Frequency, adoption and value of MSSP-recommended changes.

The MSSP should contribute to and show how your security posture improves over time. Your organization should see a natural maturity progression, such as better detection and response.

4. Risk Translated Into Context

Eighty-seven percent of organizations see tech risk management as a siloed, reactive process rather than “an organization-wide function for proactive risk management,” according to KPMG. A well-developed governance, risk and compliance (GRC) strategy aligns the business objectives to appropriately manage risk and meet compliance requirements. A global MSSP faces the same challenges and must build services that embrace risk management.

MSSP services must consume and operationalize risk data and adjust service delivery based on risk. Understanding and classifying the risks posed and then translating them into actionable context in the security operations center helps translate risk concepts into action.

5. A Trusted Advisor to Your Business

Organizations often report that MSSPs typically don’t share insights, recommendations and learnings from similar accounts. A trusted advisor helps your organization take advantage of best practices and lessons learned from working with accounts at a global scale.

A trusted advisor also understands the risks to the business and can analyze and synthesize large data sets into actionable steps for the client. For example, an MSSP should dig into specific vulnerabilities, assess your security posture and proactively identify threats based on its experience and intelligence gathering.

What Can a Managed Security Services Provider Do for You?

A modern security services provider can change the game for your organization. MSSPs must be risk-aware and operationalize risk understanding into the delivery of threat management services. MSSPs must also be able to translate a global view into local delivery and apply global insights and intelligence in an advisory capacity to the benefit of all clients. Finally, MSSPs must be transparent in their role in improving the organization’s security posture.

Download IBM’s latest MSSP buyer’s guide

More from CISO

Empowering cybersecurity leadership: Strategies for effective Board engagement

4 min read - With the increased regulation surrounding cyberattacks, more and more executives are seeing these attacks for what they are - serious threats to business operations, profitability and business survivability. But what about the Board of Directors? Are they getting all the information they need? Are they aware of your organization’s cybersecurity initiatives? Do they understand why those initiatives matter? Maybe not. According to Harvard Business Review, only 47% of board members regularly engage with their CISO. There appears to be a…

The evolution of 20 years of cybersecurity awareness

3 min read - Since 2004, the White House and Congress have designated October National Cybersecurity Awareness Month. This year marks the 20th anniversary of this effort to raise awareness about the importance of cybersecurity and online safety. How have cybersecurity and malware evolved over the last two decades? What types of threat management tools surfaced and when? The Cybersecurity Awareness Month themes over the years give us a clue. 2004 - 2009: Inaugural year and beyond This early period emphasized general cybersecurity hygiene,…

C-suite weighs in on generative AI and security

3 min read - Generative AI (GenAI) is poised to deliver significant benefits to enterprises and their ability to readily respond to and effectively defend against cyber threats. But AI that is not itself secured may introduce a whole new set of threats to businesses. Today IBM’s Institute for Business Value published “The CEO's guide to generative AI: Cybersecurity," part of a larger series providing guidance for senior leaders planning to adopt generative AI models and tools. The materials highlight key considerations for CEOs…

Bringing threat intelligence and adversary insights to the forefront: X-Force Research Hub

3 min read - Today defenders are dealing with both a threat landscape that’s constantly changing and attacks that have stood the test of time. Innovation and best practices co-exist in the criminal world, and one mustn’t distract us from the other. IBM X-Force is continuously observing new attack vectors and novel malware in the wild, as adversaries seek to evade detection innovations. But we also know that tried and true tactics — from phishing and exploiting known vulnerabilities to using compromised credentials and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today