THANK YOU FOR SUBSCRIBING
Rex Tolman, Ciso, Sr. Director Enterprise Security, Kforce
The mission of my security operations center (SOC) team is to protect our company’s ability to generate revenue and profit and to fulfill the firm’s overall mission. This is a strategic goal. It doesn’t speak to the number of threats or intrusion attempts we respond to each day, but instead focuses on business outcomes. Our managed security service provider (MSSP) is fundamental to us fulfilling that mission by providing the full-time support needed to maintain our risk posture while freeing up more personnel for value-add activities. As a long-term relationship, an MSSP can become an essential part of your security roadmap and strategy. However not all MSSPs are created equal, and it’s essential to find the right fit before enlisting a partner
Set strategy and objectives within your SOC
Ideally, your MSSP will act as an extension of your overall SOC so it’s important to start by pinpointing your areas of strength and weakness. As you consider this journey, be honest with yourself about what capabilities you have within your team. We found that our most immediate need was 24/7/365 monitoring as our first level of security response for identifying alerts, running initial investigations and opening tickets for us to resolve anomalies. Our SOC would have required a minimum of four to five people doing nothing but that job to achieve the same results, which would take resources away from higher value-add activities and our ultimate strategic goals.
Bring your team along with you during the process by communicating that their jobs aren’t being outsourced, but instead they will be part of a more dynamic group with a focus on adding value.Then discuss your gaps and activities that do not contribute to a more secure risk posture or competitive advantage. If it’s not a strategic advantage for you to do it within the firm, then outsourcing those activities will likely be more efficient and cost effective.
Socialize requirements with internal stakeholders
Finally, ask your network for their experience. What has gone well with their MSSP? What do they wish they had done differently? This can help weed out potential partners that are not a fit for your organization’s size, industry or culture.
Find a partner with proven expertise
Even if it’s a relatively new or startup MSSP, make sure their services extend beyond day-to-day tasks to include thought leadership and expertise. Ask about the background of their leadership team and look for whether they are conducting their own threat research. It’s important to know that they have a powerful supporting cast of experts to provide additional intelligence.
There may also be cases where you need a provider with more niche knowledge. For example, a banking firm with regulatory requirements like PCI needs to find an MSSP with clear abilities in that area. Outside of your firm requirements, you’ll want to consider the requirements of your clients. At Kforce, we have specific security requirements we must fulfill to meet client requirements—our MSSP is a key part of that compliance.
Start with only the services you need today
The most common obstacle to enlisting a security partner is cost, and it’s important to remember that one size does not fit all. MSSPs often offer a large suite of services that can quickly become expensive if you try to leverage all of them at once. Make sure you stick to your list of immediate needs up front and allow the relationship to mature before adding to the scope of work.
An MSSP is a long-term investment that will grow in efficiency over time as resources get up to speed and gain meaningful data for increased confidence responding to malicious activity. The MSSP our firm uses was relatively small at the time we initially partnered, but this worked in our favor because as our systems have matured and grown, so have they. They are now one of the leading MSSPs with a global footprint.
Set expectations for the ongoing relationship
To provide communication and transparency throughout the relationship, find an MSSP that will commit to key performance indicators (KPIs) and consistent reporting. This will allow for regular reviews to openly discuss where the team is performing well and where there’s room for improvement. It’s also helpful if they offer a maturity rating as a continuous barometer of how effective their services are over time.
Our SOC is fortunate to have a great partnership with our MSSP. We have a dedicated representative on each side who are in frequent communication with each other. From our first onboarding, the MSSP CEO even made it clear that they were only a phone call away in the event of a security emergency. It has truly become an extension of our own SOC.
The bottom line is MSSPs can provide many different services to help your SOC become a more value-add group if you can strategically choose the right partner and services. Find your sweet spot to ensure you are not overspending and underutilizing their services and it will lay a strong foundation for you to build on as you continue to mature your cybersecurity program.