Managed Security Services provide cyber security protections, and are delivered by a vendor that acts as an extension of clients’ IT departments.
What Does Managed Security Services Mean?
Not all Managed Security Services vendors offer a complete portfolio. Therefore, it makes sense to measure such providers against the views of global research firm Gartner Inc., which defines Managed Security Services as:
“the remote monitoring or management of IT security functions delivered via shared services from remote security operations centers, not through personnel on-site.
…Managed Security Services include monitored/managed firewalls or intrusion prevention/detection systems; managed multifunction firewalls; unified threat management technology; managed security gateways for messaging or Web traffic; security analysis and reporting of events collected from IT infrastructure logs; reporting associated with monitored/managed devices and incident response; managed vulnerability scanning of networks, servers, databases or applications; distributed denial of service protection; monitoring/management of customer-deployed security information, event management technologies; and monitoring/management of advanced threat defense technologies, or the provision of those capabilities as a service”
What Are the Categories of Managed Security Services?
There are some general categories that fall under the umbrella of Managed Security Services. They are as follows:
This is the day-to-day monitoring and interpretation of important system events throughout the network—including unauthorized behavior, malicious hacks, attacks, anomalies, and trend analysis.
The right MSSP will use technology and people to sweep for vulnerabilities that pose risk to the client environment, generally with these assessments: external, internal, and vulnerability.
In the case of external scans, the MSSP conducts a deep, one-time analysis and then recommends the best ways to establish and maintain cyber security protections. After that, the MSSP assesses internal scans on a regular basis and continues to provide recommendations on requisite safeguards.
Along the way, both types of assessments will scan for security vulnerabilities. From there, consultants supply detailed reports and advise the appropriate courses of action. Often, this entails crafting a customized plan underpinned by industry best practices, technologies, and strategies.
This category calls for a combination of technology and human intelligence. For example, a forward-thinking MSSP will employ platforms and hands-on coaching such as Cofense PhishMeTM and Cofense TriageTM. Cofense PhishMeTM platform distributes simulated phishing threats. The program has proven to reduce the number of employees falling victim to advanced cyber attacks by up to 95%. The Triage system, meanwhile, allows security analysts to respond to email-based attacks. It integrates with SIEM, malware and domain analysis tools, and features playbooks that helps IT teams respond in the most efficient way possible. One Source puts both solutions to work for enterprises.
Cutting-edge MSSPs also offer cyber incident response. In this scenario, incident responders investigate and resolve malicious cyber activity. This happens quickly and effectively when the MSSP’s teams have a deep understanding of all types of threats, and the ways in which the bad guys constantly change tactics, techniques, and procedures. An MSSP should combine investigative and remediation techniques with threat intelligence, as well as network and endpoint technology.
Consultants assess business risks and develop security policies and processes. This may include comprehensive architecture assessments and design (including technology, business risks, technical risks and procedures). Such consulting also may feature security product integration and mitigation support, such as emergency incident response, after an intrusion has occurred.
This involves installing, upgrading, managing, and monitoring the firewall, Virtual Private Network, hardware and software, and email for threats, as well as performing configuration changes on behalf of the customer. A Managed Security Service vendor also delivers regular reports to the customer. Note that some Managed Security Service Providers (MSSPs) may provision all of this through different teams. For example, the IT experts in the MSSP’s parent organization may handle all tasks related to firewalls, VPNs, and hardware and software. Meanwhile, email matters may fall under the Managed Security Services group. And the threat assessment manager may oversee and administer reporting. Such an approach simply serves as a way for the MSSP and its parent organization to deliver the most well-rounded portfolio in an efficient manner. The client does not experience any complication from the service fulfillment structure.
Some MSSPs resell hardware and software from manufacturers and other types of technology experts. Resale may serve more as a value-add than as a core part of the MSSP’s business. Either way, the MSSP should fully manage the equipment it offers, to assure client peace of mind.
A complete Managed Security Services Provider will deliver in most or all of the above categories, not just one or two. Such a vendor will employ trained, skilled cyber security professionals who understand all aspects of a client’s environment and who act as part of the customer’s IT team. Ultimately, the MSSP will take effort and worry off the enterprise’s shoulders, ensuring cyber security so the client’s experts are free to pursue revenue-generating activities.
