2. Access the MSSP’s investments in specialized skill sets
Customers should leverage an MSSP as the interface for bringing the people, processes and technologies that can help achieve their goals. Here’s how they can help:
Technology – The provider has done the work of evaluating various innovative technologies and has selected those that can help future-proof their customers’ defences. This means your team doesn’t have to spend time doing the same thing. Before speaking to an MSSP about this, be sure they have a clear understanding of your ecosystem to avoid any unnecessary expenditure and prioritize investment.
People – With the threat landscape constantly evolving, you need to access skills that are agile enough to adapt to these changes. If you already have a core SOC team in place, consider adopting a hybrid engagement model that enables you to augment your team with specialists in areas such as Incident Response, Managed Detection and Response (MDR), Threat Hunting, Threat Intelligence Monitoring, Vulnerability Assessments etc.
Process – Without implementing sustainable and effective processes that a team can comfortably maintain, the investments you make in people or technology will only cause more complexity. Adopting processes that are aligned to industry frameworks such as NIST is a good start but isn’t as simple as using it as a template for your organization – your business needs tailored processes that fit your architecture and unique goals.
At CyberProof, we develop and implement tailored attack scenario use cases for our customers and provide access to these in a catalog we call the Use Case Factory. These use cases consist of prevention controls, detection rules and response playbooks and are developed in line with the customer’s incident response procedures. We map them to the MITRE ATT&CK matrix as well as our own threat intelligence-driven vulnerability assessments to continuously and automatically optimize defences.
3. Get clarity on service deliverables and how the MSSPs’ experts will work with your teams
Forrester notes that CISOs should be clear on what MSSPs are expected to do and should ensure that they can deliver the necessary services. This is a common issue found when adopting an outdated managed services engagement model due to the ‘black-box’ approach still used today by some providers where there is little to no visibility into operations or processes being carried out by the MSSP on the customer’s estate.
To combat this problem, organizations should consider working with an MSSP that adopts a hybrid engagement model – a form of outsourcing that enables the provider to work as an extension of the customer’s team and reduce siloed working. Essentially, a hybrid engagement involves the following key traits:
- Providing transparency – Leveraging a service delivery platform that can be used by the customer to provide on-demand visibility into the day-to-day SOC activities and processes being conducted.
- Facilitates easy collaboration – Having a real-time communication channel, such as ChatOps feature, that enable your internal team to collaborate with both internal stakeholders and the providers’ domain experts.
- Service delivery engagement – Push the MSSP to provide a dedicated team that ensures high-touch service delivery, manages the relationship, and facilitates recurring customer value workshops to ensure agreed-upon KPIs are being met.
To Summarize – The Varied Level of Maturity in APAC Requires a Flexible MSSP
According to Forrester’s report, the varied maturity of organizations in APAC has spawned different types of leaders – from more transformational CISOs to those who are limited to dealing with day-to-day operations. Consequently, this suggests security leaders should prioritize MSSPs that can customize their delivery approach, pricing, and operating model based on your unique challenges. Entering into a managed security services agreement is a strategic move which requires clarity from both sides regarding what to expect from this partnership and how it can flex to meet the changing requirements of the customer.
Working with a provider that brings a hybrid approach – a model that encourages clear communication, transparency of operations, and an integrated team – will ensure you are not outsourcing control along with security but rather enabling your existing SOC team to continuously optimize their cyber defenses in an agile way.
