In our previous article, we looked at why a company might want to use a third party to provide Managed Security Services (MSSP). We identified an alignment of planets, such as increasingly sophisticated cybercrime, lack of qualified staff, and hyper-connected technologies for driving the need for an MSSP to step in to help out. The problem is, where do you start when looking for a good MSSP for your company? In this quick guide, I’ll point out some of the basic requirements you need to look for when outsourcing your cybersecurity prevention program.
MSSP Question Checklist
The basic questions that you should start within your hunt for the perfect MSSP include:
Do They Need to be Local?
The cybercriminals may use the Internet against us, but by the same token, we can use the Internet against them. Many MSSPs now offer remote services. Some of the larger companies also have offices in many global locations, so, if you use a larger service, you may be able to get on-site visits too.
What is Their Pricing Model Like?
MSSP pricing may well be a deciding factor in your choice. Pricing can range widely and varies with your IT infrastructure complexity and size. Smaller organizations may prefer to use a package payment model which is a set price per month with options for add-ons.
What Size Companies do They Offer Services To?
MSSPs may often place a focus on certain sized companies. You will see them advertise their services for enterprise organizations, mid-size companies, and so on. Some specialize in public sector organizations or in specific verticals. More MSSPs are offering services for smaller companies as small to medium-sized firms are being targeted by cybercriminals. These MSSPs will often offer a reduced service for smaller organizations at a more affordable price.
Can They Offer a Specific Service Such as Compliance Expertise?
Many industries are regulated by specific data protection laws. For example, any company that handles credit card payments has to demonstrate compliance with the PCI-DSS standard. In Europe and across the world, the processing of the personal data of EU citizens is also controlled by the General Data Protection Regulation (GDPR). Check out if the MSSP on your radar offers services that will provide advice and guidance on your industry-specific and general compliance requirements.
Nine Managed Security Service Providers to Check Out
#1 TrustNet
Location: USA but service companies across the world
Typical size of company serviced: All sizes managed. They offer service packages based on a monthly pricing model.
Expertise: They offer compliance expertise and can work with your organization to ensure that you meet regulatory requirements. They are also expert project managers. Their packaged services are an easy way to engage in managed security services.
#2 United Service Providers (USP)
Location: Switzerland but service companies across the world
Typical size of company serviced: Mostly midsize to enterprise and public sector
Expertise: USP has a long history of cybersecurity management especially in Firewalls and more lately Web Application Firewalls. They also have expertise in digital identity and authentication.
#3 Vigilant
Typical size of company serviced: Small to medium-sized organizations.
Expertise: They have their own in-house vulnerability detection system CyberDNATM as well as offering cybersecurity management. They also offer a holistic endpoint management service.
#4 Orange Business Services
Location: French headquarters but with offices across the world. Recently acquired SecureLink.
Typical size of company serviced: Mid-size
Expertise: Fully 24/7 managed cybersecurity services from one of Europe’s most well-known brands.
#5 Red Canary
Location: USA but services companies across the world
Typical size of company serviced: All sized organizations
Expertise: Offer a full range of MSSP services and products to back-up the service. Their core merit is to give your company a remote, external “blue team” of security experts who are at your disposal, 24/7.
#6 Delta Risk
Typical size of company serviced: All sized organizations
Expertise: Key focus on Cloud service vulnerabilities. They offer a suite of robust solutions to detect and prevent Cloud-based attacks. Offer 24/7 monitoring services as well as advanced data analytics and Machine Learning to augment human vulnerability analysis.
#7 EY Security
Location: UK headquartered but offices across the world, including in the USA and Asia Pacific
Typical size of company serviced: Medium to larger enterprises
Expertise: Large firm with an array of expertise.
#8 ECSC
Location: Centers in the UK and Australia
Typical size of company serviced: All sized organizations
Expertise: A variety of service packages covering everything from compliance to full outsourcing of all aspects of cybersecurity management. A specialism is PCI and GDPR compliance.
#9 SecureWorks
Location: Headquartered in the UK but offices across the world
Typical size of company serviced: All sized organizations
Expertise: With 4,400 clients across 55 countries, SecureWorks is one of the most recognized names in the world of managed security services. They are a UK company but owned by Dell Technologies. They handhold your organization from vulnerability analysis through to 24/7 management and incident response.
Final Thoughts
Our list of nine MSSPs is by no means exhaustive so don’t forget to do your own research too. There are a number of full MSSP directories available that lists 100s of organizations offering managed security services; an example being MSSP Alert. In the end, you need to determine the right MSSP match for your particular organization. If you are a smaller company, you may want to check out those that offer packages that fit with the specific needs of the smaller firm and that come at a more affordable price.