The Guide to MSSP for Dummies

MSSP, or Managed Security Service Provider, is a full-scale cybersecurity solution used by companies and organizations to reduce security breaches and hacks. An enterprise with a large internal security team may implement an MSSP themselves. A small- to medium-sized company may work with an MSSP consultant to assess needs, identify options, and implement a cost-effective MSSP. Here’s a quick guide.

What is the meaning of MSSP?

MSSP stands for Managed Security Service Provider. A Managed Security Service Provider is an external partner who manages and monitors cybersecurity solutions for a company or organization. For example, a large healthcare company may hire an MSSP to implement, manage, and optimize the security of their online customer dashboards. Very likely, this same provider may also manage the security of internal information for the salesforce and physicians. These services provided by the MSSP all fall within the category of Identity and Access Management (IAM). IAM solutions range from simple username/password tools to Multi-Factor Authentication (MFA) solutions that involve IP/Location risk assessment and biometric authentication like fingerprint readers and facial recognition. Per Wikipedia:

“In computing, managed security services are network security services that have been outsourced to a service provider. A company providing such a service is a managed security service provider.”
– Wikipedia

What is an MSSP program?

An MSSP program refers to a managed security service provider solution that covers a wide range of security measures, including: reducing security breaches, reducing hack intrusions, IT/IS services, firewalls, security monitoring, antivirus/malware protection, and simple spam email blocking.

A well-planned MSSP program will save a company time, money, and effort, while protecting sensitive corporate and employee information from security threats. An MSSP may work alongside a company’s internal cyber security team, or as a third-party provider if the company doesn’t have an internal security team. This avoids big implementation costs, yet delivers similar or greater security at just a monthly subscription cost. From a value standpoint, many Silicon Valley venture capitalists like the subscription model, because it avoids capital budgeting. It’s generally easier for any company to manage and track a subscription.

What are typical MSSP costs?

MSSP costs range based on the size of your company. A startup or small business may only pay a few dollars per user per month, plus a small annual fee. An enterprise may pay tens of thousands of dollars per month. As an MSSP ourselves, here’s what we see for our own clients:

Small Business

If your business has under 100 accounts, expect to pay about $10 per user or device, plus $500/month.

Medium Business

If your business has 100-500 accounts, expect to pay about $12 per user or device, plus $1000/month.

Enterprise Business

If your business has 500+ accounts, expect to pay $15,000/month and up. This also varies with their coverage like 24/7. At Sennovate, our customers save about 60% if they opt for an MSSP solution. They get the full coverage at a fraction of the cost. Plus, their core team can continue to focus on their business, rather than trying to become an IAM or SOC expert.

What are the top MSSP requirements?

MSSP requirements for a secure company infrastructure are extensive. Here’s a general overview. For a complete vision into what your company may need, call Sennovate for a free consultation: (925) 918-6618

A recent cybersecurity article lists the following requirements for your MSSP, and we have some other considerations to add:

Advanced Threat Detection. Industry leading MSSPs use a combination of people and technology to accurately detect and prioritize indicators of attack or compromise. Components of advanced threat detection include 24/7 investigations by security analysts, customized SIEM use cases, business context modeling, threat intelligence profiling and AI-based threat hunting models.

Managed Detection and Response. Managed detection and response (MDR) services will assist your team by leveraging technologies at the perimeter, core and endpoint to detect and contain threats both in on-premise and cloud-based environments. MDRs also offer vulnerability management and extensive incident response services.

Security Orchestration and Automated Response. Automation or semi-automation is required to quickly contain high-fidelity security events and allow time for incident responders to investigate and remediate threats before they cause damage.

Risk Scoring. MSSPs should provide their clients with security dashboards and data that show each client’s risk compared to their peer group. They can also provide their clients with visibility into their security posture to help identify blind spots.

Full Lifecycle Management. Many organizations lack the resources to manage their security products and keep them running to vendor recommended standards. MSSPs with the capability to manage or co-manage these devices help off-load IT teams to do more important tasks while maximizing the value of next generation tools.

Dedicated Client Success Team. In addition to the support of a 24/7 security team, MSSPs should assign their clients a client success team that is focused on account management and strategic security advisory functions, ultimately understanding and supporting both the business and technical needs of the organization throughout the relationship.

Flexibility and Customization. Every organization is unique, and an MSSP should be able to customize their services to the needs of each organization they work with. Flexibility spans customizing use cases, reports, dashboards, escalation rules, incident response actions and more – all required to meet each organizations’ requirements. Mapping the managed security service to each organizations’ needs improves the quality of cyber defense and minimizes operational disruption.

Powerful Case Management. MSSPs should provide access to an enterprise-class ITSM tool for case management and workflow automation. This allows for better visibility into the MSSP’s actions and tighter integration between the client and MSSP’s security team.

Global SOC Operations. Global MSSPs offer both continuity of operations and unrivaled visibility into advanced threats. Their 24/7 operations, combined with the volume and breadth of their client base, allows global MSSPs to see more advanced threats on a recurring basis and puts them in a stronger position to respond quickly.

SOC Type 2 Compliance. An MSSP should complete an annual audit to demonstrate that it follows strict information security policies and procedures that encompass the security, availability, and confidentiality of customer data.

– Cyber Defense Magazine

And even before all these, we recommend starting with the basics:

Feasibility

Based on your organizational structure, what MSSP solution can your company implement? If your enterprise is global, there are some solutions much better suited for a multi-lingual, multi-regional enterprise. If your company is sharing live, real-time testing data to mobile users, there are some MSSP solutions tailored to your needs, while others will be difficult for end-users to access. Make sure your MSSP consultant goes through an extensive feasibility study to ensure your final solution meets the needs of your corporate cybersecurity goals and your end user experience.

Compatibility

Is your desired MSSP solution compatible with your existing systems? Is it cloud-based? Is it flexible enough to ensure maximum compatibility and performance across cloud and on-prem servers?

Cost

First and foremost, an MSSP solution must show clear ROI. If cyber attacks are costing your business only $100 per month, it’s not a smart value to implement an MSSP solution that costs your company $10,000 per month. We see the fear of cyber threats often outweighing the business benefits of an MSSP solution. So, our recommendation is to work with a consultant who assesses your company’s current and projected costs of security breaches and hacks, then matches those with an MSSP solution that exceeds your security needs, while staying within sensible investment budgets. For example, a small biotech company may invest in an MSSP solution that offers the highest-level of testing data security, while avoiding unnecessary solutions intended for a global workforce.

As an example, we spoke with an organization who thought running an SOC (Security Operations Center) was very expensive. They also thought they could monitor all the security tools internally without an orchestration tool. Unfortunately, this led them to a couple of vulnerability attacks, which cost them a lot more money.

There are security tools in an organization designed for many purposes. By orchestrating those logs in one place, it simplifies the monitoring process for SOC. When it comes to the cloud, we have products like AlienVault, and you can hire an MSSP to manage your SOC for as low as $5000/month. This will help you to early detect the threats. This risk-based monitoring is powered by AI, cost-effective, and will minimize labor-intensive visual monitoring.

If you have questions about customized MSSP solutions that provide world-class protection for smart budgets, call us for a free consultation: (925) 918-6618

MDR vs MSSP

An MDR (Managed Detection and Response Service) and an MSSP (Managed Security Service Provider) are both cybersecurity solutions designed to protect companies and organizations from security breaches and cyber attacks.

An MDR is a proprietary security solution based on a company’s unique organization structure. An MDR requires a support team of forensic analysts and security services to monitor your company network. It’s a high-touch, high-cost solution. The upside of an MDR is the possibility of an assigned staff to handle user and executive requests. The risk of an MDR is that the MDR solution process and technology may be less flexible and outdated.

An MSSP is an automated security solution that is outsourced and based on your company’s technology stack. An MSSP requires no internal support team, and outsources tasks to the MSSP. It’s a low-touch, cost-effective solution. The upside of an MSSP is its flexibility to be customized to your company structure, technology, and needs. The possible downside of an MSSP is that the support team is external to your organization. Generally, MSSP vendors are also partners with MDR vendors. aThey deploy the MDR to enhance their MSSP services to run the virtual SOC. For example, AlienVault (now AT&T) has many MSSP partners who can bundle services to monitor the customer vulnerabilities in near real-time.

MSSP vs SOC

As noted just above, an MSSP is an automated security solution that is outsourced and based on your company’s technology stack.

An SOC (Security Operations Center) is an internal corporate security team. Much like an MDR, an SOC is a larger investment that is initially customized to your organizational structure. The upside is that you have a full-time staff watching and analyzing your corporate security. The downside is cost and some lack of flexibility. The cost of hiring and managing an SOC team is a concern. The lack of flexibility arises when cyber security technologies evolve, while your employee skill sets remain the same.

Top MSSP Services

There are dozens of MSSP services from which to choose. They range in price, flexibility, and specialization. Here are three MSSP services that we generally recommend to our clients, based on size and need:

Deloitte/ Accenture/CapGemini

For Fortune 100 companies, these providers have the means to build the information security and cyber security teams, internally. They also have the means to hire the consultants onsite to train the team and also put the processes in place for internal employees to follow. These companies won’t just do security, but also do the strategic consulting for business, technology and security. Since most of the key roles are going to stay in house, the mundane tasks may be outsourced to these companies offshore locations in bulk. These large companies usually hire the thought leaders to stay ahead of the market. Excellent quality for premium price, which can scale up horizontally and vertically. Due to tight contract terms and very long durations, it is very hard to scale down unless they mutually agreed to do so. Great service for a huge price.

Tata/DXC/Cognizant

Large enterprises and maybe Fortune 500 companies, these companies have a similar model as the Fortune 100 providers, but on a smaller scale. These companies focus on lower-costs and big volume. They are not necessarily thought leaders in security, but fill the right teams with the right skills. They may hire independent contractors for key skills.

Simeio Solutions

For medium enterprises and maybe Fortune 1000 companies, these providers are the specialized security firms and help these companies to focus on security related needs. They also provide resources to the first 2 categories or they have a unique client base who are large enough and security is integral part of their business. Their business mandates to allocate theu huge chunk of their business to security and they have to have hardfence security to protect their intellectual property. Simeo kind of companies, seucrity ithe focus and they provide the quality as good as big 5 for the smaller markets who are looking for only security solutions. Anything outside of security, these companies should rely on other vendors.

Sennovate

For small to medium enterprises with 100 to 2000 employees who need to compete in global markets, Sennovate works as a partner, bringing the best products in the market, and integrates them with other applications, at a fraction of the cost. For example, Sennovate’s clients may have 1-5 member teams who are mostly doing security and administration work: Cloud infrastructure administration, systems administration, network administration, business end-user support, HR-related security requests, and general cyber/information security. Because they’re spread thin, they work in a “reactive” mode, making it time-consuming to execute simple tasks. With the help of Sennovate, they regain control.

Btw, what is Identity and Access Management?

MSSP falls under the umbrella of Identity and Access Management. Identity and Access Management (IAM) or Identity Management (IdM) refers to the general cybersecurity solutions that allow customers to access their accounts or employees to access sensitive data, via online devices. For example, accessing your Gmail is an IAM process. Logging into your New York Times account is an IAM process. And a global enterprise offering their salesforce online access to critical corporate information is an IAM process.

Historically, IAM referred to a simple username and password. Nowadays, it typically involves two-factor authentication (2FA), for example, a password AND an SMS/text confirmation. For more secure information, Multi-Factor Authentication (MFA) includes IP/Location risk assessment, biometric authentication, and more.

Does my company need to hire an identity and access management engineer to implement an MSSP?

If you’re a medium to large company, yes — we think it’s mandatory to hire a small, 1-5 person IAM team. However, startups and smaller businesses may be best served by an IAM/MSSP consultant. As a general rule, when a company exceeds 100 employees, they should consider a full-time identity and access management individual to protect company information. Companies with 500+ employees should have several employees, or a team, dedicated to identity and access management.

Do I need a consultant to implement an MSSP?

Yes, if you don’t have an internal IAM team, you should hire an IAM/MSSP consultant to assess, identify, implement, and optimize your MSSP solution. We recommend an experienced consultant that is hands-on, so you can be hands-off. Have questions? We’re happy to guide you through the process, call anytime: (925) 918-6618

When should I hire an MSSP consultant?

If your company isn’t ready to invest in a small IAM team, or IAM engineer, we would recommend working with an MSSP consultant near you. An experienced MSSP consultant will set up your business on a solid, secure IAM framework, and may only require minimal annual maintenance or upgrade costs. Because security is ever-evolving, having an internal team can get very expensive. Moreover, it can get hard to keep them 100% busy and motivated. So, an MSSP consultant keeps your security up-to-date every day, learning from customers across industries, with various business needs.

Do I need an MSSP consultant near me?

Maybe. The most important factor is experience and effective workflow, whether in-person, on-site, virtual, or off-site. That said, we think working with a MSSP consultant near you is an advantage. This will allow your MSSP consultant to better communicate with existing IT teams, and better understand your current information architecture. A non-local MSSP consultant becomes a good option if they follow security best practices, and have an established virtual workflow. Why? Location is less significant when virtual workforce tools are effectively adopted by consultant and client, whether a small business or global enterprise. Plus, all that said, on-site MSSP consultants can be costly. Bottomline, look for an MSSP consultant who offers an excellent communication process, clear workflow, and custom solution for your business.

Have questions about MSSP?
Email [email protected] or call (925) 918-6618

READ MORE

The 5-Minute Identity and Access Management Tutorial

Privileged Access Management Requirements in 2020

The Insider’s Guide to Okta Adaptive MFA Pricing

The Guide to Modern Types of Multi-Factor Authentication

About Sennovate

Sennovate delivers custom identity and access management solutions to businesses around the world. With global partners and a library of 1000+ integrations, we implement world-class cybersecurity solutions that save your company time and money. We offer a seamless experience with integration across all cloud applications, and a single price for product, implementation, and support. Have questions? The consultation is always free. Email [email protected] or call us at: (925) 918-6618