11 Elements of a Successful Managed Security Partnership
by Steven Drew - Monday, 02 February 2003.
More and more organizations are turning to Managed Security Services (MSS) to help them achieve their security objectives. Security teams need to do more to protect their environment, but are facing a variety of resource constraints. A Managed Security Services Provider (MSSP) will remove some of the mundane operational activities so security teams can focus on strategic security initiatives that will deliver short and long-term benefits to their organization. Additionally, the provider is adding value by delivering timely security intelligence, real-time enterprise-wide monitoring and device management that enhance the organization's security posture.

Selecting a Managed Security Service Provider is one of the most important decisions a security team will make. Choosing the right partner will often determine the success or failure of the initiative. The following information highlights the most important factors to look for when evaluating a MSSP. Since a provider is meant to be an extension of an organization's security team, they must be strong across the three fundamental areas of security: People, Process and Technology. Organizations should consider the following factors to ensure a successful partnership.


Like any other discipline, people are the most important part of a security program. A provider must have talented people analyzing events, managing devices and guiding the company. A company evaluating a provider should pay particular attention to the qualifications of the intrusion analysts. Many MSSPs tout the number of CISSPs at their organization. While the CISSP is respectable certification, it is not an operational-level certification and should not be given much weight at this level. Instead, security teams should look for an MSSP's intrusion analyst team to possess a more practitioner-level certification, such as SANS' Global Information Assurance Certification (GIAC). In particular, intrusion analyst teams should specialize in the GIAC Intrusion Analyst track, which provides them with the tools they need to rapidly identify, analyze and respond to threats. Organizations should feel confident in their provider's ability if 100% of the MSSP's analysts carry a GIAC Intrusion Analyst certification.

At the management level, careful consideration needs to be paid to the team's vision of the company. From the top down, is the MSSP focused on delivering Managed Security Services or are they using services as a way to increase their product sales? This is very important because it determines whether the provider will have the breadth of experience necessary to perform in a best-of-breed environment or if they only have experience with their company's own products. Vision also plays an important role depending on your objectives. Many MSSPs have a general, managed anything security vision. These providers are excellent for companies that do not have the capacity or inclination to handle security internally and are looking for a way to outsource the entire function. On the other end of the spectrum are providers that specialize in Threat Management and partner with internal security teams to enhance their organization's security posture. These providers focus their service offerings around providing the capabilities necessary to protect, detect and respond to threats before damage is done.



Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th