More and more organizations are turning to Managed Security Services (MSS) to help them achieve their security objectives. Security teams need to do more to protect their environment, but are facing a variety of resource constraints. A Managed Security Services Provider (MSSP) will remove some of the mundane operational activities so security teams can focus on strategic security initiatives that will deliver short and long-term benefits to their organization. Additionally, the provider is adding value by delivering timely security intelligence, real-time enterprise-wide monitoring and device management that enhance the organization's security posture.

Selecting a Managed Security Service Provider is one of the most important decisions a security team will make. Choosing the right partner will often determine the success or failure of the initiative. The following information highlights the most important factors to look for when evaluating a MSSP. Since a provider is meant to be an extension of an organization's security team, they must be strong across the three fundamental areas of security: People, Process and Technology. Organizations should consider the following factors to ensure a successful partnership.


People

Like any other discipline, people are the most important part of a security program. A provider must have talented people analyzing events, managing devices and guiding the company. A company evaluating a provider should pay particular attention to the qualifications of the intrusion analysts. Many MSSPs tout the number of CISSPs at their organization. While the CISSP is respectable certification, it is not an operational-level certification and should not be given much weight at this level. Instead, security teams should look for an MSSP's intrusion analyst team to possess a more practitioner-level certification, such as SANS' Global Information Assurance Certification (GIAC). In particular, intrusion analyst teams should specialize in the GIAC Intrusion Analyst track, which provides them with the tools they need to rapidly identify, analyze and respond to threats. Organizations should feel confident in their provider's ability if 100% of the MSSP's analysts carry a GIAC Intrusion Analyst certification.