Selecting a Managed Security Service Provider is one of the most important decisions a security team will make. Choosing the right partner will often determine the success or failure of the initiative. The following information highlights the most important factors to look for when evaluating a MSSP. Since a provider is meant to be an extension of an organization's security team, they must be strong across the three fundamental areas of security: People, Process and Technology. Organizations should consider the following factors to ensure a successful partnership.
Like any other discipline, people are the most important part of a security program. A provider must have talented people analyzing events, managing devices and guiding the company. A company evaluating a provider should pay particular attention to the qualifications of the intrusion analysts. Many MSSPs tout the number of CISSPs at their organization. While the CISSP is respectable certification, it is not an operational-level certification and should not be given much weight at this level. Instead, security teams should look for an MSSP's intrusion analyst team to possess a more practitioner-level certification, such as SANS' Global Information Assurance Certification (GIAC). In particular, intrusion analyst teams should specialize in the GIAC Intrusion Analyst track, which provides them with the tools they need to rapidly identify, analyze and respond to threats. Organizations should feel confident in their provider's ability if 100% of the MSSP's analysts carry a GIAC Intrusion Analyst certification.
At the management level, careful consideration needs to be paid to the team's vision of the company. From the top down, is the MSSP focused on delivering Managed Security Services or are they using services as a way to increase their product sales? This is very important because it determines whether the provider will have the breadth of experience necessary to perform in a best-of-breed environment or if they only have experience with their company's own products. Vision also plays an important role depending on your objectives. Many MSSPs have a general, managed anything security vision. These providers are excellent for companies that do not have the capacity or inclination to handle security internally and are looking for a way to outsource the entire function. On the other end of the spectrum are providers that specialize in Threat Management and partner with internal security teams to enhance their organization's security posture. These providers focus their service offerings around providing the capabilities necessary to protect, detect and respond to threats before damage is done.