The second category is the Managed Security Service Provider's processes. Processes facilitate the effective delivery of the provider's services. An important, but often neglected process is the ability to enable real-time service delivery visibility. An MSSP should adhere to an OPEN Service Delivery methodology. This methodology allows clients to see the status of their security and service delivery every second of every day. By adopting this methodology the MSSP needs to have the proper processes in place to show clients real-time information through a portal. Many providers will only post incidents after they have been analyzed. By not presenting all security events, the client will not gain enterprise-wide security visibility and will never know the true level of threats facing their organization. Companies should seek providers that present them with all the events and their status in real-time via the client portal.
Availability of the monitoring infrastructure is obviously of critical importance. However, it is surprising how many providers do not have processes in place to detect failures in their own monitoring systems. Even fewer providers conduct trending and behavioral analyses to detect abnormal traffic patterns. Without conducting these types of analyses, a provider will not be able to catch a sudden drop-off in their security monitoring visibility. A typical example of this is when a client makes an improper switch configuration change on a network where an intrusion detection system resides. Most providers will not be alerted to a sudden reduction in visibility. To them it would look like a mere slow-down in events. Only providers that conduct continuous analysis on behavioral patterns will realize that something is not right with the monitoring infrastructure. It is obviously very important to seek out providers who conduct this type of analysis to ensure service availability.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.