Technology is the foundation of a Managed Security Service Provider's ability to deliver quality service. Without the right technology solutions, it is difficult for the provider's analysts to properly investigate and respond to threats. One example is whether the MSSP decides to outsource core competencies by buying off-the-shelf solutions or to build these competencies in-house. Of particular importance is the security event monitoring platform and threat intelligence they use to deliver their services. If the platform they use was not developed in-house, then the provider is at the mercy of the software company they bought it from. Over time, this will inhibit their ability to improve analysis and response times since they will not be able to make the changes necessary to manage the ever-increasing amounts of security events. The bottom line is that by using off-the-shelf solutions for their underlying platform, a provider's ability to innovate, scale and deliver an exceptional service will be outside of their control. Organizations should consider using providers that have developed their core service foundations in-house to ensure they receive a high level of service over time.
Having an in-house team of researchers delivering threat intelligence is important because it improves the time it takes to deliver advanced warnings to emerging threats. Additionally, having an in-house team further protects an organization by enabling the intrusion analysts to use this valuable information to proactively update signatures and take other measures against the impending threat. Organizations will attain a higher-level of service from a provider that focuses on MSS and has developed the necessary infrastructure in-house.
A key element of effective security monitoring is the ability to examine the packet decode from a network intrusion detection system. The packet decode provides you with the raw packet information. With this information a skilled analyst will be able to analyze the packet to reduce the likelihood of a false positive. Most MSSPs only look at an event as it is recorded in an SNMP trap or syslog. This hinders their ability for thorough examination and may result in unnecessary calls to their customers. MSSPs that can collect the packet decode with the actual event in real-time and deliver this information to the analysts in one, integrated view will demonstrate a consistently higher level of accuracy in their analysis of a threat. Organizations should seek out providers that form tight relationships with network intrusion detection providers to attain and integrate real-time packet decodes from the events they produce.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.