The conclusion is unavoidable: any notion that security is a matter of simply protecting the network perimeter is hopelessly out of date. Why? Because increasingly, enterprises are recognizing the importance of “defense in depth.” This involves a comprehensive approach to securing critical assets, networks, and information systems while implementing robust defenses against hackers, viruses, and other online threats. Defense in depth recognizes that today’s environment is one increasingly beset by so-called blended threats that dynamically target the vulnerabilities of isolated security products. As a result, companies must adopt a deep, integrated strategy that addresses security at all tiers: gateway, server, and client. It is precisely this kind of strategy that an MSSP can help enterprises execute.
So how should an enterprise go about choosing an MSSP? The following criteria should be considered:
Longevity. Entrusting sensitive corporate data to a third party is not a decision to be taken lightly. When partnering with an MSSP, invest the time and resources to ensure that the service is addressing your organization’s most critical needs. As a result, special emphasis must be placed on choosing a partner that has a proven track record of delivering quality security services to a broad range of industry sectors over a long period of time.
Real-time analysis and response. An MSSP must have the ability to accurately correlate, analyze, and interpret large volumes of network security in real time. It must be able to separate real security threats from a welter of “false positives.”
State-of-the-art facilities. An MSSP should have multiple security operations centers, or SOCs, that run 24x7x365. Having two or more SOCs allows for cross-monitoring, ensuring constant compliance with security standards. They can also provide backup in times of disaster.
Global intelligence. An MSSP should have security experts positioned to monitor and analyze data from customers around the world. This global intelligence enables an MSSP to issue real-time alerts and recommend actions to be taken in a timely fashion.
Annual revenues. What is the prospective MSSP’s financial status? For publicly traded companies, Gartner estimates that annual run rates of more than $10 million per year in managed security services contracts indicate a sufficient base of revenue to support growth and enhancement of services.
Management experience. For leading MSSPs, management experience will include backgrounds in military, government, and industrial sectors.
Breadth of services. This key consideration indicates an MSSP’s ability to meet the security management needs of a wide variety of companies. It includes real-time monitoring and management of firewalls, intrusion detection systems, virtual private networks, and other security products.
Security management processes. An MSSP should be able to provide documented standards and policies for handling typical and atypical operations and threats. An MSSP should offer a variety of attack alert notification methods to allow customers’ staff the ability to mitigate risk in real time.
Vendor neutrality. An MSSP should employ security specialists with certified expertise across a broad range of security products from a variety of security providers. This allows a company the freedom to select best-of-breed solutions.
Auditing. While trust is one of the most important factors in selecting an MSSP, the vendor must have facilities, processes, and procedures in place that are validated and certified by a third-party auditor.