10 Tips For Choosing The Best MSSP For Your Company
From probing the MSSP’s reporting and quality management process to using a third-party adviser to benchmark competing MSSPs on price and scope, here are 10 things customers should consider when selecting an MSSP.
Seek More Than Just Monitoring Firewall And Router Logs
Monitoring a network and collecting logs won’t give organizations much of an idea of the threats they face, which assets are most critical to them, how the network is architected and if it’s OK for packets from one system to be able to cross over to another system, according to Kieran Norton, cyber risk services infrastructure solution leader for Deloitte Risk & Financial Advisory.
Router and firewall logs can identify potential threats, but Norton said the data and context are quite limited. Aggregating multiple sources of information such as telemetry from endpoints or DNS increases the likelihood that the MSSP will be able to identify issues and incidents that really matter with fewer false positives since they’re not missing part of the picture, Norton said.
As recently as five years ago, Norton said it was fairly common for MSSPs to focus on putting appliances in an environment and running and generating reports, an approach he said was not proactive. MSSPs must move away from a model of having lots of eyes on logs and transition to a more modern approach that uses automation to proactively address things as they’re happening in the real world.