The trend for organizations of all shapes and sizes in buying managed security services continues to increase, and we’re seeing a rise in interest from all sectors. Is it any wonder? Access to the best cybersecurity talent, products and intelligence can be expensive and difficult to manage for a single enterprise on its own. Managed security service providers (MSSPs), on the other hand, offer the scale and expertise to provide these capabilities in a cost-effective and highly skilled way.
But with so many managed security service providers out there, how do you choose the right one for you? Here are four key areas where you can look for deep expertise and reference-ability:
- Managed detection and response (MDR) and hunting – Do they provide skilled expertise or are they just deploying tools and letting the machine do the hunting?
- True cyber threat intelligence analysts – Does their threat intelligence capability just give you a third-party feed, or are they actually doing the research?
- Holistic contextual security – Do they truly understand your business and the risks associated with it?
- Efficiency and innovation – Do they, for example, use machine learning for scale and additional levels of security?
The Managed Security Forum Buyers’ Guide to UK Managed Security, a report to which CGI contributed, explores these topics in more detail. (A fast and simple registration is needed to download this report.)
The report maps services into basic, core, advanced and complementary categories, and offers further advice on what to look for from MSSPs. It also shows what services are being commoditized and where talent is most valued, allowing chief information security officers (CISOs) and business owners to work out what they should deliver in-house, and where it makes sense to bring in an outside expert.
Other findings from the report include:
- Talent remains the top priority for 21% of MSSPs, followed by MDR and artificial intelligence (11% each).
- Security architects are the most difficult roles to fill for 28% of companies, followed by threat intel specialists (22%), threat hunters and senior analysts (16% each).
- Just 30% of MSSPs are investing in an internal data science function.
Managed security is evolving from a compliance “tick–box” exercise into a fully formed and crucial part of enterprise architecture and national defense activities. It’s important that organizations get cybersecurity right, or the consequences can be devastating.
CGI has invested heavily in our MSSP credentials and capabilities, working closely with international security associations and standards bodies. For information on how we help clients manage their security needs to operate with confidence, please visit our managed security services page, or contact me.