Managed security services are network computing services that have been outsourced to a cybersecurity partner, also called a Managed Security Services Provider (MSSP). With managed security services, a client’s secure environment – including endpoint devices such as desktop and laptop computers and servers as well as firewalls and other perimeter devices – are included in a service agreement and covered by the MSSP’s services.
More companies are finding that working with an MSSP to provide all or portions of their cybersecurity needs provides a better value than building and maintaining an internal cybersecurity program. By leveraging the people, processes and technology provided by a leading MSSP like Proficio, companies can realize both financial and security benefits.
A managed security services arrangement can take many different forms, but it generally includes:
In a fully managed cybersecurity services arrangement, the MSSP owns and operates the SOC, the SIEM and other technology involved and staffs the program with its own employees.
With hybrid (also called co-managed) cybersecurity, the client and the MSSP share the duties of monitoring the secure environment, alerting when threats occur, responding to attacks and handling other cybersecurity duties. In this arrangement, the SIEM generally is owned and operated by the client, while the MSSP also consumes logs and other data from the SIEM and processes them, providing additional coverage and threat intelligence to the client. A hybrid SIEM is a preferred structure for companies that have already made an investment in a SIEM but want increased performance from the software by including correlation rules, use cases and other data from an MSSP.
With custom solutions, the client and MSSP generally work together to build a cybersecurity platform that is tailored to the client’s specific needs, budget, timeline and other considerations. A custom cybersecurity solutions brings an out-of-the-box approach to closely matching the security program to your company’s specific needs both today and in the future.
Managed security services may consist of:
A SOC consists of a dedicated team of cybersecurity engineers and other personnel who are trained and equipped to monitor, detect, assess, respond and prevent ransomware, malware and other cybersecurity threats.
A SIEM is software and hardware that collects alert logs from secure environments and allows for alerts to be categorized and responded to according to their degree of severity. With a SIEM, an aggressive threat to a high-value target such as an accounting server can be differentiated from a lower-level threat to a less important asset on the client’s network. Being able to categorize and prioritize threats is an essential piece to being able to effectively managed security services.
MDR is the service of monitoring, detecting and responding to threats. Widely considered the next generation of managed security services, MDR goes beyond the standard monitoring and detecting of threats and includes responding to detected threats in real time.