A cybersecurity services provider should be a trusted business partner and act as true extension of an enterprise’s in-house security team. However, sometimes organizations are left feeling dissatisfied with the relationship they’ve forged with the services provider they’ve selected. There are several reasons the relationship may not be working out, and therefore it may be time to look for a new partner to better support the organization’s cybersecurity efforts.
When is it time to move on?
There are several tell-tale signs that a business relationship is not working out with a selected services provider, including:
- There’s a lack of communication. A direct line of communication with your cybersecurity services provider is key. Knowing that you can pick up the phone and get in touch with a security operations center (SOC) analyst or security engineer, regardless of time of day, is critical and should reassure you that the organization’s environment is being protected 24/7. Having a services provider that has world-class, around-the-clock security monitoring and alerting, incident response and remediation capabilities is crucial. Communication goes both ways, and a provider who is a true partner should be reaching out on a regular basis to make sure that their services are meeting your needs. They should be providing you with important high-level alerts in a fast and efficient manner, keeping you up-to-date with the happenings of your network, and discussing any potential areas of risk that you should be aware of.
- They don’t see your business as unique. While some enterprises have similar needs, it does not mean the same security solutions will help them all. Your services provider needs to design custom cybersecurity solutions for your business that fall within your budget, timeline, and – most importantly – address your unique needs (not the needs of most). With tailored cybersecurity solutions, your organization will be able to keep data secure and compliance mandates met. The correct provider will understand what’s needed to maintain your cybersecurity posture and keep hackers off your networks. If you’re working with a services provider that doesn’t offer this, it may be time to part ways.
- They can’t provide full visibility and search capabilities into your logs. Even if you’re outsourcing security operations, the IT security team should still have full visibility into logs and the company’s security information and event management (SIEM) software. This way, they will have access to all alerts and investigations in order to manage them and run detailed reporting. If your services provider doesn’t give you the ability to view and search logs, run reports, and drill down into each alert, that may be an issue. Without visibility, your team can’t properly do their job to keep the organization protected.
- The alerts and recommendations they provide lack insight. Some services providers don’t leverage the knowledge they’ve gained from having clients in a variety of industries. A skilled services provider uses this information to build out unique use cases and correlation rules that a company’s in-house security team (with their siloed single-industry viewpoint) would not be able to do on their own. Fine-tuning the SIEM to identify threats unknown to the organization is something a qualified services provider needs bring to the table. Without use cases and correlation rules rooted in industry knowledge, IT security teams are flooded with a sea of irrelevant alerts. Organizations also need to understand that no matter how many enhancements you add onto a SIEM, the tool will always need qualified people to verify incidents and automatically respond to them while continually perform active monitoring. That said, an MSSP should verify high-level alerts (also called notables) to provide recommendations and next steps on how to remediate network threats.
- They are focused on their needs, not yours. Many service providers view their customers as opportunities to grow their bottom lines by upselling one of their inflexible service offerings. They’re too focused on their own financial needs for cost control and ROI that they forget about the needs of their customers. A true partner should only suggest ancillary services that can improve your company’s cybersecurity posture and lessen any network risks that you may have, not just suggest services that have little to no value. By providing your organization with core monitoring functions, as well as staff to manage it, a quality services provider focuses on your needs to keep costs down and free up your own employees to work on other projects. If your MSSP’s tools can successfully discern between notables and false threats, this can reduce the amount of time spent chasing down imaginary offenses – saving your team time and lessening the lean on your budget.
- They’re not an extension of your team. Your services provider should act as an extension of your team and should increase your security team’s effectiveness and abilities in monitoring, detecting, and responding to potential cyber threats. Security service providers should work to identify the unique needs of each organization to continually improve its cybersecurity posture. Alerts should be relevant and actionable, and recommendations and reports should provide helpful insight into where the organization needs to improve its approach. If your selected partner lacks a team player mentality, it’s time to move on.
- They don’t share their motives with you. Without transparency, one half of the vendor/client relationship is left in the dark. A reliable MSSP will provide you with information on what they’re doing (what they see as threats and what recommendations they make to address them), as well as what they are doing with your information. By being transparent, trust can build between you and your services provider, strengthening your relationship.
If your cybersecurity services provider isn’t meeting the requirements outlined above, it’s time to consider parting ways. At the end of the day, you need a partner who maintains an open line of communication, who does everything they can to keep your organization secure, and who provides the insight and visibility your team needs to do jobs their effectively and efficiently.
