Security News > 2022 > January > How can SMBs extend their SecOps capabilities without adding headcount?

How can SMBs extend their SecOps capabilities without adding headcount?
2022-01-05 09:01

There is an alternative way for procuring security expertise: by retaining the services of managed security service providers and managed detection and response providers.

MSSPs usually assist organizations' IT departments in managing the IT infrastructure and keeping it secure by managing security equipment/systems, monitoring security logs, supervising patch management, and similar preventative security measures.

"What types of devices and services can you monitor? What can you manage for me and what should I manage? How will we do this? Do you have to put devices in my network? Do you need to put agents on my endpoints? How do you scope the service? What does pricing look like? Is there a formal process to engage and onboard with you? How do you protect my data? Where will it be stored? Is my data going offshore? Who has access to my data? How do you protect your own systems? How do you let me know when there is a problem? What sort of reports am I going to get? How are we going to measure value?" James McMurry, CEO and Founder of Milton Security, recited the crucial questions to Help Net Security.

"Answers that should make you wary include: Measuring security value is 'difficult'. We have a security alert framework. No clear answers to onboarding and service engagement. The MSSP should be very clear about how they protect data, what security control frameworks they use, and where it is stored. Vague answers here are a huge red flag."

On the offensive and preemptive side of things, Milton Security has recently also begun offering so-called expert services, which include penetration testing, network and application testing, network analysis, framework and security control assessments, and virtual CISOs that can advise customers and serve as a fractional security leader who reports to their board and provides thought leadership.

In the 14+ years that Milton Security has been in the security business, they have seen many organizations feel forced to decide which is more important, security products or security people.


News URL

https://www.helpnetsecurity.com/2022/01/05/security-service-provider/