Ok I need to get this off my chest.   Our industry in security is exploding in growth.   We all hear the statistics about breaches becoming more common.   The average small company goes out of business within 6 months after a breach.  We also know there is a huge talent shortage of security professionals.   In our home state alone, there are an estimated 5,849 positions open.

http://cyberseek.org/heatmap.html

Most organizations are in a position where they must outsource part of their security to a managed security service provider or MSSP.   This is where it becomes interesting.   Companies all over are opening SOC’s (Security Operations Centers).

Companies that used to sell copiers are now offering managed security services.   Companies that are basically fulfillment security product providers are now offering managed security services. They then have their sales organization start offering the service to their customers.

Running a MSSP is a full-time endeavor and is extremely complex – primarily if you want to provide quality service.  At FocusPoint, we partner with only established MSSP’s that have hundreds of analysts.  We carefully review the requirements of our clients and then match MSSP’s that provide those services.

Ask your managed service provider these questions before selecting one:

  • How many years have you provided managed security services?
  • How many analysts are employed full time?
  • Do they have the expertise in your environment?
  • Can you provide references of organizations of comparable size to ours using your services?
  • What is their threat methodology and how does that translate to effective protective intelligence?
  • Not all your technologies may be supported. Ensure the MSSP can provide comparable controls at a reasonable price.

Don’t be deceived by a fancy brochure.   MSSP’s are critical to an organization’s security posture.   Unfortunately, there is so much money being made in it, inexperienced and unproven companies are jumping into it.    This is truly a case where you need to conduct research and work with a competent consultant.