How to Choose MSSP?

When you decide to find a Managed Security Services Provider (MSSP) which will meet your technological needs and business requirements, the most important thing is to develop a list of criteria to make a proper selection. MSSPs come to stay with you for a long period of time so you should better minimize the number of known unknowns to avoid risks and build successful partnership.

To find a good fit among various MSSPs pay attention to the following:

References

Customer references will always be the ultimate measure for B2B solutions and services providers. The easiest way is to check whether online reviews of the company in question are available for you. Go to Clutch, GoodFirms, etc or at least use Google and you will definitely find enough pro (or contra) information.

Such references can give you rather realistic idea of how relations with MSSP will develop. In addition, there is always a chance to find some secondary technical or business details which might prove to be valuable exactly for you.

The more sources offer references about your potential partner the better it is for you.

Internal Security

As we all know by now, even cybersecurity companies have no guarantee against cyber attacks. Attacking cybersecurity vendor or service provider may open backdoors to IT assets of dozens and hundreds of their customers. So, a mandatory requirement to every cybersecurity company, including but not limited to MSSPs, is that they have an extremely reliable internal cybersecurity program.

Just get clear and concise answers from MSSP to such questions as where your data will be stored, what kind of encryption is used and what backup and restore policy/solutions are used by MSSP itself and for its customers. As you are going to have nearly the same level of security for your data with this provider.

When MSSP has respective certification, such as ISO 27001, is a very good sign. However, as a rule, they are not mandatory for MSSPs and quite expensive to get. For these reasons they are usually obtained by large MSSPs, but not mid-sized or small. With smaller MSSPs you should first check personal certificates of employees.

Certifications

Once again, MSSPs can have or can have no certifications from ISO or vendors. If they have, that's great, but do not forget to check their authenticity at websites of issuing bodies. Just to make sure :).

This is a rare occasion that some unscrupulous group of people calling themselves MSSP will forge such certificates. Still, there is sense in going to vendors' sites and checking existence of the partnership status in question.

As far as vendor partnership suggest partner agreements with certain obligations as to selling, MSSP will not necessarily have such statuses. Their managed security provision platforms for surely will be based on solutions and products by some vendors. But MSSP can very well just use them, not sell, as partnership suggests. How will you check credibility of MSSP in such a case? Again, go for personal certificates. All-in-all, it is the MSSP team that guarantees your security, and not simply a set of cybersecurity solutions.

Flexibility

MSSP will have its cybersecurity services platform based on carefully selected and integrated solutions. In most cases the customers will also have their cybersecurity solutions. Sometimes, MSSP might accept your solutions and integrate them into managed security services delivery process. This might simplify transition to partnership for you and increase ROI of your cybersecurity program.

In most cases it will be a preferred scenario for you as a customer, yet MSSP might decline your existing cybersecurity infrastructure because it is outdated compared to its platform, or its platform is perfectly sufficient for selected package of services and MSSP doesn't want additional efforts (and expenses for both of you). Sometimes, MSSP will suggest an alternative to cybersecurity solutions currently used by you. Anyway, if you already have implemented cybersecurity infrastructure, discuss its destiny with your potential managed security provider.

Feedback

When signing agreement with MSSP it must define, in addition to different SLA aspects, such thing as frequency of communications under normal conditions, when no attack is in progress or no incidents require immediate attention.

Always ask for clearly defined schedule of communications with MSSP. Those can be quarterly, monthly or weekly reports of number of vulnerabilities discovered and removed, incidents handled and so on, weekly video conferences with fixed duration, just to make sure that joint cybersecurity process goes on the way it has to.

Make sure that emergency communications are clearly defined as well, as this is what you are partnering with MSSP for. Readiness of MSSP to meet your expectations in this area will be a clear sign of smooth communications after the contract is signed.


How MSSP Will Close Gaps in Cybersecurity of Your Business?

Security gaps in any business or organization are most commonly caused by:

  1. Absent or insufficient cybersecurity personnel, thus unable to react or react timely on cybersecurity incidents and not available 24x7.
  2. Absent or insufficient cybersecurity solutions protecting your IT assets, leaving vulnerabilities not removed, threats not mitigates and incidents not even detected before it's too late.
  3. Absent or insufficient processes to maintain cybersecurity at a proper level (awareness trainings etc).

All of these issues are addressed by partnership with MSSP:

  1. MSSPs will complement or fully replace the in-house cybersecurity team and in most cases, especially for SMB, the MSSP's personnel will be better trained for mitigating cybersecurity threats in real-time mode. One more important thing it that MSSP can provide SOC services in 24x7x365 mode and they will be much more affordable than in-house team working in such mode.
  2. Collection of cybersecurity tools and solutions is in no way a guarantee for reliable protection. Those tools and solutions have to be properly set up, operated, maintained and, which is critically important, integrated. Data exchange and correlation have to be efficiently done. This is something not always found even in large corporations, to say nothing of SMBs. MSSPs, on the contrary, have their managed security platforms designed, implemented and operated in very high quality and up-to-date manner in most cases, which makes them efficient and adequate to modern cybercrime treats. And this cybersecurity infrastructure with guaranteed efficiency can be made available to customer at very reasonable cost. What's important, the customers will not have to take care of or bear the costs of keeping this cybersecurity platform up-to-date.
  3. It's important to understand that whether you have or have no partnership with MSSP, your personnel has to have proper training in cybersecurity for their usual operational and business activities. Phishing, malwares, ransomware, social engineering etc. But if something goes wrong and some employee makes a mistake or just gets mislead by some cunning attack, MSSP will greatly increase chances that no damage will be caused or it will be minimized to a tolerable level.

Security ratings could raise the bar on cyber hygiene, but won't stop the next SolarWinds

SC Media discusses the plans to introduce ratings for security products.

Plans from the Biden administration to release product security rating system could raise the bar for security overall, say experts, but won't likely prevent the next SolarWinds or Microsoft hacks.

In a briefing to reporters Friday, senior official compared the forthcoming rating system to the health and safety letter grades at restaurants. And it is a concept that the cybersecurity community has batted around for some time: place a label on the box that says a product is or is not secure, and let consumers create a market around security.

Read further on SC Media


Fake Google reCAPTCHA Phishing Attack Swipes Office 365 Passwords

The Treat Post published a report on phishing attack targeting Microsoft users which leverages a bogus Google reCAPTCHA system.

Microsoft users are being targeted with thousands of phishing emails, in an ongoing attack aiming to steal their Office 365 credentials. The attackers add an air of legitimacy to the campaign by leveraging a fake Google reCAPTCHA system and top-level domain landing pages that include the logos of victims' companies.

According to researchers, at least 2,500 such emails have been unsuccessfully sent to senior-level employees in the banking and IT sector, over the past three months. The emails first take recipients to a fake Google reCAPTCHA system page. Google reCAPTCHA is a service that helps protect websites from spam and abuse, by using a Turing test to tell humans and bots apart (through asking a user to click on a fire hydrant out of a series of images, for instance).

Read further on The Treat Post


Google: Bad bots are on the attack, and your defence plan is probably wrong

Report by ZDNet on Google's recommendations concerning modern bot attacks.

At the outset of the COVID-19 pandemic Microsoft chief Satya Nadella said Microsoft had seen "two years' worth of digital transformation in two months." Google now sees that attackers have adapted to these changed conditions and are boosting attacks on newly online businesses, with bots high on the list of tools used.

Read further on ZDNet