Why Do You Need a Managed Security Service Provider (MSSP) and How Do You Choose the Right One?


The first thing we need to understand is the difference between MSP and MSSP vendors. A Managed Service Provider (MSP) or more commonly referred to as a Managed IT Provider focuses on uptime and the delivery of services of your end user systems and phone systems. They also are responsible for the buildout and ongoing maintenance of your network infrastructure. Some MSPs claim to provide cybersecurity services, however, antivirus and firewalls are only a small part of your cybersecurity initiatives, and with today’s threat level, a more robust cybersecurity solution is highly recommended.

MSSPs typically employ deeply experienced, higher trained analysts with corresponding certifications in cybersecurity, such as Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), CompTIA Security+ (SEC+), Certified Information Systems Auditor (CISA), Certified Information Systems Manager (CISM), and more. There are significant reasons why you need an MSSP monitoring your network. Let’s look at what you should expect from an MSSP and why their services are necessary to mitigate attacks against your network and reduce overall risk.

MSSPs focus on providing security solutions to track the flow of data in and out of the network infrastructure. The information gathered determines actionable intelligence for mitigation and remediation. The primary objective of an MSSP is to reduce the dwell time of attackers on a network and increase the security posture of the organization.

Due to an alarming increase of cyber threats and cyber criminals ever changing methodology, organizations around the world have been hiring more and more MSSPs to help them secure their network environment, making MSSPs in ultra-high demand.

Just as it is important to scrutinize your MSP, it is imperative the appropriate time is taken to evaluate the MSSP vendors in the marketplace to assure a good fit. This post will provide guidance on how to pick the right MSSP including understanding what services are needed, why they are needed, when an MSSP should be engaged, and most importantly, does the MSSP have the proper skillset to meet the needs of your organization today, and in the future.

When making the decision on which MSSP to hire, it may be better to first decide which services the organization needs. To do so, you should interview a few of the prospective MSSPs and your current MSP to find out what they believe you need. This will help determine an alignment of strategy in comparison with the level of capabilities they possess. To begin, here is a list of services that you should expect from your MSSP:

    • 24/7/365 Managed Detection and Response Security Monitoring
      The MSSP should have a Security Operations Center (SOC) team that reviews network information daily and reports on threats, anomalies, potential issues, alerts, and abnormal behavior. These findings should be collected and reported within a detailed Daily Security Log Report (DSLR). The SOC team should provide more than a daily report. It also should provide Threat Intelligence and Incident Response Services. Ideally, the MSSP will have a platform for monitoring the traffic, and in the best case, it is a completely customizable solution for any organization’s network requirements.
    • Threat Intelligence
      The threat intelligence may come from the team’s own skills in threat hunting by scraping the dark web for keywords like names of high-ranking corporate officials, or other organization information that could pose a risk to the environment. Threat Intelligence is also collected through the MSSP’s own and third-party intelligence feeds for analysis of Indicators of Compromise (IOCs) which are known to be associated with previous attacks.
    • Incident Response Services (IR)
      The MSSP must possess the ability to professionally, and strategically, carry out an Incident Response Plan. The MSSP’s IR team follows very specific and highly skilled methods, policies, and procedures throughout an IR engagement. They know how to obtain access to the environment and utilize specialized monitoring equipment to pull logs for malicious/unauthorized activity trails. They monitor network traffic for IOCs and know how to contain systems and accounts that are compromised. Then, can deliver a comprehensive Incident Report and make recommended corrective actions with a plan for moving forward. Another key attribute for an IR professional team is the ability to provide communication guidance for the organization and to the outside world. When a breach happens, information spreads quickly and controlling it effectively can mean the difference of surviving the incident and not, because reputational damage can sometimes be worse than the event itself.
    • Virtual/Fractional Chief Information Security Officer (CISO) Services
      Not all MSSPs have the capability of providing CISO Services. Organizations may not be able to afford hiring a CISO as they typically command mid to high six figure incomes, and rightfully so. However, some of the better MSSPs have the skillset and experience to provide guidance and expertise on an hourly basis at a fraction of the cost.

      This role provides:
      Senior management with advice on the development, implementation, and maintenance of their security infrastructure.
      Establishes security roles and responsibilities
      Oversees Organization’s technology stack
      Develops and oversees security policies including security awareness initiatives
      Oversees technology vendors including the organization’s IT department or MSP

    • Internal and External Monthly Vulnerability Scans/Assessments
      The better MSSPs will offer at a minimum, quarterly vulnerability scans, optimally an organization should consider monthly scans of the internal and external infrastructure. The scans are performed by utilizing specialized software to test for known vulnerabilities in applications and software that are used for operations of systems such as servers, firewalls, and other network devices. The scans will determine whether there are unpatched devices or systems that have not been updated. Performing both external (world facing devices/systems) and internal (organizational facing/operations systems) scans will help increase the overall network security posture and close potential vulnerabilities.

Some organizations may decide that they want to build their own in-house cybersecurity infrastructure by placing these responsibilities on their internal IT Department or MSP. While the idea behind this makes fiscal sense on paper, there are important points to consider that may make a cost savings measure, one of your organizations most costly mistakes.

The first thing you should consider is the level of actual cybersecurity expertise they possess. Daily responsibilities require deep knowledge and a funnel of information to continue the education of ever-changing cyber threats and circumstances. All while doing their own job at the level of effectiveness and efficiency they were hired to perform. An MSSP in contrast works in this space with many organizations on a regular basis, and with their certifications and ongoing education, the exposure to incidents and investigations generates a much higher understanding to mitigate quickly and when threats happen, time has a direct correlation to money.

The second item to consider is your organization size and whether you have the resources to build the additional policies and procedures around a security program. An MSSP can customize its services to meet the minimum level of security requirements and build around all organizational budgets.

Another point to consider is cost savings. The investment in an MSSP can save money in the long run. Building, maintaining, and internally staffing a security program can be very expensive, then with the lack of knowledge and expertise of those caring for it, hiring an MSSP in the long run will save the organization money. The in-house resources are not able to monitor the platform, perform their own jobs, and become overly tasked by the additional responsibilities. This additional workload will either not yield the security results the organization wants or needs and will ultimately cause turnover in the IT department or of the MSP.

When a third party MSSP is engaged, the organization can grow as quickly as it is able without worry of being able to keep up internally with their security program at the same pace. A good MSSP can scale in lock step with the organization and maintain its services without slowing down the growth of the organization.

The last point about engaging a third party MSSP, is that you can control the level of service, by predetermining SLA options, negotiating upfront, longer-term contracts for locking in service pricing, and should better proposals surface down the road, you can go with another option for your MSSP. The key ultimately is to build a relationship of trust with the appropriate third party MSSP so that as you work together, both organizations become familiar with expectations, network nuances, and requirements to meet goals and objectives.

When considering your third party, or outsourced MSSP, we would like you to consider our organizations because of the level of experience in the space, the ongoing growth of the intelligence being integrated both into our platform and our services. We also take discretion to the highest-level understanding that no client wants to become a case study. For that reason, both Léargas Security and Critical Path Security have made names in the marketplace for organizations that do not talk or advertise anyone with whom we do business. We carry your information close to our chests and understand that empathy and discretion poise us all to accomplish our tasks at the highest level possible. No distractions, no alternative motives, just relationship services and care for your organization with unparalleled expertise.

Léargas Security and Critical Path Security have partnered to form the optimal team — Léargas Security provides a remarkable Extended/Managed Detection and Response platform with state-of-the-art User Interface, and Critical Path Security provides the Security Operations Center (SOC) services with its highly skilled team of analysts.

The Léargas Security platform can be deployed virtually, or in a network stack with a 1U appliance, or in smaller environments utilizing small format servers. The capabilities include multiple location site traffic separately or, through aggregation should all network traffic be tunneled back to a central location. It is fully capable of pulling and monitoring Office365, Google Workspace, Azure, AWS, BOX, and other cloud-based applications. Léargas also collects and monitors Antivirus Endpoint Detection and Response solutions, such as SentinelOne with alert notifications. Currently, Léargas Security is pulling approximately 36 Threat Intelligence feeds into the platform for analysis. In addition, Léargas recently adapted the ChatGPT AI program into its solution which enables analysts to research various situations quickly to determine the next course of action more effectively or at a minimum, determine proper escalation if necessary.

The Critical Path Security team has expertise in providing the support SOC team services. In addition, the team is skilled and experienced in recommended testing services such as Penetration Testing, Social Engineering, and Vulnerability Assessments. Compliance reviews and audits are becoming more and more required as cyber insurance companies and other regulatory organizations almost always request a review each year to determine compliance. The CPS team is skilled in Regulatory Compliance reviews, Critical Security Controls reviews, SOC2 readiness, CMMC, PCI-DSS, and DFARS, and cyber insurance policy reviews. Another area of expertise is the ability to guide those organizations through Mergers & Acquisitions because each side of the transaction has vested interest in the knowledge of where the data lives, how it will move and traverse the transaction, and an audit of all the data making it to its destination per the contract.

If you are ready to evaluate Léargas Security and Critical Path Security for your organization’s cyber security initiatives, and to see if we are a good fit, all things considered, please let us know by contacting us at: