Best Managed Security Service Providers include:
SecureWorks Managed Security Services, Mandiant Managed Detection and Response (FireEye as a Service), VMware Carbon Black Cloud Managed Detection (formerly CB ThreatSight), BlackBerry Unified Endpoint Security (UES) Implementation by ThreatZERO, Cygilant Security-as-a-Service, Infosys Cyber Security Platform (iCSP), and Cofense Phishing Defense Center (PDC).
Managed Security Service Providers Overview
What are Managed Security Service Providers (MSSPs)?
Managed security service providers, also known as MSSPs, provide cybersecurity outsourcing options covering a range of security needs. These services may include patching and vulnerability management and reporting, threat intelligence, incident response, and other services. Additionally, MSSPs provide their own expertise and knowledge on emerging threats and security developments.
MSSPs can use either their own security technology or deliver 3rd party technology to their clients and end-users. The security software itself is managed remotely by the provider. This outsourcing reduces or eliminates the client business’s need for in-house hardware, IT resources, or knowledge experts. Managed security service providers also offer more specialized expertise than many smaller in-house operations would be able to source themselves.
MSSPs vs. MSPs
Managed Security Service Providers (MSSPs) are a subset of Managed Service Providers (MSPs). MSPs encompass a much wider range of IT functions and operations, including managing cloud infrastructure, cloud computing, and other resource or operationally-intensive functions. In contrast, managed security service providers specialize in removing digital security burdens from their clients’ IT or operations teams. In order to focus on the unique expertise and resources required in digital security, there is very little overlap between managed security service providers and broader MSPs.
Managed Security Service Areas
Most security capabilities can be managed in some capacity by a third-party provider. Some of the most commonly outsourced security services include:
Firewalls, including network or web application firewalls
Virtual Private Networks (VPN)
Managed security service providers give clients the added benefit of various services around the core functionalities. These services and support areas include:
Training and education, particularly training against behavioral threats like phishing
Managed security service provider comparison
When comparing managed security service providers, consider these factors:
Ease of implementation: The largest burden on end-users when working with a managed security provider is the initial implementation process. Consider how intensive a process implementation is, including necessary agent installations on devices or networks. For more complex organizations with a wider range of devices, the implementation may also be a more complex process.
Point Solution vs. Security Suite: Some MSSPs focus on delivering specific security services, such as firewalls or identity management. Others provide comprehensive security packages, in the vein of Unified Threat Management offerings. While UTM-level services can provide all-in-one security services, some organizations may only need certain security services, or may just need to supplement existing security capabilities in specific areas.
Additional services offered: Consider what non-capability services that each MSSP offers. Depending on the organization, additional training around behavioral security may be particularly beneficial, while others with a greater focus or protecting sensitive data may place greater emphasis on white glove policy development.
Managed security service providers price their offerings on a subscription basis, usually monthly. Some providers give a flat fee company-wide, while others price their services per user. Pricing varies dramatically depending on the range of security services offered, from $20/user/month to hundreds of dollars per user, per month.