Written by Tim McElwee,
president at Proficio
A cybersecurity
services provider should be a trusted business partner and act as true
extension of an enterprise's in-house security team. However, sometimes
organizations are left feeling dissatisfied with the relationship they've
forged with the services provider they've selected. There are several reasons
the relationship may not be working out, and therefore it may be time to look
for a new partner to better support the organization's cybersecurity efforts.
When
is it time to move on?
There are several
tell-tale signs that a business relationship is not working out with a selected
services provider, including:
- There's a lack of
communication. A
direct line of communication with your cybersecurity services provider is key.
Knowing that you can pick up the phone and get in touch with a security
operations center (SOC) analyst or security engineer, regardless of time of
day, is critical and should reassure you that the organization's
environment is being protected 24/7. Having a services provider that has
world-class, around-the-clock security monitoring and alerting, incident response
and remediation capabilities is crucial. Communication goes both ways, and a
provider who is a true partner should be reaching out on a regular basis to
make sure that their services are meeting your needs. They should be providing
you with important high-level alerts in a fast and efficient manner, keeping
you up-to-date with the happenings of your network, and discussing any
potential areas of risk that you should be aware of.
- They don't see your
business as unique. While
some enterprises have similar needs, it does not mean the same security
solutions will help them all. Your services provider needs to design custom
cybersecurity solutions for your business that fall within your budget,
timeline, and - most importantly - address your
unique needs (not the needs of most). With tailored cybersecurity
solutions, your organization will be able to keep data secure and compliance
mandates met. The correct provider will understand what's needed to maintain
your cybersecurity posture and keep hackers off your networks. If you're
working with a services provider that doesn't offer this, it may be time to
part ways.
- They can't provide full
visibility and search capabilities into your logs. Even if you're
outsourcing security operations, the IT security team should still have full
visibility into logs and the company's security information and event
management (SIEM) software. This way, they will have access to all alerts and
investigations in order to manage them and run detailed reporting. If your
services provider doesn't give you the ability to view and search logs, run
reports, and drill down into each alert, that may be an issue. Without
visibility, your team can't properly do their job to keep the organization
protected.
- The alerts and
recommendations they provide lack insight. Some services providers don't leverage
the knowledge they've gained from having clients in a variety of industries. A
skilled services provider uses this information to build out unique use cases
and correlation rules that a company's in-house security team (with their
siloed single-industry viewpoint) would not be able to do on their own. Fine-tuning the SIEM to identify
threats unknown to the organization is something a qualified services provider
needs bring to the table. Without use cases and correlation rules rooted
in industry knowledge, IT security teams are flooded with a sea of irrelevant
alerts. Organizations also need to understand that no matter how many
enhancements you add onto a SIEM, the tool will always need qualified people to
verify incidents and automatically respond to them while continually perform
active monitoring. That said, an MSSP should verify high-level alerts (also
called notables) to provide recommendations and next steps on how to remediate
network threats.
- They are focused on
their needs, not yours. Many service providers view their customers as opportunities
to grow their bottom lines by upselling one of their inflexible service
offerings. They're too focused on their own financial needs for cost control
and ROI that they forget about the needs of their customers. A true partner
should only suggest ancillary services that can improve your company's
cybersecurity posture and lessen any network risks that you may have, not just
suggest services that have little to no value. By providing your organization
with core monitoring functions, as well as staff to manage it, a quality
services provider focuses on your needs to keep costs down and free up your own
employees to work on other projects. If your MSSP's tools can successfully
discern between notables and false threats, this can reduce the amount of time
spent chasing down imaginary offenses - saving your team time and lessening the
lean on your budget.
- They're not an
extension of your team. Your services provider should act as an extension of your
team and should increase your security team's effectiveness and abilities in
monitoring, detecting, and responding to potential cyber threats. Security
service providers should work to identify the unique needs of each organization
to continually improve its cybersecurity posture. Alerts should be relevant and
actionable, and recommendations and reports should provide helpful insight into
where the organization needs to improve its approach. If your selected partner
lacks a team player mentality, it's time to move on.
- They don't share their
motives with you.
Without transparency, one half of the vendor/client relationship is left in the
dark. A reliable MSSP will provide you with information on what they're doing (what
they see as threats and what recommendations they make to address them), as
well as what they are doing with your information. By being transparent, trust
can build between you and your services provider, strengthening your
relationship.
If your cybersecurity
services provider isn't meeting the requirements outlined above, it's time to
consider parting ways. At the end of the day, you need a partner who maintains
an open line of communication, who does everything they can to keep your
organization secure, and who provides the insight and visibility your team
needs to do jobs their effectively and efficiently.
##
About the Author
Tim McElwee, President and Chairman of the Board
Tim is a senior executive with over 20 years of experience
building, operating and growing information technology companies. Tim has held
multiple executive positions. He was CEO of Imperito Networks, the first cloud-based
VPN software company, and held leadership positions at Phoenix Technologies
(Nasdaq PTEC) and Ramp Networks (acquired by Nokia). Tim has co-authored
multiple patents and has a proven track record of launching new companies,
leading highly successful global organizations, and creating shareholder value.