A 托管安全服务提供商(MSSP) is a company that takes on some – or all – aspects of a customer’s cybersecurity program. MSSP is a catch-all term for many different types of service providers, 这是否是漏洞管理, detection and response, or application security. mssp应精通多种能力,包括:
主动和被动的安全方法: A comprehensive security program 需要做的不仅仅是应对威胁, it needs to go in search of them and stop them before they can get near the network. 前瞻性方法论 扩展检测和响应(XDR) should be included in the scope of an MSSP security service and its offerings, going beyond the endpoint 更早地发现威胁,更快地阻止它们.
为您的企业量身定制的方案: MSSPs should learn – and provide visibility into – your unique environment, 并提供量身定制的指导,以减少攻击者的成功, 迅速而自信地对事件作出反应, 提高你的安全姿态.
基本的安全功能,而不仅仅是警报报告: A managed services customer typically will receive full access to the technology their MSSP team uses. 这通常包括仪表板, reporting, 如果需要,还可以进一步定制信息和警报.
Gartner defines an MSSP as a company that “provides outsourced monitoring and management of security devices and systems.这句话的关键词是“外包”.” If a security organization is considering outsourcing functionality of its program, likely they’re very much in need of help in monitoring and securing their network.
这可能是由于预算削减, lack of skilled talent, 或者增加需要保障的新服务或新产品. MSSPs cover most – if not all – functionalities of a competent security program.
MDR providers typically will perform such duties as 24x7 monitoring and endpoint-based attacker intelligence to defend against advanced threats. MDR should also provide tailored service based on a deep knowledge of a customer’s environment and security goals. Service practitioners should also be able to find known and unknown attackers with multi-layered detection methodologies.
MVM experts help customers build or improve vulnerability management programs and better protect network assets. They’ll provide a comprehensive picture of threat exposures for prioritization and remediation. Features of MVM service typically will include scan configurations performed by analysts, monthly reporting, 托管基础设施维护, and asset discovery.
Application development is already ephemeral enough without practically forcing security upon the process and creating friction. 托管应用程序提供商应该能够评估, report on, 并改善应用程序的安全态势. 他们通常能够解释大多数现代框架, 支持内部和公共面向internet的应用程序, and streamline results to the subset of vulnerabilities that present the most risk.
使用MSSP有很多原因. Perhaps chief among them is lack of personnel in one practice area or another. 在选定供应商时, an MSSP can quickly extend a customer’s capabilities in detection and response, vulnerability management, application security, and much more.
Improved security posture通过聘请一组专家,a SOC can uncover risks earlier, shrink its attack surface, and be ready to investigate with 数字取证和事件响应(DFIR) techniques.
独特而有价值的技能组合: We’ve already referenced the lack of skilled talent an in-house SOC may be experiencing. Ramping up a hiring program to attract these skilled unicorns can be costly and result in only one or two hires that may not last long. An MSSP can provide access 这些专业技能几乎是立刻就能掌握的.
Less overhead: Hiring an MSSP negates the need to own the more extensive and specialized cybersecurity solutions to defend against every threat and plug every vulnerability. Sure, MSSP将技术成本计算到成本中, but it's their responsibility to stay current on that technology on behalf of their customers. 提供商通常还将向客户提供对 network traffic analysis, user-behavior analytics, and more.
更快的威胁或破坏补救: From hours and hours spent on remediation each week to minutes spent each week, a trusted MDR partner should be able to transform a SOC’s ability to perform remediation. The average time to remediate will significantly decrease with the provider’s ability to create a plan of action specifically tailored to a customer’s environment.
The difference between a Managed Service Provider (MSP) and an MSSP is that one is an IT operations service provider and one is an IT security service provider. It’s operations vs. security, 但它们确实是相互关联的, 因为公司必须确保他们的运营是有利可图的和可行的. msp通常提供一些基本的安全性, like patching, 威胁检测和恶意软件解决方案, but stop short of offering more advanced capabilities like vulnerability scanning, DFIR tools, and XDR solutions.
More MSPs have been shifting their directives to include that extra “S,更大的安全需求 was accelerated 在很大程度上是由于几年前大流行的爆发.
The signing of the agreement and the implementation of an MSSP’s services into your security organization can be an exciting time. The vendor search is over, 你已经发现了自己的痛点, and the alleviation of stress is set to begin with the arrival of an extended team of skilled analysts ready to leverage the latest technology on your behalf.
但首先要经历整个搜索过程. 你怎么知道谁是最好的,他们是否最适合你? 让我们来看看一些注意事项.
每日/每月的服务交互是怎样的? Is there one point of contact or will you interact with a different service representative each time you communicate with your MSSP? 提供商是否仅仅关注安全操作, 或者他们也会帮助你更成熟?
Is a potential vendor focused on improving your outcomes in the age of heightened threats? 他们会分析日志和数据以及参与吗 threat hunts and incident management? At the end of the day, will you be able to focus on other business priorities and improve your overall security posture once the vendor has begun its work?
一个潜在的MSSP能收集和分析数据吗? If no actionable intelligence comes from the data a vendor collects, then what’s the point? Your managed security services partner should be able to build a baseline of normal user behavior across the network, then matching new actions against what’s been learned from that baseline. Leveraging this data – or user behavior analytics (UBA) – an MSSP should be able to expose threats without relying on prior identification in the wild.
了解更多关于Rapid7的信息 Managed SOC Services