Managed security services are any outsourced function of your security program that is run by a 3rd party vendor.

A Managed Security Service Provider (MSSP) is a 3rd party vendor that organizations hire to outsource their security needs. These services may include a managed SIEM, 24/7 managed SOC, MDR, or static code analysis.

The main difference between an MSP and a MSSP is that an MSP typically focuses on providing network management services such as providing help desk support or managing your phone systems. MSSPs provide robust security services like a managed SIEM, penetration testing, social engineering, vulnerability management, and more.

The common services that most businesses outsource their IT to MSPs include:

• End user support and troubleshooting.
• Public, private, and hybrid cloud services.
• Organizational communication such as email, hosted voice, video, and chat.
• Basic end point security such as spam filters, anti-virus, and anti-malware detection.
• Setup, deploy, and maintain networking infrastructure such as servers, firewalls, routers, computers, and wireless access points.
• Monthly updates and patch management.
• Hardware/software procurement and warranty tracking.
  Technology strategy and guidance.

In contrast, MSSPs offer robust cyber security services to protect businesses from modern day attacks including:

• Vulnerability risk assessments.
• Penetration testing.
• Social engineering awareness and education.
• Cyber security program development.
• Red and Blue team security exercises.
• Deployment of SIEM, IDS, and IPS Technologies.
• Threat hunting and continuous traffic monitoring.
• Implementation of compliance frameworks such as NIST, ISO 27,000, CMMC, HIPPA, and more.

There are three main benefits to hiring a managed security services provider including:

1. Expertise  –  Your organization gains Immediate access to experienced security experts on top of the industry’s current trends, best tools, and latest policy updates.
2. Cost Savings  –  In order to develop a fully functional internal security program an organization will spend $100,000s on salaries, tools, and time/attention to reach maturity. Or, you can hire an outsource IT security provider and spend $10,000s per month.
3. Extension Of Your Team  –  Whether it’s informing you on the latest cyber incidents, or taking proactive steps to ensure the confidentiality, integrity, and availability of your data, a managed security provider should be there to serve as an extension of your team. As a result, internal resources are freed up to work on higher level order of work.

Each managed security company varies in the services they offer, however, the most common services include:

• Managed Security Operations Center (SOC)
• Managed Detection And Response (MDR)
• Managed SIEMManaged Scanning & Patching
• Managed Web Application Firewall (WAF)
• Managed Endpoint Security Software

Yes! SecureTrust has a fully managed and dedicated 24/7 security operations center to meet alerting, incident response, reporting, and event resolution requirements.

When evaluating the best managed security provider for your business begin by answering the following questions:

• If they’re managing your environment, how do they protect your environment?
• Are you looking for someone to provide a recommendation from firewall to IDS/IPS, AV, your whole security posture review and recommendations?
• Do they do the incident response/remediation if something is found?
• Are they also providing basic IT services for deployment of AV into your environment including management of such a tool?
• What about log analysis? Do they export it all to a SIEM where analysts go over the logs?
• Do they provide any form of proactive threat hunting to look for things that got past your existing defenses?

If you need application security services, ask about their offerings. Dig deep on the technical details surrounding application security. Replace “application security” with “vulnerability management,” “risk management,” “penetration testing,” “threat hunting,” “incident response,” and so on.

Finally, try to find companies that can scale your security.

Typically, choosing an MSSP comes down to your budget and needs. It may make sense to list your needs based on what you will do and what security responsibilities you want to outsource. This will help find a better fit to your needs when taking to managed security providers.

You can expect to pay anywhere between $500 – $25,000 per month for managed security services.

However, the cost to your organization depends on a number of factors including the makeup of your network, the number or type of applications connected to your system, the number of employees, the number of end points, the number of physical locations, and much more.

In addition, the current state of your security program and your goals will influence the types of security services you may wish to outsource.