Brian Shea, Chief Information Officer / Chief Compliance Officer, MBX Medical Billing Experts, LLC and VSTRATEGY, LLC
“Many do a good job of providing the basic security stack…however, they fall down when it comes to proactive work that requires…deeper analysis.”
Evaluating vendor capabilities is challenging, partly because there are so many players in the security space. Some focus entirely on security, and some are managed services generalist that also offer security services.
Many do a very good job of providing the basic security stack that includes antivirus and antimalware, firewalls, and patching. However, they fall down when it comes to the proactive work that requires pulling together to log data from many sources and doing the deeper analysis of everything occurring in the environment. Finding the right vendor for your situation requires a vetting process. Does the vendor use and support a range of security technologies? Where does it hire its analysts and experts? Does it offer automation and orchestration? You should really check out a vendor’s background and references. You need to give a vendor some true examples and have it walk through its methodology.
Another challenge is that if you are a smaller company looking to outsource security functions—maybe because you don’t have the resources to do it well yourself—you might not even know the right questions to ask. A large enterprise may be outsourcing a well-defined component of its security operation to address a resource issue and have the internal expertise to vet potential service providers. A smaller company may not have a CISO or the expertise to really know what technologies it needs and if it is right-sized for its organization. In that case, it would be a good idea to hire a security consultant who can help the company define the services it requires, evaluate service provider capabilities, and generally represent an organization’s best interest.
Key Question to Ask:
Do you have the internal expertise to know what questions specific to your needs you should be asking of MSSP candidates?
This is an excerpt from 7 Experts Share Key Questions To Ask When Evaluating Providers. This series was generously sponsored by BlueVoyant.