Daniel Paula, SVP, Information Security
Risk Management, Charles Schwab

“The best way to evaluate how an MSSP handles a cyber attack is to have the MSSP tell you how it happened.”

You can read documents day and night, playbooks, make policy standards, and interview people, but the best way to evaluate how an MSSP handles a cyber attack is to have the MSSP tell you how it happened. An MSSP can’t tell you it hasn’t happened, and if it isn’t able to tell you the details of a breach experienced, it probably hasn’t been in the business long enough.

It’s important to hear about a real-life example. What went wrong? How did your company help detect that? What happened after the detection? You need to watch for certain signs of maturity, such as how the MSSP talks about escalation, protocols, and notifications. You want to see the level of transparency in the MSSP’s communications, and the technical depth and rigor of the research. You want to know how the MSSP would report a breach. Will the Board of Directors be notified that there was an event? Or is the MSSP going to say there was this particular type of malware that resulted in this particular type and extent of damage, the escalation that occurred, the velocity of the event, the time it took to detect it, the time to containment, the time to notification, and other key metrics? These are the signs of maturity you are looking for.

Evaluate the MSSP’s technical capabilities to automate some of this detection, response, and escalation management, but keep in mind there is a tool for everything. Ask the value of a particular technology and what risk it mitigates, and gauge how the MSSP conducts that conversation. If the MSSP can’t articulate in a convincing way the risk management benefits or the business value of a cybersecurity technology, it might give you cause to question the maturity level of the operation.

At the end of the day, you’re going to need both people and tools. It’s more about understanding the MSSP’s management principles, operational service levels, management of talent and technology, innovation management, and evaluation of new technologies. The key is evaluating how the MSSP approaches the challenge.

Key Questions to Ask:

Does the MSSP have predictive capabilities? What tools does it use for that?

This is an excerpt from 7 Experts Share Key Questions To Ask When Evaluating Providers.  This series was generously sponsored by BlueVoyant.