Genady Vishnevetsky, Chief Information Security Officer, Stewart Title

“Your decision to seek help from an MSSP should be driven by business objectives and priorities.”


When it comes to defining your use cases and security outcomes, map your use cases to the MITRE ATT&CK framework. Know and understand your adversaries: They may be different from your allies or competitors. Focus on detection because protection can only go so far.

Your decision to seek help from an MSSP should be driven by business objectives and priorities. Do you need 24/7 coverage? Do you have the right level of expertise on your security team? What kind of visibility and coverage do you need? Your answers to those questions will determine your requirements for managed service.

When it comes to working with an MSSP versus an MDR provider, the choice depends on what you are trying to accomplish. MDR focuses on the incident detection and response based on specific tools deployed on the endpoint; MSSPs take a holistic view that encompasses everything. Where are your gaps? Keep in mind, managed services is a marriage, not dating, so establish a relationship before making a commitment.

Understand that all managed service providers will have limitations. They can’t accommodate every customer request. Weigh the limitations against your level of comfort and risk. Set up a weekly cadence meeting. Establish metrics and key performance indicators that matter to your business, and report them to your board of directors. The number of failed sign-ins or closed tickets is irrelevant. Choose metrics that reflect your security posture and justify the MSSP contract. Measure the return on your engagement investment.

This is an excerpt from 7 Experts on Transforming Your Threat Detection & Response Strategy.  This eBook was generously sponsored by Trustwave.