Rafael Narezzi, CISO – Chief Cyber Security Strategist, WiseEnergy – Smart Renewables Services

“Determining which MSSP to use comes back to the security roadmap for the company and understanding what you’re trying to accomplish.”

Determining which MSSP to use comes back to the security roadmap for the company and understanding what you’re trying to accomplish. You will have outsourcing criteria that may include a need for certain kinds of reports or providing certain kinds of security analytics. You need to evaluate MSSPs on their ability to deliver on these criteria.

For some services, such as a general service provider who is delivering SOC and SIEM capabilities and basic security management services, you want to find a vendor that can deliver on the criteria important to your business. In other, more specialized functions, such as pen testing and security assessments, you may want to rotate these vendors. That’s because good security requires thinking out of the box. If you use the same pen testing or security assessment companies over and over again, they become familiar with the network and their work becomes routine, which sets them up to miss things. If you rotate these specialized service providers, they are working hard to win you as a client, so they will go the extra mile to prove their value. They are more likely to find new things that may be issues you need to address. 

Key Question to Ask:

Can the MSSP deliver key capabilities that are most important to your organization’s cybersecurity? 

This is an excerpt from 7 Experts Share Key Questions To Ask When Evaluating Providers.  This series was generously sponsored by BlueVoyant.