Learn about the different types of managed security service providers, and what capabilities are essential.
2024 MDR BUYER'S GUIDE托管安全服务提供商(MSSP)是承担客户网络安全计划的部分或全部方面的公司. MSSP是许多不同类型的服务提供商的统称, whether that’s vulnerability management, detection and response, or application security. MSSPs should be fluent in many capabilities, including:
Proactive and reactive approaches to security: A comprehensive security program needs to do more than react to threats, 它需要在他们接近网络之前找到他们并阻止他们. Proactive methodologies like extended detection and response (XDR) 应该包括在MSSP安全服务及其产品的范围内,而不仅仅是 endpoint to spot threats earlier and stop them faster.
A tailored program for your businessmssp应该了解并提供对您独特环境的可见性, and provide tailored guidance to reduce attacker success, respond to events quickly and confidently, and advance your security posture.
Foundational security capabilities, not just reports of alerts:托管服务客户通常将获得其MSSP团队使用的技术的完全访问权. This usually includes dashboards, reporting, and the ability to further customize information and alerts if needed.
Gartner defines an MSSP 作为一家“提供安全设备和系统的外包监控和管理”的公司.” The key word in that sentence is “outsourced.“如果一个安全组织正在考虑将其程序的功能外包, 很可能他们非常需要帮助来监控和保护他们的网络.
That can be due to budget cuts, lack of skilled talent, or ramping up new services or products that need to be secured. mssp涵盖了一个合格的安全程序的大部分(如果不是全部)功能.
MDR提供商通常将执行诸如24x7监控和基于端点的攻击者情报等职责,以防御高级威胁. MDR 是否还应根据对客户环境和安全目标的深入了解提供量身定制的服务. 服务从业者还应该能够使用多层检测方法找到已知和未知的攻击者.
MVM专家帮助客户建立或改进漏洞管理程序,更好地保护网络资产. 它们将提供威胁暴露的全面图片,以便进行优先排序和补救. MVM服务的特性通常包括由分析人员执行的扫描配置, monthly reporting, managed infrastructure maintenance, and asset discovery.
应用程序开发已经足够短暂了,没有实际地将安全性强加于流程并产生摩擦. A managed appsec provider should be able to assess, report on, and improve application security posture. They’ll typically be able to account for most modern frameworks, support internal and public internet-facing applications, 并将结果精简到呈现最大风险的漏洞子集.
There are many reasons to use an MSSP. 其中最主要的原因可能是在某一实践领域缺乏人才. Upon settling on a provider, MSSP可以快速扩展客户的检测和响应能力, vulnerability management, application security, and much more.
Improved security posture: By engaging a team of experts, a SOC 是否可以更早地发现风险,缩小其攻击面,并准备好调查 digital forensics and incident response (DFIR) techniques.
Unique and valued skill sets我们已经提到了内部SOC可能会遇到的缺乏熟练人才的问题. 扩大招聘计划来吸引这些技术娴熟的独角兽可能成本高昂,而且只会雇佣一两个可能不会持续很长时间的人. An MSSP can provide access to those specialized skills almost immediately.
Less overhead雇用MSSP就不需要拥有更广泛和专业的网络安全解决方案来防御每一个威胁和堵塞每一个漏洞. Sure, the MSSP figures that cost of technology into their costs, 但他们有责任代表他们的客户跟上技术的发展. The provider will typically also offer customer access to network traffic analysis, user-behavior analytics, and more.
Faster threat or breach remediation:从每周花在补习上的几个小时到每周花在补习上的几分钟, 值得信赖的MDR合作伙伴应该能够转换SOC执行修复的能力. 随着提供商能够根据客户的环境制定专门的行动计划,修复的平均时间将大大缩短.
MSP (Managed Service Provider)和MSSP的区别在于一个是IT运营服务提供商,一个是IT安全服务提供商. It’s operations vs. security, but they really go hand-in-hand with one another, as companies must secure their operations to be profitable and viable. MSPs usually provide some basic security, like patching, threat detection and malware solutions, 但是不要提供更高级的功能,比如漏洞扫描, DFIR tools, and XDR solutions.
更多的msp已经改变了他们的指令,加入了额外的“S”,” as the greater need for security was accelerated in large part to the onset of the pandemic a few years back.
签署协议并在您的安全组织中实施MSSP服务可能是一个令人兴奋的时刻. The vendor search is over, you’ve identified your pain points, 随着一支由熟练分析师组成的庞大团队的到来,压力的缓解即将开始,他们准备好利用最新的技术为你服务.
But there is that whole searching process to go through first. How do you know who is the best, and if they’re the best for you? Let’s take a look at some considerations.
What do daily/monthly service interactions look like? 每次与MSSP通信时,是否都有一个联络点或与不同的服务代表进行交互? Is the provider simply focused on security operations, or will they also help you advance your maturity?
在威胁加剧的时代,潜在的供应商是否专注于改善您的结果? Will they analyze logs and data as well as engage in threat hunts and incident management? At the end of the day, 一旦供应商开始工作,您是否能够专注于其他业务优先级并改进您的整体安全状态?
Can a potential MSSP both collect and analyze data? 如果供应商收集的数据中没有可操作的情报,那么还有什么意义呢? 您的托管安全服务合作伙伴应该能够构建跨网络的正常用户行为的基线, 然后将新动作与从基线中学到的内容进行匹配. 利用这些数据或用户行为分析(UBA), MSSP应该能够在不依赖于事先识别的情况下暴露威胁.
Learn more about Rapid7's Managed SOC Services