The ideal managed security service provider?

Your answer was selected as a Good Answer
Your Public Answer:
“The answer has a business and a technical dimension On business side, the managed security services provider (a.k.a. MSSP) must determine the target market correctly. Services differ from country to country, from sector to sector. An ideal MSSP should be addressing the target markets’ concerns. I will not elaborate more about it and focus into the technical side. Here are the initial check marks on an ideal MSSP 1) Information security know-how of existing workforce. People matters; the engineers who will be handling complex operations are a key element. Check retention rate, average years of INFOSEC experience, certifications, network know-how etc 2) 3rd party security certification. Customers give the keys of all of their assets to MSSP. MSSPs must be audited , tested by 3rd parties regularly, check for ISO 27001, SAS-70 or similar certifications 3) Redundancy and resilience. MSSPs must have more than 1 security operation center, all of your data cannot be risked in a single location. Operation of customers' business should not be effected with a failure of any single component on MSSP side 4) Privacy Concerns. Make sure that the MSSP understands the privacy as well as the security. Verify regional privacy requirements 6) Support for a large set of over the counter security appliances. Most of the MSSPs can only support a small subset of security devices, this will limit the functionality at customer side 7) Event correlation engines and algorithms. Security Event Management is a key feature. Verify that the MSSP can correlate alerts among multiple systems, brands, locations etc. This is a very complex business when billions of alerts are received. 8) Device management capability. IT is not just remote monitoring, sometimes MSSPs need local presence at customer premises. Large scale MSSPs do not rely on central management consoles and develop their own customer premises equipment. These devices allow log collections, local alert correlation, backups, out-of-band access, power control, dial-backup, bare metal installs etc. MSSP CPE allows 1 single connection from MSSP to customer instead of hundreds of punches on external firewalls. 9) Vendor relationship, if the MSSP is managing an information security appliance, there will be times where strong vendor support is required, make sure that the MSSP has highest vendor partnerships, and maximum number of product certified engineers 10) Portal. All customer facing operations should be available on portal with extensive reporting. Access must be controlled with strong authentication. Portal should have its own application server to increase functionality and speed (instead of a database interface). 11) 7X24X365 multilingual phone support. Ability create ticket, requests via alternative channels (portal should not be the only interface) 12) Rock Solid Service Level Agreements.(SLAs). SLAs must be detail oriented and they should cover all the corners. There must be clear response times, availability promises, escalation procedures. A charge back schema is essential when SLAs are not met. 13) Change Management, Problem Management, Incident Management, Configuration Management and other major tasks must be well documented, and MSSP must supply these services for the customers 14) Compliance support. IF the target markets require compliance, MSSP should offer packaged solution (e.g. PCI) 15) Dedicated technical account manager (TAM). Customers should not be talking with a new face when they have questions. Customers need a technical contact who understands their resources, network, requirements etc. 16) Solid QA process, quality of the services must be monitored by an independent QA process 17) Integration with 3rd parties. MSSP should be able to communicate with customer hosted or internet hosted services, like compliance packages, risk management systems, SMTP security providers, DR Services etc truncated by linkedin..”