Using a managed security service can be a great way to gain enterprise-class security without making big investments in-house. For mid-size companies it can be especially attractive because it allows the existing IT team to be more efficient and productive without adding headcount.
The key to an effective security program is a combination of people, process and technology. It’s no different when a third-party managed service is part of the solution. Managed service providers, by and large, have access to the same types of security tools and technologies. What sets one apart from another usually comes down to people and process.
Here are four tips for evaluating managed services and finding the right fit for your security and compliance goals.
- 24x7 Security Operations Center – It may seem obvious, but to do continuous security monitoring, the SOC needs to be staffed continuously, with analysts who can investigate and respond to events in real time. Some MDR vendors try to substitute technology for human intelligence, and their SOC operations turn out to be business-hours only. People are critical part of your security program. Be sure to ask who, what, and when.
- SOC 2 Compliance – It’s important that the organization securing your data can prove they follow good security practices. It’s even better when it’s validated by an independent third party. SOC 2 is compliance program for service organizations that audits the security controls in place at a managed service provider. Don’t forget to ask about security controls and compliance programs before selecting a vendor.
- Process and Workflow – Do the managed services include integrated workflows that help your team with incident response and vulnerability remediation processes? Or is the service provider simply forwarding along alerts from the SIEM, IDS or another tool? To help you follow security best practices and meet compliance requirements, your service provider should be enabling continuous processes, not just throwing data at you and leaving the rest to you.
- Reporting – Similarly, the reporting you get from your managed service provider should measure and track performance metrics that help you with security processes and continuous improvement. If the service provider is only forwarding along a standard report from the security tool, they are not adding a lot of value. Look for reports and dashboards that are tied into workflows and ticketing systems, so that your team’s performance can be measured over time.
If you're considering managed security services, consider SOCVue from Cygilant. Our combination of people, process, and technology enables organizations of all sizes to access enterprise-class security programs at an affordable cost. Our 24x7 Global SOC team acts as an extension of your team providing round-the-clock security monitoring, vulnerability and patch management, along with guidance for remediation and the necessary reporting for compliance audits and to demonstrate measurable improvements in security posture. Get a demo today to find out how Cygilant can help your organization reduce risk and improve security.