Boaz Shunami, CEO of Komodo Security Consulting, said one area MSSPs can be an advantage is in red team exercises (real attack scenarios), red vs. blue team exercises. penetration testing, threat intelligence centers and incident response and forensics capabilities. “Replacing these with internal employees will usually prove to be less effective, with larger learning curves and, in general, less value over longer periods of time.”
Tom Bain, vice president of marketing at CounterTack, believes organizations want to "collapse the stack" and move to fewer providers and platform offerings. They want less agents and ultimately not as many providers under the hood. “Taking technologies into a managed deployment gives an enormous advantage to MSSPs who can remove the burden from operators, monitoring and responding to threats on their behalf,” he said.
Not so fast
While those interviewed do see pros to MSSPs, they also have some issues with blindly giving up security.
Westby said as with most services, “there are many that over market and under deliver on true security service. Taking the time to get under the covers of how the service is provided and validate how they will protect your company is important in vendor selection. Maintaining security leadership and program/vendor oversight in-house is also very important. “
It’s important to factor in the overall requirements and needs of the organization, said Javvad Malik, security advocate at AlienVault. For example, if a company has many custom apps that need customized monitoring, then in-house may be more appropriate than an MSSP. Other considerations can include whether there’s a preference for dedicated personnel or regulations that require data to be stored locally.
“If a company does choose to opt for an MSSP it’s important to evaluate them for effectiveness and their ability to execute on their methodology. Finding the right type of MSSP that is a good cultural fit with your organization is just as important as finding one with technical the right technical skills.”
Malik said there’s no easy or right answer to this – both approaches have their own challenges and benefits. But it’s best to make an informed decision based on budget, expertise, and desired outcomes.
Salim Hafid, product manager at Bitglass, believes that for many of the most security conscious industries and organizations, in-house security is a must. An in-house security team with specialized knowledge of the security capabilities necessary to achieve compliance and that can evaluate multiple security solutions against their needs, can be very effective.
Having in-house security allows you to build on tribal knowledge that is not easy to export to a third party, Hoyos said. “Your internal team will better understand the risks you face, including internal risks from your own personnel, which is something that an MSSP simply cannot do without boots on the ground.”
Sign up for CIO Asia eNewsletters.