Learn about the different types of managed 安全 service providers, 以及哪些能力是必不可少的.
2024 耐多药买家指南A 托管安全服务提供商(MSSP) is a company that takes on some – or all – aspects of a customer’s cyber安全计划. MSSP is a catch-all term for many different types of service providers, 这是否是漏洞管理, 检测和响应, 或者应用程序安全性. mssp应精通多种能力,包括:
主动和被动的安全方法:全面的 安全计划 需要做的不仅仅是应对威胁, it needs to go in search of them 和 stop them before they can get near the network. 前瞻性方法论 扩展检测和响应(XDR) should be included in the scope of an MSSP 安全 service 和 its offerings, going beyond the 端点 更早地发现威胁,更快地阻止它们.
为您的企业量身定制的方案: MSSPs should learn – 和 provide visibility into – your unique environment, 并提供量身定制的指导,以减少攻击者的成功, 迅速而自信地对事件作出反应, 提高你的安全姿态.
基本的安全功能,而不仅仅是警报报告: A managed services customer typically will receive full access to the technology their MSSP team uses. 这通常包括仪表板, 报告, the ability to further customize information 和 alerts if needed.
Gartner定义了MSSP as a company that “provides outsourced monitoring 和 management of 安全 devices 和 systems.这句话的关键词是“外包”.” If a 安全 organization is considering outsourcing functionality of its program, likely they’re very much in need of help in monitoring 和 securing their network.
这可能是由于预算削减, 缺乏熟练人才, 或者增加需要保障的新服务或新产品. MSSPs cover most – if not all – functionalities of a competent 安全计划.
耐多药 providers typically will perform such duties as 24x7 monitoring 和 端点-based attacker intelligence to defend against advanced threats. 耐多药 should also provide tailored service based on a deep knowledge of a customer’s environment 和 安全 goals. Service practitioners should also be able to find known 和 unknown attackers with multi-layered detection methodologies.
MVM experts help customers build or improve 脆弱性管理 programs 和 better protect network assets. They’ll provide a comprehensive picture of threat exposures for prioritization 和 remediation. Features of MVM service typically will include scan configurations performed by analysts, 月度报告, 托管基础设施维护, 以及资产发现.
Application development is already ephemeral enough without practically forcing 安全 upon the process 和 creating friction. 托管应用程序提供商应该能够评估, 报告, 并改善应用程序的安全态势. 他们通常能够解释大多数现代框架, 支持内部和公共面向internet的应用程序, streamline results to the subset of vulnerabilities that present the most risk.
使用MSSP有很多原因. Perhaps chief among them is lack of personnel in one practice area or another. 在选定供应商时, an MSSP can quickly extend a customer’s capabilities in 检测和响应, 脆弱性管理, App 保护, 还有更多.
改进的安全态势通过聘请一组专家,a SOC can uncover risks earlier, shrink its attack surface, be ready to investigate with 数字取证和事件响应(DFIR) 技术.
独特而有价值的技能组合: We’ve already referenced the 缺乏熟练人才 an in-house SOC may be experiencing. Ramping up a hiring program to attract these skilled unicorns can be costly 和 result in only one or two hires that may not last long. MSSP可以 提供访问 这些专业技能几乎是立刻就能掌握的.
减少开销: Hiring an MSSP negates the need to own the more extensive 和 specialized cyber安全 solutions to defend against every threat 和 plug every vulnerability. 确定, MSSP将技术成本计算到成本中, but it's their responsibility to stay current on that technology on behalf of their customers. 提供商通常还将向客户提供对 网络流量分析, 用户行为分析等等.
更快的威胁或破坏补救: From hours 和 hours spent on remediation each week to minutes spent each week, a trusted 耐多药 partner should be able to transform a SOC’s ability to perform remediation. The average time to remediate will significantly decrease with the provider’s ability to create a plan of action specifically tailored to a customer’s environment.
The difference between a Managed Service Provider (MSP) 和 an MSSP is that one is an IT operations service provider 和 one is an IT 安全 service provider. 是运算vs. 安全, 但它们确实是相互关联的, 因为公司必须确保他们的运营是有利可图的和可行的. msp通常提供一些基本的安全性, 像打补丁, 威胁检测和恶意软件解决方案, but stop short of offering more advanced capabilities like vulnerability scanning, DFIR工具, 和XDR解决方案.
More MSPs have been shifting their directives to include that extra “S,更大的安全需求 加快 在很大程度上是由于几年前大流行的爆发.
The signing of the agreement 和 the implementation of an MSSP’s services into your 安全 organization can be an exciting time. 供应商搜索结束了, 你已经发现了自己的痛点, the alleviation of stress is set to begin with the arrival of an extended team of skilled analysts ready to leverage the latest technology on your behalf.
但首先要经历整个搜索过程. 你怎么知道谁是最好的,他们是否最适合你? 让我们来看看一些注意事项.
每日/每月的服务交互是怎样的? Is there one point of contact or will you interact with a different service representative each time you communicate with your MSSP? 提供商是否仅仅关注安全操作, 或者他们也会帮助你更成熟?
Is a potential vendor focused on improving your outcomes in the age of heightened threats? 他们会分析日志和数据以及参与吗 威胁狩猎 事件管理? 在一天结束的时候, will you be able to focus on other business priorities 和 improve your overall 安全 posture once the vendor has begun its work?
一个潜在的MSSP能收集和分析数据吗? If no actionable intelligence comes from the data a vendor collects, then what’s the point? Your managed 安全 services partner should be able to build a baseline of normal user behavior across the network, then matching new actions against what’s been learned from that baseline. Leveraging this data – or user behavior analytics (UBA) – an MSSP should be able to expose threats without relying on prior identification in the wild.
了解更多关于Rapid7的信息 托管SOC服务