Blog > Managed Detection and Response

MSP, MSSP, MDR - How do You Choose?

Month over month, the number of companies offering managed services seems to be in constant growth. Whether it is MSPs, MSSPs or MDRs, it’s sometimes tough to figure out what’s what in the wild world of cybersecurity services. It’s even harder to figure out who’s offering fits you best. But if you keep three factors in mind when you make your choice, you won’t go far wrong:

1 - Level of service (can they offer it?)

2 - Type of technology (have they got the right one?)

3 - Experience (do they have it?)

Today’s Lesson is Brought to you By the Letter M

MSP, MSSP, MDR... that’s a lot of Ms. So what's the difference?

MSP

The terms associated with managed security services have evolved. In the 2000’s, it was called an MSP (Managed Service Provider). At that time, security needs were quite different. The IT and cybersecurity teams were grouped in the same department and sometimes found themselves outsourced to an MSP (which we could translate as an IT outsourcing service).

MSSP

The services evolved, and that's when the MSSP (Managed Security Services Provider) came into the picture. MSSPs focus more on the management of security consoles and the availability and administration of security alerts. Its objective? Ensure that the consoles remain functional, up to date and in the event of a security alert, raw information gets passed on to your internal IT team.

MDR

Today, with the surge in frequency and sophistication of cyberattacks, needs have changed. It’s essential to understand the origin of alerts, to identify potential impacts, and to know how to close security vulnerabilities exploited by hackers. Managed Detection and Response (MDR) services are a response to this new reality. In today’s context, businesses need to take control of their network security. The MDR service enables a proactive approach to cybersecurity. It focuses first on detection by identifying sources of risk and monitoring. The real power of the MDR is the R - where the provider analyzes the threat and provides actionable remediation measures to counter the threat and minimize any impacts.

TL: DR

The needs of organizations have changed over time. From MSP to MSSP, organizations today must prioritize MDR services to adapt to the evolving cyberthreat environment.

Level of Service

When you choose a service provider, ask: Does the service provider only offer cybersecurity services?

More and more opportunistic companies are adding a cybersecurity component to their IT service offering. Unfortunately, according to many cybersecurity experts, this is a conflict of interest when it comes to serving a client. More often than not, organizations that offer IT outsourcing and computer security services can find themselves in a situation where their security personnel are in conflict with their own IT team. And it’s important to understand that IT management expertise is not IT security expertise.

Cybersecurity is a complex, fast-evolving field. It’s essential to make sure you choose a partner whose focus is security management and whose team is 100% dedicated to cybersecurity.

The Tech

There are a multitude of technologies you can base a managed services offering around. And, even inside a segment, the tools are very different from one another. Here are three common tools on the market: SIEM, BDU and NDR log analysis.

SIEM

A SIEM (Security Information and Event Management) is a tool created to centralize security logs and events, such as failed or successful access attempts. SIEM allows the monitoring of specific elements in the computer park. Continuous maintenance is required to ensure that new machines in the network get integrated into the SIEM console.

EDR

EDR (Endpoint Detection and Response) is a security solution designed to detect cyber attacks on endpoints. EDR technologies are like next-gen antivirus programs with additional functionality. They are designed around a centralized console allowing visibility of all endpoints deployed in the infrastructure. EDR solutions go beyond simple signature-based detection: they use memory analysis, behavioural analysis and compromise indicator detection. EDR solutions do have important limitations. They don’t provide visibility into Internet of Things (IoT) devices or the cloud. And, even in mid-sized businesses, EDR systems often cause conflicts with existing antivirus software.

NSM

Based on the network communication flow analysis, NSM (Network Security Monitoring) technologies focus on detection. Its biggest advantage: 360° visibility on machines such as printers, IP phones, IoT devices, connected telephones, security cameras, etc., can be used to detect the presence of a network. Today, it’s essential to monitor all network-connected devices, since they are often used as relays by hackers. NSM-type technologies also offer an earlier detection capability, which makes it possible to identify intrusion signals early in the hacking process. This type of technology provides an additional security layer and doesn’t interfere with antivirus software already in place. In addition, the NSM incorporates automatic discovery capabilities for new machines on the network.

Level of Expertise

Maybe the most important factor to consider when selecting a partner is the expertise of their security team. Real-world, human experience is maybe the most critical component of your partner’s offering.

There are many areas of expertise in cybersecurity and managed service providers reflect this. Make sure you validate that your provider has all the qualifications to handle security alerts (team of dedicated security analysts, qualified personnel, etc.). With the sophistication of computer attacks, security analysts must be able to interpret all attack signals, understand hacker techniques, and provide recommendations to mitigate security risks. Make sure your security provider has all of the following profiles on its team: chief cybersecurity officer, cyberattack management expert, incident response expert, malicious code analyst and a reverse engineering expert.

Take-Aways

When you choose your managed security service provider, remember three things. Select the technology that fits best. Define the level of support you need. And choose an organization with the expertise to execute on your cybersecurity strategy.

Find out how StreamScan MDR Service can Protect Your Network

We’re convinced that after seeing our MDR network monitoring solution in action, you won’t want to leave your network unprotected again. So we are offering a 30-day free trial that includes:

  • Fact-finding session
  • CDS configuration
  • 30-day free Proof of Concept
  • First month activity report and recommendations

Email: Freetrial@streamscan.ai

Phone: 1 877-208-9040