An MSSP, or Managed Security Service Provider, is a business which offers cyber services to other organisations.
Some organisations fully outsource their cyber security requirements to MSSPs, while others only outsource specific aspects.
MSSPs differ from MSPs (Managed Service Providers) in that they specialise in cyber security. By contrast, MSPs are more focused on the remote management of IT infrastructure. Many MSPs do offer security services but, owing to the highly specialised nature of cyber security, some chose to partner with MSSPs.
What services do MSSPs provide?
MSSPs offer a range of cyber security services, typically delivered via a Security Operations Centre (SOC). These services include management and monitoring of security technologies, continuous threat detection, vulnerability management and incident response.
What are the benefits of using an MSSP?
Working with an MSSP can help organisations to:
• Elevate cyber security maturity
• Gain additional expertise to address gaps in knowledge
• Make cost savings compared with investing in cyber security in-house
• Get more out of cyber security technologies
• Meet compliance requirements
How do MSSPs differ to MDR providers?
To elevate threat detection capabilities to a new level, a growing number of organisations are now choosing to work with Managed Detection and Response (MDR) providers in favour of MSSPs. Research by Gartner suggests that a quarter of organisations will be using MDR services by 2024.
Whilst MSSPs and MDR providers both offer 24/7/365 security monitoring, there are some crucial differences to be aware of. One of these is that, unlike MSSPs, MDR services are commonly turnkey – they supply human expertise, threat intelligence and a range of detection technologies as part of one comprehensive service offering. MSSPs, on the other hand, usually offer only one or two elements of the cyber security services required, for example, providing security personnel but not the specialist technology.
Another key difference between MSSPs and MDR providers is a contrasting approach to threat detection. MSSPs tend to be focused on alert triage and management rather than incident investigation, incident response and remediation. A key differentiator of MDR providers is that they don’t just wait for alerts to be generated and provide actionable remediation guidance and automated playbooks to help organisations respond.
To achieve a more proactive approach, MDR providers utilise the latest endpoint detection and response (EDR) platforms to hunt for, contain and isolate threats. On the other hand, the detection coverage of MSSPs is mainly focused at a network level, gained through the management of firewalls, intrusion detection systems and SIEM tools. Unlike MDR providers, many MSSPs don’t offer solutions for cloud security monitoring.
With so many aspects to consider, selecting an MDR or MSSP provider can be challenging for organisations. The differences between them are outlined further in a new report, MDR Market Guide: reducing the costs and risks of cybersecurity investments, from independent technology research and analyst house, Bloor.
About ThreatDetect™ MDR
ThreatDetect from Redscan is an outcome-focused Managed Detection and Response service that, through a turnkey approach, supplies the support and insight needed to rapidly detect and rapidly respond to current and emerging cyber threats before they become business impacting events.
Integrating experienced cyber security professionals, a best of breed of technology stack and the latest cyberoffensive intelligence, ThreatDetect operates as an extension of an organisation’s team to expand threat visibility and coverage plus disrupt and eliminate threats at the earliest stages of attack. The service provides wide-ranging visibility across public and private cloud environments, including AWS, Azure, Office 365 and G Suite. ThreatDetect has a Net Promoter Score of 58, distinguishing the service as ‘excellent’.