As cyber threats continue to proliferate and pressure on in-house security personnel grows, it’s become de rigueur for companies to seek third-party partners to alleviate the burden of protecting their business around the clock. As the demand has grown, an explosion of security vendors has materialized, offering varying approaches and degrees of expertise. In fact, the market for security partners grew 6.7 percent in 2018, reaching $10.7 billion in revenue, according to Gartner research.
This spike in options can be a boon to companies looking to hire a trusted security partner—if they know the right questions to ask.
If you find yourself in this position, below we’ve highlighted the seven most important questions to ask when interviewing a potential security provider:
1. What specific security solutions do you offer?
Though email and web services continue to be the attack vectors of choice among cybercriminals, your trusted advisor needs to be able to do more than secure these areas. Seek out partners that also specialize in database and endpoint security. Malicious actors understand that the modern-day enterprise is complex and use this to their advantage to break into the crown jewel of data storage—the database. A high-quality partner will help you protect these relational and big data stores, as well as overcome challenges tied to the growing number of endpoints and vulnerabilities found within the systems and applications you currently manage.
2. How do you manage client relationships?
Many security partners assign experts to new accounts without considering a client’s unique needs. This one-size-fits-all approach risks leaving those customers to fend for themselves after an alert is triggered because the provider and relationship manager don’t understand its clients’ environments and response playbooks. In a best-case scenario, security experts can specialize according to the industry and manage a small number of accounts to help ensure customer-centric delivery.
The service provider of yesteryear would focus on only detecting threats and alerting organizations. As far as their duties were concerned, the buck stopped there. But given the evolving threat landscape, assistance goes much further today. Your partner should serve as a trusted team member and immediate responder, taking an active role in analyzing, responding to, and containing a threat.
3. What does your security operations center look like?
When evaluating potential security partners, it’s critical to consider their security operations centers (SOCs), the facilities where staff monitor your systems and proactively identify and mitigate security risks.
What qualifies as a SOC can range from a small team of analysts in an office to state-of-the-art command centers with hundreds of experts divided into teams. Depending on the size and sophistication of your organization, you may need an advanced SOC staffed by specialized teams made up of ethical hackers, threat hunters, incident responders, and advanced researchers. Moreover, if you work for a large organization, a global security partner that maintains a network of operations around the world to help ensure continuity of operations is ideal. The best SOCs also serves as a de facto training camp, running frequent threat simulation exercises for its own team members and a customer’s IT personnel.
4. How qualified are your staffers?
When vetting a service provider, it’s important to ask about the credentials of the professionals who will be monitoring your systems daily, not just those of the company’s leaders. Ask whether the security analysts and consultants hold advanced security certifications such as CISSPs, QSAs or SANS certifications, and how long they’ve been responding to incidents. A reliable partner will have veteran staffers with a decade or more of experience.
On a broader level, determining a partner’s reputation in the industry is also critical. Many chief security officers rely on the Gartner Magic Quadrant for Managed Security Services when evaluating potential partners.
5. Is it an MSSP or an MDR – or both?
A managed security service provider (MSSP) will run updates, install patches, deliver configurations, and provide outsourced monitoring and management of your networks. But to navigate today’s threat landscape, your security partner needs to go much further. Most MSSPs, however, cannot analyze the huge quantity of log sources necessary to successfully detect threats and respond appropriately.
An ideal partner combines MSSP capabilities with the cloud technology, machine learning, and big data leveraged by Managed Detection and Response (MDR) providers to uncover previously unknown weaknesses in your environment and kill threats that already exist on your network. Look for a partner that combines people, process, and technology to respond to advanced threats, offering full forensic investigations and incident response services that can pinpoint the cause and extent of a breach within minutes.
6. Can you work with my existing architecture?
Successful managed security providers don’t just deliver and manage their technologies—they partner with other first-class technology providers to make your life easier. By monitoring and managing many widely used technologies, a good security partner unifies your current security applications and eliminate the need to “rip and replace” older systems. Rather than forcing you to start from scratch with a new (and expensive) implementation, these experts can build a strategy that connects products from various vendors acquired over time. Done correctly, an integrated defense comprised of legacy systems can provide a robust security solution as well as a practical alternative to dropping previous products.
If your partner understands the complexities of your business and knows your incident response playbook, it results in a program designed to support your specific needs—whether it’s security monitoring and response services, incident response, vulnerability assessment or advanced threat hunting. A good partner will offer not only seamless implementation but also ongoing maintenance and service delivery throughout the entire security life cycle.
7. Can you walk me through your response process when a security incident occurs?
Forget about partners who require you to submit a ticket or log into a portal to review outdated metrics. The best security providers share information in real-time, through multiple points of contact, on the phone, and through chat. Recognizing that companies’ chief security officers are constantly traveling, many providers are also beginning to offer mobile applications that allow clients to review incident details from their devices at any time.
Reducing risk and expanding security maturity is the goal of the security leader of today. But the problems they face far outweigh the solutions that seem to be immediately available to them. That’s why many enterprises are in search of trusted advisors that can provide them with the supplemental assistance needed to navigate the evolving threat landscape. Before you step into a meeting with your next potential security advisor, remember to keep these questions in mind as they’ll guide you in determining who your future security partner will be.
Marcos Colón is the content marketing manager at Trustwave and a former IT security reporter and editor.