Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

5 Things IT Should Ask Managed Security Providers

Over the past five years of running a managed security service offering, I’ve received no shortage of questions and requests from customers. They run the gamut from the completely outlandish to questions that have legitimately influenced change. Regardless of the question, it’s important for managed security providers to listen to their customers and accept feedback, whether it’s positive or negative. 

Over the past five years of running a managed security service offering, I’ve received no shortage of questions and requests from customers. They run the gamut from the completely outlandish to questions that have legitimately influenced change. Regardless of the question, it’s important for managed security providers to listen to their customers and accept feedback, whether it’s positive or negative. 

While it’d be impossible to dig into all of the requests I’ve received over the years, here are some of the types of requests we’ve received that may make sense for you to ask your own provider.  

1. Can you generate a monthly report on metrics that measures the value of your service? 

Metrics are important. Pretty graphs and pie charts are helpful to bring to management to demonstrate the return on investment (ROI) they’re receiving, but determining how to measure value can be quite different (and difficult) from one customer to the next. Service offerings should be able to provide statistics on the number of high-fidelity cases raised, mean-time-to-detection (MTTD) data, and possible mean-time-to-remediation (MTTR) data, depending on the deliverables. Having the ability to either generate these types of reports yourself or requesting the managed service to do so will help drive the maturity of your controls and should let you see the value you’re receiving from the offering. 

2. How can our teams work more closely together during a security incident? 

I personally love getting this question. Your managed service should feel like an extension of your own team. Working closely during incidents or even responding to specific security alerts can form a stronger bond between both entities. Learning from experienced professionals can also help improve the skill set of your own organization. Any time we have the opportunity to train a customer on a specific competency – something that can make them more independent and successful – we take it. 

3. Why didn’t you detect the malware we executed on our lab device? 

Let’s be honest with this one: it’s impossible to catch everything. You could have all the right security solutions and monitoring in place but still something leaks through a crack. Managed security providers do need to be on the top of their game at all times though; that’s what you pay them for. There may be instances where they miss something, but it’s critical to bring this up to them so that they can close any gaps in process or detection rules to improve the service. 

Advertisement. Scroll to continue reading.

4. Based on the level of threat activity you’ve observed in our environment, what security recommendations do you have for us? 

It’s one thing to provide a managed detection and response service to a customer. To offer feedback on how a customer can improve their internal controls can be a game changer though. Managed service organizations have a good view into your security posture, including how often threats get in and through which vectors they arrive. If patterns are observed like spikes in phishing-related compromises, then maybe it’s time to roll out a more formal security awareness campaign to your employees or additional layers of control at your email gateway. These insights can be very rewarding and asking these types of questions are a good idea. 

5. It’s 2 a.m. and we have an incident; can you join our telephone bridge to discuss? 

Service-level agreements, or SLAs, are crucial to understand. With managed service offerings, they’re typically available 24/7, but not all are. When an incident does occur, you should know what level of support is going to be offered during off hours for your time zone. Maybe only an analyst is available to discuss and not the incident manager for the team. Drawing up these expectations ahead of time is highly recommended. 

These are five questions that have come up over the years that have helped enhance our service and engage customers with a value-add experience. Managed services should be wanting and willing to improve and adapt. Don’t get me wrong, it’s important to also have reasonable expectations, but if there are opportunities to improve then that’s a benefit for both parties.  

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem