Mitigate Cyber Attacks with Outsourced Cyber Security Services
How can a law firm select a suitable Managed Security Service Provider
The use of Managed Security Service Providers (MSSP) in the last few years has become accepted by larger law firms as a solution to improving the efficacy of their cyber security defences. The key drivers for this outsourcing remain the continued shortage of skilled cyber security professionals and the increasing complexity of modern cyber attack methodology.
The definition of an MSSP is neatly defined by Gartner as:
‘A managed security service provider (MSSP) provides outsourced monitoring and management of security devices and systems. Common services include managed firewall, intrusion detection, virtual private network, vulnerability scanning and anti-viral services. MSSPs use high-availability security operation centres to provide 24/7 services designed to reduce the number and cost of operational security personnel.’
Why would you use an MSSP?
The benefits of using an MSSP include the following:
• Significant cost advantage with a reduction in manpower and spend on technology
• Immediate service delivery independent of delays in recruitment and training
• Continuous monitoring of cyber security status on 24/7/365 basis
• Use of advanced technology particularly early threat detection and remediation
• Access to knowledge of global threats and attack methodologies
• Regular security health checks with automated and manual testing
• Clear and concise management reports
Now available for smaller organisations
MSSP services have until recently been relatively expensive and only afforded by the larger enterprise. The ability of an MSSP to deliver its services will usually rely on its partnership with specialist security application vendors such as Alien Vault, Carbon Black and Cybereason. Many of these vendors are now using multi-tenanted, web services to enable rapid deployment and significantly reduce costs. The net result is that a few MSSP’s are now able to offer service packages with ‘subscription style’ prices as low as £30/user/month on an annual basis.
How do you select a Managed Security Service Provider?
All MSSP partners must offer the knowledge and technical solutions to identify vulnerabilities in your organisation before cyber criminals do. They must also detect threats that evade your defences before they have an impact. These services should rely on event and behavioural analysis that is underpinned by global threat information intelligence used to cross-check and correlate with the latest known attack methodologies.
Your MSSP must have the resources to protect your organisation by implementing the appropriate security controls. These may be technical but should also include controls that mange the ‘insider-risk’ posed by any member of your own staff.
Ideally, you should also look for a service which provides a monitoring infrastructure that supports service logging and regular reports. Most MSSP’s now provide a Web interface with live data that can be shared by their engineers and your IT managers at any time.
Last but definitely not least; in the event of an attack, you will need immediate and managed remedial action to eliminate or reduce the impact of potential data loss, theft or loss of reputation.
Phone: 0333 311 0121