Considerations when buying managed security services

The trend towards organisations of all shapes and sizes buying managed security services continues to increase and we’re seeing the rise of interest from all sectors. Is it any wonder? Access to the best talent, products and intelligence can be expensive and difficult to manage for a single organisation. Managed security providers often have the scale and expertise to provide this in a cost effective but highly skilled way.

But with so many managed security service providers out there, how do you choose the one that’s right for you? Look for expertise and reference-ability in the following:

• Managed Detection and Response and Hunting – not just the deployment of tools and letting the machine do the hunting
• True cyber threat intelligence analysts - is the threat intelligence provider just giving you a 3rd party feed or are they actually doing the research?
• Holistic contextual security – does the service provider actually understand your business and the risks to it?

Also consider how efficient and innovative your provider is. Are they, for example, using machine learning for scale and an additional level of security?

The recently published Managed Security Forum Buyers’ Guide to Managed Security report, which CGI contributed to, explores these topics in more detail.

The report maps services into basic, core, advanced and complementary and offers advice on what to look for from providers. It shows what is being commoditised and where talent is most valued, allowing CISOs and business owners to work out what they should deliver in-house and where it makes sense to bring in an outside expert.

Other findings from the report include:

• Talent remains the top priority for 21% of MSPs, followed by Managed Detection and Response (MDR) and Artificial Intelligence (11% each)
• Security architects are the hardest roles to fill for 28% of companies, followed by threat intel specialists (22%), threat hunters and senior analysts (16% each)
• Just 30% of MSPs are investing in an internal Data Science function

Managed security is moving away from a compliance tick box exercise into a full formed crucial part of the corporate architecture and national defence. It’s important that organisations get it right, or the consequences could be very serious.

For more information on what to look for in a managed security services provider, please get in touch by email at cyber@cgi.com or visit www.cgi.com/uk/cyber.