For organizations looking to protect themselves from cyber threats, one question is front and center: Do you choose to use a managed security provider (MSP) or do you dedicate in-house resources?
This question is one that must be answered whether you work at a multinational corporation with a team of analysts in a security operations center or a thriving small business with a limited IT staff.
If you look back at the recent cyber security breaches, you see many affected organizations have owned and implemented relevant cyber security technologies. But simply purchasing security technologies does not mean you are safe.
It’s really about whether those technologies are effectively managed.
So how do you know which management option is the best choice for your organization? Let’s first evaluate the risks of each.
Decreased Familiarity with Environment and Business: As an outside organization, an MSP could struggle to understand or stay updated on changes occurring within your environment.
Loss of Control and Visibility: As you rely on an MSP for your security, you empower the MSP to make decisions regarding products, controls, settings used within your environment.
Increased Risk: You are trusting another company to secure your organization’s sensitive information. Giving up the reins inherently comes with risk.
A Breakdown of Communication: History has told us that reoccurring alarms might be ignored or silenced with an MSP. Let’s use an example. Suppose a customer tells an MSP not to address an alarm about a malfunctioning log collector because work is being performed. The MSP then continues to ignore the alarm, even after work has been completed. Leaving a potentially important alarm un-investigated.
Costs: It can be expensive to run an in-house security team. There are significant costs to hiring and housing employees as well as paying salaries and benefits.
Expertise and Experience: MSPs are dedicated and expert staff that specializes in security. They work with security tools daily and have most likely encountered the problem you are experiencing before. Also, MSPs are likely to have the most up-to-date training and knowledge of the changing threat landscape.
Support: Most MSPs have 24/7 support alongside vendor support. Some may have heightened support contracts with the vendor, which means you do too.
Alarm Fatigue: Due to the volume of alarms, some analysts will ignore them rather than tweaking to reduce noise. Also it is common that in-house analysts will use local knowledge to justify alarms, leaving potential incidents uninvestigated. (For instance, “Oh don’t worry about that alarm, that always happens because…”)
Here are a couple more questions and answers to help to inform your decision:
SIEM managed services are typically implemented in two ways:
The short answer is no. Exact responsibilities should be discussed and included in your contract with your selected MSP. But here are some things that you will likely be on the hook for:
Shameless plug: 🙂
Whether you choose a MSP or dedicate in-house resources to run your SIEM, LogRhythm has got you covered. In addition to having world-class support and training resources available, we have many awesome partners that are able to provide managed services that fit your needs using the best SIEM on the planet.
Click here to see how LogRhythm helps detect, prioritize and neutralize advanced cyber-threats.
Security strategies are evolving; driven by regulatory requirements, customer expectations around data privacy and AI-driven…
In our April 2024 quarterly release, LogRhythm Axon showcases new enhancements from its two week…
In our April 2024 quarterly release, LogRhythm SIEM introduces new enhancements to bring you faster…