When you have both an MSP to manage your IT infrastructure, endpoints, and Cloud Service Providers, and a separate MSSP for security monitoring and alerting, there are likely gaps in your overall strategy that neither party has brought to your attention. These can leave both security and IT operations management tasks unfulfilled and create holes in your security posture.
Here are some of the high level responsibilities that must be fulfilled by yourself or a third party to fill these gaps.
Review of 3rd Party Security Vendor Recurring Reports
A responsible party will review the recurring reports generated by the MSSP or third-party security vendor. The purpose of this review is to assess the security posture of the CLIENT’s system and networks as outlined in the reports and determine resulting action items.
Review and Coordination of Configuration Changes
A responsible party will need to undertake the task of reviewing and coordinating configuration changes recommended by the MSSP or third-party security vendor. These changes will need to be evaluated for compatibility with the client’s existing IT environment, and appropriate adjustments will be made to ensure optimal system performance, stability, and security.
Alert Ingestion and Response
A responsible party will need to be responsible for ingesting and responding to alarms generated by the MSSP or third-party security vendor’s monitoring systems. The responsible party will assess these alarms according to our standard Service Level Objective and take necessary actions in accordance with predefined procedures.
Procedural Definitions for Alarms, Events, and Information
A responsible party will work with the CLIENT to establish clear and comprehensive procedural definitions for alarms, events, and information received from the MSSP or third-party security vendor. These definitions will be used as guidelines for service delivery staff response and remediation activities.
Participation in Meetings with MSP and MSSP and/or Third-Party Security Vendors
A responsible party will actively participate in meetings with the third-party security vendor as required. These meetings should facilitate effective communication, coordination, and collaboration between all parties involved in ensuring the CLIENT’s security posture.
In summary, you as the CLIENT are still responsible for making decisions about how recommendations from the MSSP should be interpreted, and might rely on guidance provided by your MSP. However, neither party is responsible for the security of your organization at the end of the day. You should stay informed about processes, procedures, policies, and any configurations that could potentially impact your security posture.