Blog
MSSPs come in all shapes and sizes. Which one is the best fit for your organization?
Goldilocks and the three MSSPs
Cybersecurity Awareness Month is the perfect time to pause and reflect on your cybersecurity program. Is it the right fit for your business?
As you explore MSSP options, consider taking a Goldilocks approach—inquisitive, selective, and bold—to find the option that’s “just right” for your business.
Some MSSPs are impressively large and skilled at working with one tool very well. They’ve got you covered with a basic set of rules that they use for everyone, regardless of business size, scope, or industry. They exhibit utmost confidence in their abilities and, as a result, don’t care about any other tools you have or need. They’ll sound the alarm dutifully when an incident is afoot—just don’t ask them to help out. And definitely don’t expect them to predict the likelihood of future cyber risks, or have any opinions on how cybersecurity could help meet the specific goals of your business. They can only go so far.
Goldilocks didn’t settle when she found porridge that was too hot or too cold. She kept shopping until she found the one that was just right. If you need more than a one-trick pony MSSP, take Goldilocks’ approach: keep looking.
Some MSSPs will claim to integrate with everything—jack of all technologies, master of a few, if you’re lucky. You provide the tools, and they’ll monitor them. How familiar are these MSSPs with your tech stack? Don’t worry, they’ll figure it out. They can be a comforting presence in a fearful industry. As for analysis, they’ll give you data by the terabyte, and may even provide a surprisingly comprehensive summary of your potential threats—but it’ll still be up to you to prioritize them. Maybe they can launch into incident response twice a year, or more, for an additional fee. Maybe they can stumble their way through monitoring a hybrid cloud environment. Maybe they’ve put machine learning on the roadmap. Maybe. You have to admire their optimism.
Goldilocks didn’t settle when she went looking for a chair. After finding the first too hard and the second too soft, she found the third just right—until it broke while she was sitting in it. Your MSSP selection is a much bigger, more important decision. Make sure you hold out for an MSSP that will give you the support you need—without falling apart trying to support you.
Some MSSPs come fully furnished with tested tools that the provider knows like the back of their hand, because they use these tools in their own environment. These providers think differently than the others. They genuinely care about your business and will be there for less savory moments, like defending your program to the board, or guiding an auditor through all the ways they meet (and exceed) compliance standards. These MSSPs have seen all kinds of threats and understand that the only way to stay one step ahead of attackers is to continuously evolve to the attackers’ tactics. They provide a purpose-built platform that did cyber mesh before cyber mesh was a thing, develop their own intelligence and tools, and harvest threat intelligence with the voracity of, well, a bear.
And though these MSSPs are likely a bigger investment than the others, when it comes to value, maturity, and expertise, there is no comparison. In the cyber world, if you think you’re getting a great deal, it’s probably too good to be true, and by the time you discover this, it’s usually too late.
Goldilocks rejected the beds that didn’t meet her needs. She held out for the bed that was just right—the one that gave her a good, solid sleep.
When you choose your MSSP, be like Goldilocks: Find the one that’s just right. SEI Sphere may be that MSSP for you. Learn all the ways we made the best custom security information and event management (SIEM), the comfiest cloud migration, and the coziest network management.
Goldilocks didn’t settle—why should your business?