This year a new acronym has grown in common parlance: MSSP, short for Managed Security Services Provider.
This seems to have arrived from the trend in “Security as a Service” to replace the security consultants equivalent of break/fix, where they move in once everything is already in deep trouble.
The functions these firms offer cover round-the-clock monitoring and management of intrusion detection systems and firewalls, overseeing patch management and upgrades, performing security assessments and security audits, and of course, at the end if the protection service has failed, responding to emergencies and cleaning up the mess.
While some conventional MSPs are moving into MSSP services, others who come from a security consultancy background find they can build up recurring revenue by offering preventative services to their clients. Overall the growth in this sector is fast and profitable, partly driven by Ransomware trends including RaaS (Ransomware as a Service) software, which is freely available on the dark web, now being increasingly advertised on the open web.
But what do they need from a PSA system?
- Highly configurable service ticket workflows that enable them to model quite bespoke ways of dealing with attacks, with certainty alongside other preventative actions and booking periodic penetration tests
- Checklists on ticket stages underpinning the quality monitoring of these rare events so that nothing is missed
- Good integrations with back-up software that can fire a restore directly from the ticket
- Clear contract and service definitions built into the engagement paperwork, clarifying the service offered and qualifying liabilities
- Strong but flexible contract billing to support recurring prevention services, potentially asset-based
- Clear knowledge base, with selections available to customers, supporting full text search capabilities, ideally with the ability to forward a knowledge base link to a customer mail-group functionality to warn everyone of an attack in a single action
Certainly the world is not getting safer. Responsive and configurable PSA solutions need to come to the table with the tooling MSSPs need to protect their customers.