In this episode of Breakfast Bytes, Felicia explained the key differences between Managed Service Providers and Managed Security Service Providers, emphasizing that organizations should prefer MSPs acting as their full internal IT departments for security functions unless they are the IT department and lack necessary technical skills. She highlighted the limitations of the current incident response paradigm, particularly the challenges with outsourcing security monitoring to MSSPs and the lack of effective escalation to capable incident response teams. Felicia stressed the importance of having a skilled incident commander with strong decision-making authority and technical expertise to effectively handle security incidents.
Summary
MSP vs. MSSP Security Services
Felicia discussed the differences between Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs). She explained that MSPs act as outsourced IT departments, handling various IT functions, while MSSPs focus specifically on security services. Felicia emphasized that organizations should aim for their internal IT departments, or their full-service MSP to handle security functions rather than outsourcing to MSSPs, unless they have an internal IT team that lacks the necessary technical skills. She advised that organizations with revenues of $300 million or more should consider hiring in-house talent or outsourcing to large, well-funded companies to avoid potential legal issues with smaller providers.
Enhancing Incident Response Effectiveness
Felicia discussed the limitations of the current paradigm in incident response, highlighting that outsourcing security monitoring to MSSPs often results in a flawed workflow and a lack of true escalation to capable incident response teams. She emphasized that effective incident response requires a highly skilled incident commander with deep technical knowledge, rapid decision-making authority, and an understanding of organizational politics, which is typically lacking in both internal IT departments and outsourced security providers. Felicia also pointed out the need for clear leadership and decision-making authority during incidents, as well as the ability to make immediate technical and policy changes without being hindered by organizational politics.
Felicia discussed the limitations and risks of outsourced security services, emphasizing that while they may provide a false sense of security, they are not a substitute for internal capabilities and the need for organizations to maintain authority over their security decisions. She explored the challenges and risks associated with using managed security services providers and outsourcing MDR or SOC services, highlighting the importance of understanding service offerings and making informed decisions rather than relying on trust or price. Felicia concluded that while MSSPs might be suitable for very large organizations, direct purchasing from software manufacturers could often be a better option.
Outsourced Security: Limitations and Risks
Felicia discussed the limitations and risks of outsourced security services, emphasizing that while they may provide a false sense of security, they are not a substitute for internal capabilities. She highlighted the importance of understanding the limitations of basic security tools like Sentinel One basic licensing and the potential risks involved when using intermediaries. Felicia stressed the need for organizations to have the authority to make changes based on real data and real issues in their environment, rather than relying solely on outsourced services.
MSSP Risks and Vendor Selection
Felicia discussed the challenges and risks associated with using managed security services providers (MSSPs) and outsourcing MDR or SOC services. She highlighted the lack of visibility into configurations and processes when purchasing through distributors, which can lead to significant security gaps and risks. Felicia emphasized the importance of making informed decisions based on detailed understanding of service offerings, rather than relying solely on trust or price. She concluded that MSSPs should only be considered for very large organizations that require a large counterparty for liability and risk balancing, and even then, direct purchasing from software manufacturers might be a better option.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
The MeatEater Podcast
Building on the belief that a deeper understanding of the natural world enriches all of our lives, host Steven Rinella brings an in-depth and relevant look at all outdoor topics including hunting, fishing, nature, conservation, and wild foods. Filled with humor, irreverence, and things that will surprise the hell out of you, each episode welcomes a diverse group of guests who add their own expertise to the vast world of the outdoors. Part of The MeatEater Podcast Network.
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you wonāt hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, youāve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by Audiochuck Media Company.