If you've researched managed services for cybersecurity, you've likely come across the terms managed service provider (MSP) and managed security services provider (MSSP). While the names are similar, there is a distinct difference in the expertise they offer, and they value they can bring to your organization.
The Challenges of Scaling Cybersecurity
Many organizations are looking at adding managed services in the face of today's cybersecurity challenges. The need for 24/7/365 detection and response is becoming critical as digital transformation increases attack surfaces and gives cyber threat actors more ways to cause harm. In addition, the global demand for skilled cybersecurity professionals is far outpacing the supply. Few organizations have the scale and budget to manage all their security without outside help. Managed services have become the better way for many organizations to efficiently protect their environments and retain the talent they already have.
Organizations just need to be sure they are choosing a partner they can trust. Your cybersecurity posture will be a constantly evolving process, so you will want a partner who can offer advice and guidance on that journey. Likewise, that partner should be bringing technology and service offerings that maximize efficiency and value.
MSP vs. MSSP
Generally, MSPs and MSSPs are defined as follows:
- MSPs help organizations keep their digital environments up and running. Historically, this has meant monitoring and managing systems, storage, networks, and other critical IT infrastructure. The scope of an MSP engagement can also include maintaining service levels for critical business applications, administering user access permissions, and provisioning remote access for mobile employees and work from home.
- MSSPs specialize in outsourced cyber defense capabilities. These capabilities include the core prevention, detection, and response functions that organizations require to fend off ever-evolving cybersecurity threats. MSSPs may also provide other security-related services such as adversarial testing, user training, and support for compliance with relevant regulatory mandates such as HIPAA and NIST CSF.
Many MSPs include some basic security-related services in their portfolios, such as firewall management and EDR (endpoint detection and response). Other MSPs offer full-blown MSSP-like capabilities.
Should you hire an MSP, an MSSP, or both?
The following chart provides an overview of how an MSP and/or an MSSP may offer your organization good value:
| Organization size | Consider an MSP for… | Security needs | Consider an MSSP for… | |
|---|---|---|---|---|
| Large | Well-staffed | Supplemental off-hours support | Significant | MDR, adversarial testing, incident services |
| Typical | XDR support only, adversarial testing, incident services | |||
| Running lean | 24x7 routine/first-tier services | Significant | 24x7 SecOps support, MDR, adversarial testing, incident services | |
| Typical | Off-peak SecOps support, MDR, adversarial testing, incident services | |||
| Midsize | Well-staffed | 24x7 routine/first-tier services | Significant | 24x7 SecOps support, MDR, adversarial testing, incident services |
| Typical | Off-peak SecOps support, MDR, adversarial testing, incident services | |||
| Running lean | 24x7 full-service management | Significant | 24x7 SecOps support, MDR, adversarial testing, incident services | |
| Typical | 24x7 SecOps support, MDR, adversarial testing, incident services | |||
| Small | Well-staffed | 24x7 full-service management | Significant | 24x7 SecOps support, MDR, adversarial testing |
| Typical | 24x7 SecOps support, adversarial testing | |||
| Running lean | Turnkey/cloud IT outsourcing | Significant | 24x7 SecOps support, MDR, adversarial testing | |
| Typical | Included with MSP contract | |||
Note that organizations with “significant” security needs typically include those in high-risk markets such as financial services, health care, and manufacturing.
“MDR” here refers to managed detection and response, a critical capability ideally built upon a true XDR (extended detection and response) platform. For more insight into how to select an MDR service from an MSSP, take a look at our related blog here.
How Secureworks Can Help
If you're considering engaging an MSSP to ensure your organization's cyber safety, Secureworks can help in multiple ways, including:
- Helping you find an MSSP that delivers true XDR-based service as their managed offering
- Showing you how you can leverage your existing security investments, like a Microsoft E5 license, to get more value at less cost
- Scheduling periodic adversarial testing to keep your MSSP accountable
Click here to talk to a security expert.