What is the Difference between a Managed Security Service Provider (MSSP) and Managed Service Provider (MSP)?
MSP vs MSSP
Managed Service Provider
The role of a Managed Service Provider (MSP) in the computer industry is typically a third-party IT service and support group. Depending on the skills and solutions of the MSP, they can provide infrastructure design consulting, network design, installation of network security services, continuous monitoring services, basic endpoint management, basic multi-level endpoint security software, hardware maintenance, training and support services for a business or group. Some of their duties include basic to advanced remote management of the network, devices, servers, workstations, firewall management, cloud services, operating system and application updates, patching and help desk end user services.
The typical skills required for an MSP would be workstation, server and support for the network and infrastructure including basic security endpoint management. The types of skills would come from certifications in Microsoft, Linux or MAC entities such as CompTIA A+, Network+ and similar accredited knowledge entities such as computer and engineering degrees. These are typically desktop, server, service and help desk skill sets.
Managed Security Service Provider
The role of a Managed Security Service Provider (MSSP) may include all, part or none of the roles of a MSP with a focus on design, implementation, defense, detection, resolution, and remuneration. Some MSSPs provide their security expertise and enhanced services alongside those of existing IT inhouse support or partner their services to MSPs for the MSP’s client base.
The basic skills for an MSSP would include those for an MSP, as well as programming in various languages, cybersecurity threat assessment, security knowledge and experience, cloud security, network security, certifications covering the range of Security+ certification, System Analyst experience, and penetration testing through CISSP level industry certifications.
Many of the MSSP’s have Security Operation Centers (SOC), which is a certification indicating a secure infrastructure. A SOC is usually cloud based, which means the SOC can manage, control and resolve the attacks on client’s infrastructure. A SOC may provide security experts to perform the advanced cybersecurity services required to support MSP’s or clients with lesser security resources.
Please see: https://en.wikipedia.org/wiki/Managed_security_service
Services Provided by an MSSP
Manage Firewall
The process of managing the security of a firewall is to ensure the configuration is secure, the firmware updates are maintained, the firewall logs are monitored, the firewall’s performance and reliability are maintained, the users are managed and the VPNs are supported.
Intrusion Detection
Intrusion detection determines if there is a security attack and stops it so it does not reach your infrastructure. The configuration and support of Intrusion detection should be on the firewall, a Unified Threat Management solution (UTM) appliance, a separate security appliance or as a cloud service. The MSSP would monitor and manage this process.
Security Vulnerability Scanning
Security vulnerability scanning is conducted internally or externally to determine what vulnerabilities and threats exist in an infrastructure, device, network, website or target vector. Typically, a vulnerability scanner can conduct many different security scans on software issues, user accounts and permissions, LAN configurations, website vulnerabilities, firewall access, device conditions, security configurations, cloud infrastructure, network access points, and more. The security scans provide details of known industry vulnerabilities. These results are then used to formulate levels of risk which becomes part of either a periodic security risk audit or continuous monitoring warning system. The benefit of vulnerability scanning is to be proactive in managing security risk or detecting an actual failure of your security protection.
Security Updates
Updates for software are provided by the software vendors to either fix or improve the security risk or function of the programs that reside on your devices. Updates can be manual or automatic and are not always successful for a myriad of reasons. In the case of security updates, it is more important these updates are successful. For example, if a printer has a new feature and the non-security update fails there is no risk involved. If the same printer has a security update that would result in anyone on the
On-site Security Consulting
Security professionals often provide on-site security consulting. Managed security services could be in the form of a meeting with management, IT support and stakeholders and sometimes with staff. The reasons for doing this include to address security “policies and procedures”, evaluate risk assessments, on-site threat mitigation or remediation, physical infrastructure vulnerability determination, staff cybersecurity training and periodic security auditing. An excellent use of on-site consulting would be time to do planning for the continuous improvement of an organization's overall cybersecurity hygiene.
IT Security Auditing
An IT Security Audit, according to NIST Special Publication 800-82, at B-7 provides the following:
(An) “independent review and examination of a system's records and activities to determine the adequacy of system controls, ensure compliance with established security policy and procedures, detect breaches in security services, and recommend any changes that are indicated for countermeasures.”
The typical IT Security audit conducted by a Managed Services Provider can range from highly effective to an inventory and basic security automatic software audit. This later is a clever marketing approach to take over a potential opportunity to replace an organization’s existing MSP.
The overall concept of an IT Security Audit is to find security vulnerabilities and threats in an organization’s infrastructure, not to audit your MSP. There is no guarantee that the new MSP will be better at security than your existing MSP. MSPs in general are focused on your computers, security is an additional expertise and skill set. Having said that, there are some MSP’s that may have employees that are capable of some of the MSSP services such as Penetration Testing but as an MSP, security is not their primary business.
The process of providing a proper security audit includes not only vulnerability scanning, but emulating a cybersecurity attack, providing penetration testing, WiFi scanning, Cloud configuration, backup and restoring proof of testing, encryption management auditing, looking at policies and procedures, determining staff basic security knowledge, assessing industry and government compliance, using the same tools that hackers use, determining physical security threats to the infrastructure, including management involvement, creating work orders for security vulnerabilities or providing remuneration, analyzing the financial risk with the stakeholders or decision makers, and planning re-occurring security audits, backup and recovery planning, incident response planning and business continuity planning.
Managed Security Services for Mid-Sized and Smaller Businesses
Small businesses do not have the resources, finances or knowledge as do mid-sized companies. Therefore, the types of managed security services are typically limited except in certain industries that have a higher risk such as high capitalized financial groups, healthcare providers, CPA firms, smaller legal and insurance firms.
Why Do I Need a Service Provider for Managed Security Services?
What Should I Look for in Providers of Managed Security Services?
To start out, a managed security service provider should suggest yearly planning and waysto save money and improve efficiency on technology that will help your company grow? Make sure your managed services provider is looking out for your interests as a trusted partner.
In the case of an MSSP, are they willing to collaborate with your existing IT support as a team? Do they seek to customize your managed security solutions based on your needs rather than a package of managed security services they already sell?
The process for engagement of security vendors and managed security services usually is to first like the service provider, then trust the person or organization. After those conditions you will need to know the managed security services provider can do the job.
Recommendations, discussion of previous engagements and an initial security assessment are initial indications that the provider can do the job. The experience and skills of a security professional are sometimes more important than the certifications or degrees. Proof of doing the work so that it has benefited other companies like yours would be a start of a managed security provider relationship.
Frequently Asked Questions
What's the difference between MSP and MSSP?
MSP stands for a managed service provider, while MSSP stands for a managed security service provider. An MSP provides a range of IT services and support to its clients, such as managing and maintaining computer networks and systems, providing technical support, and ensuring that a company’s IT infrastructure is working efficiently. This can include services such as hosting and cloud services, data backup, and recovery, endpoint management, and help desk support. Both MSP and MSSP are considered 3rd party services.
On the other hand, an MSSP specializes in providing security-related services, such as monitoring and managing a company’s network security, implementing security solutions and technologies, and helping to prevent and respond to cyber-attacks. This can include services such as intrusion detection and prevention, threat intelligence, and compliance management.
Some MSSPs may offer MSP-like services in addition to their core security services or may partner with MSPs to provide a more comprehensive suite of IT services to their clients. However, not all MSSPs offer MSP services, and not all MSPs offer security services, so it is important to clarify exactly what services are being provided when working with either type of provider.
What is the difference between an MSP and MDR?
MSSP and MDR are two terms that are often used in the field of cybersecurity. MSSP stands for Managed Security Service Provider and refers to a company that provides a range of security services to organizations, including monitoring, threat detection and response, and security management. An MSSP typically monitors an organization’s network and systems for security threats and takes action to prevent or respond to any potential threats that are detected.
MDR, on the other hand, stands for Managed Detection and Response and refers to a specific type of service offered by an MSSP. MDR involves the use of advanced technologies and tools to detect and respond to security threats in real-time. This service typically includes continuous monitoring, threat hunting, and incident response, and is designed to help organizations quickly identify and respond to potential security breaches and other security incidents.
In summary, MSSP is a broader term that encompasses a range of security services, while MDR is a specific type of service offered by an MSSP that focuses on the detection and response to security threats in real-time.
IS AWS an MSSP?
Amazon Web Services (AWS) is not a managed security service provider (MSSP). AWS is a cloud computing platform that provides a range of services, including computing, storage, networking, database, analytics, machine learning, and more. While AWS does offer some security-related services, such as encryption and access controls, it is not primarily focused on providing managed security services as an MSSP would.
Instead, AWS provides its customers with the infrastructure and tools they need to build and operate their security solutions. This allows customers to have full control over their security posture and to tailor their security strategy to their specific needs and requirements. AWS partners with a variety of security solution providers, including MSSPs, to help customers integrate and deploy security solutions on the AWS platform.
What are the three IT Service Providers types?
- Managed service providers (MSPs): MSPs provide a range of IT services and support to their clients, such as managing and maintaining computer networks and systems, providing technical support, and ensuring that a company’s IT infrastructure is working efficiently. MSPs often offer services on a subscription or pay-per-use basis and may provide services remotely or on-site.
- Managed security service providers (MSSPs): MSSPs specialize in providing security-related services, such as monitoring and managing a company’s network security, implementing security solutions and technologies like advanced endpoint management such as XDR including remediation of incidents, and helping to prevent and respond to cyber cyber-attacks may offer services such as intrusion detection and prevention, threat intelligence, and compliance management.
- Cloud service providers: Cloud service providers offer a range of services, such as computing, storage, networking, and software, over the internet. This allows organizations to access and use these services on a pay-per-use basis, without having to invest in and maintain their physical infrastructure. Cloud service providers can include public cloud providers, such as Amazon Web Services (AWS) and Microsoft Azure, Google Cloud as well as private and hybrid cloud providers.
Why do companies use managed services?
Companies use 3rd party managed IT services for a variety of reasons, including to improve the efficiency and effectiveness of their IT operations, to reduce costs and risks, and to free up internal resources to focus on their core business. Some specific benefits of using managed services include:
- Expertise and experience: Managed service providers (MSPs) typically have specialized expertise and experience in the IT services they offer, and can provide a level of knowledge and skill that may be difficult or costly for a company to obtain on its own.
- Proactive support and maintenance: MSPs can provide proactive support and maintenance for a company’s IT infrastructure, which can help to prevent problems and ensure that systems are running smoothly. This can reduce downtime and improve productivity.
- Scalability and flexibility: MSPs can provide scalable and flexible services that can be easily adjusted to meet a company’s changing needs and requirements. This can allow a company to quickly and easily add or remove services as needed, without having to invest in and maintain its infrastructure.
- Cost savings: Using managed services can help a company to save money by reducing the need for in-house IT staff and infrastructure, and by enabling the company to pay for only the services it needs on a pay-per-use basis.
- Improved security: MSPs can provide advanced security solutions and expertise that can help to protect a company’s network and data from threats such as cyber-attacks. This can reduce the risk of data breaches and other security incidents.
Overall, using managed services can provide a range of benefits to companies, including improved efficiency, cost savings, and enhanced security.
How does a service provider work?
What are managed security services in cyber security?
Managed security services in cyber security refer to the practice of outsourcing the management and maintenance of a company’s network and data security to a specialized service provider. Managed security service providers (MSSPs) offer a range of security-related services, such as monitoring and managing a company’s network security, implementing security solutions and technologies, and helping to prevent and respond to cyber-attacks.
MSSPs can provide a range of services, such as intrusion detection and prevention, threat intelligence, and compliance management. These services can help to protect a company’s network and data from a wide range of cyber threats, such as viruses, malware, and unauthorized access. By outsourcing these security-related tasks to an MSSP, a company can benefit from the MSSP’s expertise and experience in security and can free up its internal resources to focus on its core business.
What are the 7 categories of MSP managed services?
The specific categories of managed services provided by MSPs can vary depending on the MSP and the needs and requirements of their clients. However, some possible categories of managed services that an MSP may offer include:
- Infrastructure management: Services that help to manage and maintain a company’s IT infrastructure, such as managing and maintaining computer networks and systems, implementing security solutions and technologies, and ensuring that a company’s IT infrastructure is working efficiently.
- Hosting and cloud services: Services such as virtual private servers, web hosting, and cloud storage, can help a company host its applications and data in the cloud, and can provide scalable and flexible solutions.
- Data backup and recovery: Services such as backup and disaster recovery, data migration, and data archiving, can help a company to protect its data from loss or damage and can ensure that the company can quickly and easily recover its data in the event of a disaster or other issue.
- Help desk support: Services such as technical support, troubleshooting, and problem resolution, which can help a company to provide timely and effective support to its users, and can help to resolve any issues or problems that arise with the company’s IT systems.
- Network management: Services that help to manage and maintain a company’s network, such as monitoring network performance, implementing network security solutions, and providing support for network-related issues.
- Security management: Services that help to protect a company’s network and data from security threats, such as viruses, malware, and unauthorized access. These services can include intrusion detection and prevention, threat intelligence, and compliance management.
- Cloud management: Services that help a company to manage and maintain its cloud-based applications and services, such as provisioning and scaling resources, monitoring performance, and providing support for cloud-related issues.
What are the typical services offered by a Managed Services Provider (MSP)?
The typical services offered by an MSP can be categorized as follows:
- Monitoring: This service involves the use of real-time monitoring software to monitor different applications, network devices, endpoint management, servers, or websites.
- Remote support: This service involves the use of cloud-based software to support remote devices and remotely troubleshoot technical issues.
- Proactive support: This service involves the use of preventative maintenance to stay ahead of any potential device or network issues that may arise.
- Centralized management: This service involves the use of a management console to manage complex networks, remote monitoring, patch management, and security software.
- Scheduled maintenance: This service involves the offering of regularly scheduled network maintenance to organizations.
- Basic security: This service involves the implementation of basic security measures to protect an organization’s IT infrastructure from security threats and vulnerabilities.
- Simplified billing: This service involves the handling of invoicing, payments, and budgeting through a billing management system.
- Trusted on-call technical personnel: This service involves providing organizations with access to trusted technical personnel who can be called upon to assist with technical issues.
A good reference on the web: What is a Managed Service Provider (MSP)? (techtarget.com)