Tips to choose a trusted MSSP platform

  • The service provider can have a single console across customers
  • Each customer can have individual console access being able to search, analyze, correlate, visualize and report on only their data
  • The MSSPs can have billing set-up for individual customers
  • Each customer can apply custom rules, dashboards and reports
  • The MSSPs can sync common rules, reports and dashboards across customers

Security Orchestration, Automation and Response Framework

With the ever-evolving and polymorphous nature of threats, MSSPs should look at a platform that helps them swiftly detect and respond to attacks. Identifying a threat is half of the job of an MSSP, responding to the threat, remediation forms another important part of the services to be delivered. Thus the platform with the ability to provide enrichment, validation, and response features suits the MSSPs best.

Enrichment and adding organization relevant context

The platform should also provide an open framework for MSSPs to integrate with a variety of commercials and custom TI feeds. This ability allows MSSPs to add organization relevant context to the events/logs ingested. This makes it easier for the analysts to connect the dots and make them well equipped to make decisions.This avoids all the manual searching and analysis that an analyst may have to do otherwise. Relevant data enrichment becomes key here.

Validation

The platform shall be able to augment its capabilities by easily integrating with third party applications and solutions. While proactively hunting for threats it’s imperative that you need to check/validate with an external database or feeds. The platform shall allow integration capabilities with such feeds or providers to validate before taking remediation actions.

Response

Traditional systems would stop short of this stage where they would raise an incident or a ticket on the handlers screen and would let the handler validate and respond to the threat manually. This was time consuming and would give the attacker a lead time within the system.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
DNIF

DNIF

22 Followers

The “Open” Big Data Analytics platform that offers solutions to the world’s most challenging cyber security problems with real-time data analytics.