GUEST ESSAY: Here’s why managed security services — MSS and MSSP — are catching on

By Morten Kjaersgaard

The unification revolution of cybersecurity solutions has started – and managed security service providers are leading the way. Managed security services (MSS) refer to a service model that enable the monitoring and managing of security technologies, systems, or even software-as-a-service (SaaS) products. Here’s more on the various types and benefits of MSS, as well as the state of the MSS(P) market in 2022!

Related: Reviving ‘observability’ to secure complex networks

Fully-managed vs. co-managed

The current unification in the cybersecurity market is driving a massive movement towards fewer vendors, which at the same time means more polarization of either using MSS/MSSP or doing the security work internally.

In terms of Managed Security Services, they can be fully-managed or co-managed. In the case of fully-managed security services, the provider of security services owns the security technologies and maintains and monitors the incidents gathered by these tools and technologies. Fully-managed security services represent, of course, a particularly good bet for budget-conscious companies or for those who lack the internal capabilities to study and handle a wide range of technologies

Co-managed security services best suit those companies that capitalize a variety of security systems but lack the internal security personnel needed to monitor these solutions 24 hours a day, seven days per week. Managed security services providers (MSSP) can help their customers learn more about the capabilities and functioning of each tool, as well as set up the appropriate configuration, allowing their employees to focus on more strategic security objectives.

Tipping the scale favorably

Whether you prioritize cybersecurity or not, cybercriminals will always prioritize (their own) profit, as the attacks described in our 2021 Threat Report prove. Under these circumstances, it’s crucial to understand that MSS can truly help you tip the scales in your favor. Here’s why:

•Managed security services provide round-the-clock monitoring 24 hours a day, seven days a week, and 365 days a year. A significant advantage, because handling business security in-house without the assistance of an outsourced partner naturally necessitates a significant investment in personnel and technology.

•Cyber attacks are increasing at an alarming rate, and cybercriminals are devising new tactics to achieve their unscrupulous goals nearly on a daily basis. Keeping up with new risks, resolving them as soon as they occur, and recovering from incidents identified too late may, as you can certainly imagine, take up valuable resources and cause businesses to lose time, money, and the trust of their clients/partners. Opting for an MSS helps you with all these aspects.

•They ensure increased security maturity and management. MSSPs can help companies quickly implement a robust cybersecurity solution, and also provide them with expert security management without the need to pay for the necessary skills in-house.

•Another significant advantage is compliance support. As new data protection legislation (such as the GDPR and the CCPA) joins current laws, the regulatory environment becomes increasingly complex (like HIPAA and PCI DSS). An MSSP can assist with data collection and report generation to establish compliance during audits or in the aftermath of a possible incident.

But, you may be wondering, what about the hazards of outsourcing cybersecurity? It’s worth noting that there are a few:

•Cybersecurity breaches may originate from the vendor, putting the host company’s information at risk. The greater the reliance, the more likely such a breach will take place.

•Third-party providers may have more access to host company data, leading to greater harm in the case of cyberattacks.

•There may be a lack of understanding of the organization’s particular needs and culture, which could have a significant impact on risk tolerance, security protocols, and user security requirements.

•MSSPs may employ a general security framework, with insufficient flexibility to meet all of the company’s specific demands.

While the benefits of using an MSSP are far more valuable overall (assuming you choose a trustworthy cybersecurity provider), companies might still choose to drop it at a later point – in this case, developing an in-house solution is usually the only other option.

MSSPs in 2022

What happens on the market? Well, as MSSP Alert notes, “In the Americas, the MSSP and PSSP market will reach $18.81 billion by 2024, up from $12.01 billion in 2020.”

Some of the main drivers of this accelerated growth include:

•Advanced threats and risk tolerance. Service providers need to emphasize the effects of advanced persistent threats (APTs) by showing companies their exposure to financial, intellectual property, and confidential information losses […].

•Digital Transformation. MSS/PSS providers must take advantage of digital transformation initiatives by observing clients’ current situations and being trusted advisors through consulting and value-added services to help them embrace digitalization […].

•IoT. Enterprises that embrace IoT technologies to enhance end-user and employee experiences are likely to turn to MSS providers for quick and effective security […].


Other factors that I could add here are the increasing security breaches and sophisticated cyberattacks across organizations, and the new normal brought about by the pandemic and the #WorkFromHome / #WorkFromAnywhere models.  With staff working from all over the world and many of them using their own devices, it’s evident that having a dedicated, experienced team monitoring the cybersecurity aspects for you is critical.

Nonetheless, despite all of the benefits that MSSP provide, the market faces significant challenges:

Customers may be hesitant to incorporate new and unfamiliar solutions into their technological stack, and they may be worried that new technologies would complicate their procedures or user experience.

Similarly, clients may be hesitant to migrate from conventional data protection solutions to cloud-based alternatives that capitalize on the cloud’s advantages.

Last but not least, there are also concerns about rising cybersecurity costs.

Moving forward, the MSSP market should unquestionably prioritize providing a wide range of services (SIEM, MDR, XDR) in a unified, intuitive platform, as well as enhancing dedicated SOCS with all of the necessary technology and human knowledge necessary to monitor and respond to threats 24 hours a day, seven days a week. Having robust SOCs in multiple time zones and geographies improves service delivery resiliency and will soon become a benchmark of superior cybersecurity.

Choosing a provider

Since the MSSP market is rapidly expanding, it may be tough to select the one that best meets your company’s requirements. Here’s what you should be critical about before making a decision:

•Technical capabilities. A good MSSP must have a view of your logs, determining what should be gathered first against what can be collected later. They must be able to pinpoint how they enhance your infrastructure by leveraging Big Data Analysis, Anomaly Detection, and Threat Analysis.

•Onboarding and operational capacity. The MSSP must find the time to correctly put in place your points of contact with their firm, understand your requirements, and explain the mechanisms in place in the event of an alert. A good onboarding procedure employs methodical procedures and precise implementation guidelines.

•Detection, alerts, response. You must be aware of your most valuable assets and high business impact devices and choose a technology that allows you to implement use-cases modeled around them. It’s crucial that critical conditions generate notifications; the alert rules must be adapted to your environment and needs. They must also be classified based on their severity level, and non-critical occurrences should be omitted from notice but nevertheless analyzed.

Before considering MSSPs, IT and security teams should carefully assess which services will be outsourced, then establish the budget and protocols needed for the collaboration with the management. Once your organization has defined its MSSP requirements, explore viable prospects and create a shortlist of providers. Meeting with these suppliers and reviewing client references may be the last step in determining which MSSP is suitable for your organizational requirements.

By utilizing a structured mix of network and endpoint monitoring, behavioral analysis, Machine Learning tools, and threat intelligence, Heimdal’s XDR/SOC acts as a central hub for security intelligence, gathering and dynamically comparing input from multiple sources (endpoints, networks, cloud workloads) to detect threats faster and ramp up response times.

Our XDR solution comprises some of our most critical modules (Threat PreventionPatch and Asset ManagementNext-Gen AntivirusRansomware Encryption ProtectionPrivileged Access ManagementApplication Control), which work together to provide a seamless experience and are available through a unified, intuitive, dashboard, and it can also be used by Heimdal resellers and distributors for their clients.

Large scale enterprises have a strong preference – for obvious reasons – for running XDR / SOC internally and can use the Heimdal suite as their product to do so, but smaller companies increasingly outsource too, where the MSSP then uses a single suite for service.

The choice is yours as a customer, but there are vast opportunities to capitalize on by leveraging one platform, hence giving yourself more time to work with, instead of wasting time correlating data and actions between platforms.

Managed Security Services (MSS) provide a competitive edge to any company that chooses them, regardless of size. Because of the security expertise and extra staffing they transfer, they drive not only cybersecurity but also productivity and profit, especially in the case of unified solutions that can replace multiple vendors.

I’m certain that many enterprises will turn to MSSPs for swift deployment timelines and greater time-to-value on security expenditure, so the MSSP industry will surely expand continuously in the following years, helping customers stay ahead of cybercriminals and focus on what’s really important for their business.

About the essayist: Morten Kjaersgaard is CEO of Heimdal Security

Editor’s note:  This article originally appeared on Heimdal Security’s blog and is reprinted here with their permission.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone