What can I do to ensure my managed security service is right the first time? While not as exciting as conversations around threat models, advanced analytics or machine learning, acquisition of the right data into a service and the flow of actionable data back to the client is far more important to a successful operation. Get the transition and onboarding right, and everything falls into place more easily. Getting it right the first time Taking the time to understand and explain the expectations of the first few weeks or months of an MSS delivery is a joint responsibility. Before signing the contract you should be clear on the deliverables, not only of the operation of the service, but also the on-boarding process. What support do you need in mapping the network, people and processes? www.baesystems.com/cyberreveal Do you understand the data fields required and how they map to data sources and how detection content is related to the threats you face? Are you confident that filling in a few forms will get you what you need? Being able to answer such questions will make the difference between having a long and protracted journey to full service value and getting it right the first time. Technology that detects. People that defend. Six considerations before signing up to an MSS contract The following factors all relate to how much effort and preparation you have to do before the service starts. Understanding your ‘MSS readiness’ and how willing and capable your chosen MSSP is when it comes to collaboration is extremely important. The better the preparation, the easier, quicker and less expensive the transition will be. You may end up paying more in the long run for cutting corners in onboarding. and “low risk deployment” should be treated with suspicion as they will prove to be increasingly ineffective the further from average your organization is. Expect a detailed plan with roles and responsibilities and timelines before you sign the contract. Understand what information you need to deliver to the MSSP A smooth transition starts Explore the detail of with information transfer. the onboarding Understanding the business process and have a risk to assets is critical. A healthy suspicion of basic list of security devices and a network diagram lacks sales messages the context for an MSSP to effectively investigate The rare occasion where a customer achieves ‘plug and incidents. Intelligence of both your organization and play’ perfection is the exception, and typically not the threats faced will drive detection content and data the rule, especially for first capture methods. Investing time MSS users. Service time in discovery and offerings that contain preparation in this area is phrases like “standard key. Aspects such as services”, “proven implementation templates”, collaborative mapping www.baesystems.com/cyberreveal of data sources to threat detection content, performance monitoring visibility and service tuning accelerates the elimination of false positive alerts and prioritization of true positive alerts. Explore any technology deployment plan and how much resource you will need to commit How easy is the deployment of the technical aspect of the service? Unless MSSP sensors are deployed and able to capture logs, flows, and packets, you don’t yet have a monitoring capability. What is the deployment and testing process? How much resource responsibility will you bear and how can you document that the service is working and stays working over time?