Anthony (Tony) Sabaj is currently the Head of Channel Security Engineering for the Americas at Check Point, with over 25 years of experience in the Cyber/Information/Network security. Tony has been at Check Point since 2002 in a variety of sales and technical roles. Prior to joining Check Point, Tony was a Senior Product Manager at Telenisus, a startup MSSP/VAR in Chicago. In 2001, the MSSP business of Telenisus was sold to Verisign to start their MSSP business and the VAR business was sold to Forsythe to start their security practice. Tony joined Forsythe shortly after that acquisition as a Security Consultant and Certified Check Point trainer. Tony started his career with Arthur Andersen/Andersen Consulting, building their worldwide IP network, designing the security controls for the firm and helping to build their external security consulting practice.

In this interview, Tony Sabaj discusses the adoption of Managed Security Service Providers (MSSPs). From selecting an MSSP provider, to the opportunities and challenges that come with relying on MSSPs, this interview provides in-depth cyber security insights.

These days, what types of organizations are newly seeking out managed security service providers (MSSPs)?

Organization are taking advantage of MSSP for a variety of reasons, including economies of scale, access to experts and tools that are otherwise out of reach for many organizations.  With the rise of As-a-Service offerings, especially cloud consumption, MSSPs can more easily accommodate fluctuating demand that most organizations cannot economically accommodate. An MSSP can allow an organization to consume services and solutions on an as-needed or pay as to go basis, alleviating the need for the organization to build capacity for their peaks and allowing them to consume what services are needed based on demand at any point in time.

Broadly speaking, what should organizations look for in MSSP offerings?

The first thing organizations should look for is to make sure they are working with an MSSP and not an MSP (Managed Service Provider). The basic difference is that an MSP will manage devices or applications for uptime, health, and directed move/add/changes. Whereas an MSSP is providing the security expertise As-a-service, creating security policy, security monitoring and response to security incidents. Secondly, organizations should look for expertise in their specific field/vertical. There are security controls that are universal for almost all organizations, but —especially when it comes to compliance and governance— the security controls differ based on industry. Make sure that an MSSP is taking into account regulations or frameworks that an organization needs to adhere to, including ISO 27001, HIPAA, PCI, GDPR, and NERC, just to name a few.

Where can MSSPs assist organizations in saving on security costs?

MSSPs have the ability to be more efficient with the utilization of resources; human resources, technology resources and processes are delivered and utilized with efficiency that is unmatched by most organizations. Because an MSSP delivers As-a-service, there are fewer upfront costs for an organization, freeing up capital to be invested in other areas of the organization.

How can managed security relieve the strain on IT resources?

Seventy-six percent of organizations report a cyber security skills gap. Obviously, there is a shortage of qualified cyber security professionals. MSSPs can bridge that gap by providing an in-demand skill set at an economy of scale that is difficult for most organizations to match.

Also, utilizing the right MSSP can allow an organization to focus their resources on the products and services of that particular organization. Further, since most security incidents require quick and agile response, an MSSP will have the capacity on-hand to adequately respond, in collaboration with a group of experts, something that most businesses cannot otherwise afford.

Is working with an MSSP always a magic bullet type of solution?

It is never a magic bullet for any organization. Utilizing an MSSP has many advantages, but also comes with challenges.

Opportunities?

Besides the aforementioned benefits, an MSSP will have broader knowledge of the cyber security space, access to the latest security tools, and will understand unknown security concerns, at least in relation to the client. Working with an MSSP allows an organization to pivot or migrate to other solutions faster than they would be able to in-house. Organizations that purchased, implemented, and trained staff with particular controls that no longer suit their needs are pretty much required to start over, to maintain multiple systems and to incur the upfront costs of a newer solution. By utilizing an MSSP, an organization can choose different solutions offerings from the MSSP or even switch MSSPs more quickly and more cost-efficiently.

Challenges?

In most cases, utilizing an MSSP does not transfer liability. The organization still needs to be vigilant and abreast of the cyber security posture of their organization. Ultimately, the organization is responsible for ensuring adequate protections are in place. With the recently passed U.S.-based legislation concerning reporting of material cybersecurity incidents, the responsibility lies with the organization to comply with governmental regulations, regardless of their usage of an MSSP.

Lastly, organizations need to inspect and ensure that a given MSSP offers clear reporting and metrics in relation to the services that they are providing.