QUESTION #3
Which tech stack do I want?
When it comes to tech stacks, the best approach is to focus on outcomes.
BACKGROUND
Are you flexible when it comes to your tech stack?
Debates over the best tech stack are never-ending. Technologists (and salespeople) love to engage in them. And it seems like every day a new tool or platform comes out, claiming to be better than anything else on the market.
Managed security services, however, are about buying outcomes, not tools. This means as a consumer, flexibility is important.
Recently, MSSPs have largely sorted themselves into two big approaches: automation-heavy companies or people-heavy companies. You may have already heard providers talk about “squad models” or reference a “huge library of automated responses” or claim to have “more content than anyone else.” It’s important to know which category a prospective provider falls under. There are benefits and drawbacks to each. For example, a content-heavy provider can respond to a new threat across all their clients very quickly – but the people-first approach will likely lead to increased customizations for your environment.
You also need to know which tech stack(s) your potential MSSP specializes in. For example, if your organization is a huge Splunk shop, your MSSP will need Splunk expertise. If they don’t have it, you will likely frustrate each other. Likewise, if you don’t currently have a SIEM platform or are more focused on the outcome over the tech, understanding what platforms the MSSP prefers or can provide is an important factor.
Knowing this upfront about a provider will help you avoid wasted effort and quickly narrow down your list of candidates. No one is an expert in everything – and organizations who are frequently changing directions or tactics are likely not an expert in anything. Your partner can help you know what your potential MSSP was an “expert” in last year, or the year before.
Another consideration here is integration.
Will the MSSP easily integrate into your extended workflows and environment? For example, do you need Salesforce or ServiceNow ticketing? How much work do you want the MSSP to do versus your own incident response plans? What about verification—does your organization require SOC 2 compliance or adherence to GDPR?
TIP: Compile a tools inventory. Are you flexible on your tech stack or are you committed to your existing tools? The answer will dictate your options. Remember, buying managed security services is about buying outcomes. Which means the more flexible you are, the more options you have, and that increases your chances of getting the results you want.