What are your current internal security monitoring and response processes, and how will the
processes be changed by the addition of the new management platform and managed security
The reporting challenge is not trivial, but don't lose sight of the bigger picture -- your customer is installing software and subscribing to you, an MSSP in order to improve their security posture. The key question, therefore, is how can you help your customer create new analysis and response processes in order to leverage their investment? The creation of a consolidated, analyzed data set that may indicate a network threat condition is worthless if your customer is not organized to effectively use the data and respond to the threat.
Subscribing to an MSSP should not be considered "outsourced security." They need to recognize that they are outsourcing the mundane and time consuming process of analyzing large volumes of data. Once you notify your customer that you have found the needle in the haystack and that they may have a problem, the responsibility is theirs to respond to. But to be a good MSSP, you want to make sure that your customer's network is safe. Guarantee that by helping them come up with a response plan.
This was first published in July 2008