5 Ways to Modernize Your MSSP Security Monitoring Program

MSSPs are helping their customers deal with a fast-paced and ever-evolving threat landscape. It is critical, now more than ever, to evaluate new monitoring tools that produce more actionable data and alerts to help unearth and combat these modern threats more efficiently.   

I recently read an article titled  “4 Technologies SMBs Can Use to Modernize IT Security” written by Vology, a Service Provider based in Florida. This got me thinking about what Service Providers should consider when modernizing their network security monitoring offerings. In a former life, I worked with MSPs in the infrastructure performance monitoring space. Many features that were important for advancing an MSP’s performance monitoring program (like multitenancy) are equally important, if not more important, for advancing an MSSP’s network security monitoring program.  

When evaluating network monitoring solutions, efficiency and flexibility are certainly key themes. Here are 5 things an MSSP should consider when evaluating a network security monitoring platform:

1 – Does the solution have Multitenancy with Role-Based Access Controls?  

If you are monitoring more than one customer, you should not have to spend time logging into multiple instances to manage and monitor your customers. And while this is a huge time and resources savings benefit to you, this reduces the cost to do business, which you can then pass on to your customers.

2 – Is there an ability to deploy quickly without waiting for an appliance to ship?

There are some cases when appliances make sense. The issue arises when you have a security incident in an area not currently being monitored, because in these cases, waiting for an appliance to ship before you can investigate the incident is not ideal.

3 – Is there flexibility to make sure you can monitor your customers’ data wherever needed?  

A customer’s data typically lives in more than one place.  It could reside in their internal network, datacenter, AWS, Azure, Google Cloud or a combination of all of them. Your selected monitoring platform should have the flexibility to monitor on premises, in the public cloud or a combination of both at the same time.  

4 – Can data be extended to other critical systems?  

The head of Tech-Ops at a software company once told me that he would only evaluate software that had great APIs that were well documented. Now, more than ever, it’s critical that you have the ability to share information via a good API between your monitoring platform and other parts of your security ecosystem such as SIEM tools, ticketing, orchestration, etc.

5 – Does the solution incorporate Artificial Intelligence that takes into account the context of a network and not static training data?  

As we all know, there are a lot of companies claiming to integrate AI into their product — and most of those products are rule-based ML products that don’t move the needle on making your monitoring more efficient.

In order to increase efficiency across engineers working with network security monitoring, a monitoring platform’s baseline and alerting should be dynamic, based on AI that can analyze the historical context and predict the behavior of a network. This predictive approach has the ability to reduce the volume of false positive alerts inherent with stagnant training data or static rules and thresholds.   

Artificial Intelligence (AI) will reduce the noise and false positive alerts typically associated with legacy monitoring solutions. Humans are very good at deciphering visual representations of data such as dashboards. Humans are not very good at sifting through thousands of alerts. A monitoring platform should enable an MSSP to deploy quickly, monitor their customers efficiently, and scale easily.

Ryan Merrill is MixMode’s Director of Strategic Partnerships.

Learn more about MixMode’s approach to context-aware AI and how it dynamically establishes baselines of your network environment, identifies threats and sends immediate alerts, and helps prevent attacks on critical data systems.