If your organization has decided to pursue managed security services, the next important decision quickly rises to the surface: Should you go with a service that uses off-the-shelf technology or a proprietary solution?
Since the specialized technology a managed security services provider (MSSP) uses is core to protecting your data, the answer is customer-specific and can only be answered by you. However, there are several benefits of each model you can consider to help you arrive at an answer and move forward.
The all-in-one nature of the proprietary solution is simpler than building a portfolio of separate technology components. This creates a repeatable model, even allowing the set of services to be pre-configured. This simplification also facilitates a standard set of policies and procedures since there is one path to achieving results that are easily replicated.
An MSSP with a proprietary security deployment will be very familiar with deploying and configuring their particular solution to a wide range of different environments. This familiarity and simplified and repeatable model can translate to a faster time to set up security infrastructure on a client network.
If an MSSP has a proprietary security infrastructure, they are very familiar with it and likely have adapted and configured it to fit their workflow. Using the technology that your MSSP is most familiar with may bring benefits in the effectiveness and efficiency of their operations.
Because the MSSP is also the technology provider, the outfit has less overhead and may pass the savings to you by offering deeper discounts to win your business. If cost is the main factor in your decision, a proprietary offering must be considered.
Security technology companies are highly competitive and constantly adding capabilities to existing products or introducing new solutions. An MSSP that uses commercially available software can assess and select from a wide array of products, then put together a portfolio of best-in-class technology to make up their offering.
If you’ve already invested in or want to add security tools, going with an MSSP that uses the same technology means there is no need to replace an existing investment in your organization’s cybersecurity.
Just as the attack surface is constantly changing, technology is ever-evolving to address these demands. New capabilities are released on a regular basis. Agnostic technology companies focusing on one aspect of cybersecurity can address trends and add capabilities more quickly. In fact, it’s crucial to do so in order to stay competitive and relevant in their space.
The MSSP utilizing this technology is a direct benefactor: If a different product leaps ahead of an existing solution in their stack, the MSSP can reassess and adopt the new technology.
One aspect of proprietary security technology is that it creates vendor lock-in. In this case, moving to a new MSSP requires purchasing and deploying an entirely new security infrastructure, which can be cost-prohibitive. Choosing MSSP-agnostic technology allows an organization to switch MSSPs when needed.
Community Involvement and Training Availability
If you are a customer who prefers to be more hands-on, going with an MSSP that uses widely available technology means you’ll have more opportunities to interact with user groups and communities for collaboration. It also means you’ll have avenues to receive training or at least familiarize yourself with a certain aspect of services. From blog articles and how-to videos to structured courses, locating resources is easier.
The choice between MSSP-agnostic and proprietary technology in an organization’s security infrastructure depends on your unique situation. An organization that wants more control and flexibility in its security deployment may favor MSSP-agnostic technology, while organizations wanting a more hands-off approach may benefit from using an MSSP with proprietary technology.