Customers use the Verodin Security Instrumentation Platform (SIP) all the time to validate their security tools in order to manage, measure, and improve security effectiveness, but another trend has been picking up momentum over the last year. That trend is customers using Verodin SIP to validate their SLAs with their MSSPs. Anton Chuvakin and Augusto Barros touch on this topic in a Gartner report they recently co-authored.
Just as you want to ensure that your security tools are optimized and providing value, you want to be able to measure the effectiveness of your MSSP. Why would anyone outsource part of their security to an MSSP without being able to measure and help improve its effectiveness? I mean, it’s your security after all.
Just like no security tool will be perfect, no MSSP will be perfect. SIP isn’t there to highlight all the problems that you might discover with your MSSP, such as attacks not being blocked, detected, or alerted on. It’s there to help improve security effectiveness and close any gaps that might exist between you and your MSSP (e.g., problems with security configurations, logging, alerting, visibility, NTP, parsing, etc.).
Verodin SIP provides you with a platform to safely execute real attacks in your production environment. By doing so, you’re able to measure and improve the effectiveness of your security tools by validating their efficacy and prescriptively outlining how to remedy issues.
From a managed security perspective, this also helps you to ensure that your devices are configured correctly for incident prevention, detection, and response, and that your MSSP has the right level of visibility into those security tools. SIP also helps ensure that if your MSSP was getting the correct events and alerts, that it continues to do so at all times. And should it stop, you’ll be alerted to the issue.
Beyond the technical validation of your MSSP, Verodin SIP can act as a sanity check to truly understand the service that the MSSP is providing. To give you an example, we’ve even seen scenarios where customers who had assumed their MSSP was providing preventative controls later discover that they were merely providing monitoring. This is why it is so important to leverage SIP to not just validate your security tool and your MSSP for technical effectiveness, but also to validate the SLA so that the services your MSSP provides aren’t based on assumptions.