In my previous article, I discussed some of the reasons why organizations decide to partner with Managed Service Providers (MSPs). However, organizations should be careful when deciding to work with a specific vendor, as not all MSPs are created the same. Part of the reason is that MSPs come in four varieties.
Let’s discuss these types below.
Type 1: Managed Service Providers
Standard MSPs are responsible for managing a client’s information technology (IT), including its infrastructure and staff. To this end, MSPs provide services covering customer systems and network infrastructure, applications and security requirements. They specifically provide ongoing monitoring, maintenance, administration and support.
However, PSMs are not required to provide these services in a certain way. This is because an MSP can provide both remote and on-site resources. They can also host the infrastructure and assets in their data center, a third-party data center, or with a public cloud provider.
Type 2: Managed Security Service Providers
According to AT&T Cybersecurity, a Managed Security Service Provider (MSSP) is “an IT service provider that focuses on providing outsourced cybersecurity monitoring and management services to organizations.” This functionality distinguishes an MSSP from an MSP. The latter takes care of the maintenance of the entire IT environment of an organization, which means that most MSPs can only provide a basic level of security to customers. On the other hand, the former adopts the specialized mission of respecting the security requirements of its customers in the face of the evolving threat landscape. Many MSSPs do this by offering 24/7 network monitoring services as well as other continuous security features such as Vulnerability Management (VM) and Security Configuration Management (SCM). .
The different missions of MSPs and MSSPs do not prevent organizations from having both at the same time. In fact, the two can complement each other in the event of a security incident. Here is OSIbeyond with an example scenario:
When a security analyst employed by the MSSP detects a security threat, he creates an incident alert and develops a remediation plan. This information is then sent to the MSP, whose job is to perform remediation. In other words, the MSSP uses its cybersecurity expertise to develop a plan and the MSP executes it.
Organizations can thus use MSSPs and MSPs together to detect digital threats and resolve infrastructure issues in a timely manner. These two goals are essential for the long-term success and growth of the business.
Type 3: Co-managed IT service providers
The next type of managed service provider is a co-managed IT service provider (Co-MIT). This MSP uses an arrangement that differs from the âpureâ relationship between client management and a traditional MSP, as Tech Decisions notes. Instead of this model, Co-MITs blend customer management, MSP offerings, and internal IT teams.
The logic behind Co-MITs is that internal IT teams understand the added value of their business better than an MSP. Co-MIT agreements can then use this knowledge to agree on the goals, terms and standards of the service (s) to be offered. By leveraging in-house expertise and industry knowledge of MSPs, clients can get the best of both worlds.
Type 4: managed detection and response
Finally, there is Managed Detection and Response (MDR). This type of MSP involves services that research, identify and alert on current or incoming threats, according to deepwatch. MDR vendors typically rely on 24/7 monitoring features that include artificial intelligence and machine learning as a means of monitoring security incidents.
The MDR looks a bit like the services provided by an MSSP. The main difference is that MDR is proactive in nature, by deepwatch, while the latter helps an organization respond to security events and defend against vulnerabilities. An MSSP issues alerts when it encounters a threat, but unlike the MDR, it does not investigate them.
All MSP colors
The above explanations do not in any way explain all the advantages of each type of PSM. They also do not cover all of the ways in which these types of providers can potentially complement each other.
To learn more about these categories, download your copy of Tripwire’s Exploring Managed Cybersecurity Services: Mission Control for Security, Compliance, and Beyond eBook here.