David versus Goliath: How MSSP beats the traditional cyber security solution delivery model

No matter what kind of IT and cyber security budget you have, most likely, you, like most, are trying to close cyber security gaps with new technologies and eventually become hostages to technological development.

This feeds the “Goliaths” of the traditional solution delivery model, which is usually the following:

  • sold what you had,
  • set it up as you knew it,
  • maintain what I can, most often at the expense of manufacturer competence.

Companies are gaining “muscle”, but they do not gain the skills of real combat. Why does this happen?

First, the traditional model doesn’t take into account the passage of time. Even the process of implementing a solution in IT/CS takes from 6 to 12 months (from the stage of a commercial proposal to the actual implementation). During this time, the initial data specified in the terms of reference becomes outdated, and no one makes adjustments on the fly for various reasons.

Secondly, the traditional model operates with the standard functionality of the solution within the competence of the integrator company. Most often, this means that the customer receives a system configured to the integrator’s liking, but after using it, they find out they need something completely different.

Thirdly, the “insidiousness” of cyber security is that the introduction of another solution and even the correctness of its settings does not mean that its operation will automatically be effective. Do your IT specialists know how to get the most out of EDR, Deception, NDR, PAM, UBA, etc.? Do they know how to analyse the data from these systems for complex event analysis, investigation and response tasks? Practice shows that, as a rule, they do not. This is especially true for the Small & Medium Business segment, for which cyber security is not a priority. Attention to the quality of solution implementation, staff training, etc., can be far from ideal.

The story teaches us that for every Goliath there is a David. This is how the smartness and expediency of the MSSP (Managed Security Service Provider) model was revealed, making it a managed service that allows you to rent cyber security solutions or even an entire Security Operations Center and to use the competencies of a team of professionals during its operation.

What makes MSSP particularly relevant in times of war?

  1. No need to invest in CAPEX.
  2. No need to pay for something that is not used. Services are provided to the extent and based on the settings that your business needs.
  3. Tuning and increasing the efficiency of solutions are performed on a daily basis. The integrator or operator not only implements the systems but also supports them in the future. That is, actively intervenes in the process of operation of solutions to maximise the quality of their use.
  4. Access to experienced experts. The cyber analysts of the integrator or cyber security operator who will work with your systems have the necessary experience in the daily operation of solutions and data interpretation, as well as appropriate training to deal with an emergency (attack, compromise, etc.), deterrence, response and subsequent investigation.

Our European colleagues have already appreciated the benefits of the MSSP model and SOCaaS in particular and make full use of them in their daily practice. Their experience shows that it is profitable and more efficient. This is especially true when cyber security is not a part of the organisation’s unique business model, which is often the case in the SME segment. The practical experience of Octava Defence confirms the effectiveness of the model for our market as well, while the traditional approach is slowly losing ground.

If you liked “David” from cyber security but still have questions, visit us on our SOCaaS page. Get acquainted with the Octava Defence approach and order a demo — we’ll show you and tell you how our SOC will work directly for your business needs.


Tags :