Security practices are built to avoid the worst case security event of a damaging breach. The security operation’s ultimate goal is to prevent a breach from ever happening, and to limit its impact if it does happen. No matter how thoroughly security teams do their job and how capable an MSSP is, breaches do happen. Therefore it is very important when evaluating MSSPs to understand how they respond to a breach.
If an MSSP is unable to clearly explain their breach response protocols, or they claim they have never been breached, you should probably say thank you, goodbye, and never look back. Beyond that, it’s important to have the MSSP walk through exactly what they do in the event of a breach. Also, a good MSSP needs to be able to adapt their processes to your breach response requirements.
To learn more about what security pros consider the biggest challenges in building an effective breach response, Mighty Guides asked about 3,000 professionals the following question:
Which is the most challenging aspect of building a strong breach response capability?
Here are the respondents’ answers:
The top two responses speak to the human and technical aspects of breach response:
To learn more about how to evaluate breach prevention and response capabilities of MSSPs, see Chapter 5 of this ebook: 7 Experts Share Key Questions To Ask When Evaluating Providers.