Managing Breaches
Evaluating an MSSP Security Stack
November 12, 2019 | 2 min read
BlueVoyant

If you are leaning toward working with an MSSP to strengthen your security practice, or you have already made the decision to move in that direction, your next step will be to choose the right MSSP. This is not such an easy decision. Some factors to consider include:
Additionally, Mighty Guides asked:Which technology do you need that you don’t currently have? (Check all that apply)
These responses are interesting because they indicate several key technologies security professionals would like to be using more than they are at the current time. This is especially true of security orchestration, automation, and response (SOAR) technology.To find out more about why they are not using the technologies they want, we asked the following question:Which is the primary reason for not using the technology you need?
Cost and lack of staff resources are the two leading reasons they do not have the security they feel they need. Not every business needs the same things, and the reasons for not having them may differ from one organization to another, but to find the right MSSP for your business, you need to know what you need and why you don’t have it.To learn more about how to evaluate your own and an MSSP’s tech stack, see Chapter 2 of the following ebook: 7 Experts Share Key Questions To Ask When Evaluating Providers.
- Are they capable of delivering the level of service you need?
- Can they deliver service at a cost you can afford?
- Can you partner with this provider?
- Do they have the technical capabilities to do what they say they can do?
- Security information and event management (SIEM)
- Endpoint detection and response (EDR)
- Security orchestration, automation, and response (SOAR)
- Advanced threat hunting
- Behavioral analytics

- Security information and event management (SIEM)
- Endpoint detection and response (EDR)
- Security orchestration, automation, and response (SOAR)
- Advanced threat hunting
- Behavioral analytics

- Cost
- Lack of expertise
- Lack of fully-staffed 24/7 security operations center (SOC)
- Lack of staff resources
- Unable to convince management of the need

Related Reading
Thought Leadership
Enterprise Security Health Check: Getting the Most out of Your Splunk Subscription
June 16, 2022 | 4 min read
Partnerships
SOAR Workshop: Helping Optimize Your Security Tools Using Splunk's Platform
June 14, 2022 | 3 min read