With an increase in remote work worldwide, data security measures should be top of mind. Ensuring your IT systems are operational, and your data and systems are safe, secure, and compliant should be one of your organization's top priorities. Unfortunately, many businesses, organizations, and entities mistakingly believe that their systems are completely protected by the existing relationships owners have developed with their managed service providers. That's not necessarily the case. Join Rea & Associates' Cybersecurity Services Team for a free, hour-long webinar taking a deep dive into understanding the difference between your Managed Service Providers (MSP) and Managed Security Service Providers (MSSP). Our cyber professionals will tell you everything you need to know when it comes to MSPs vs. MSSPs.
Shawn Richardson, principal and director of cybersecurity and data protection services, and Jorn Baxstrom, a cyber consultant with the firm, experts in the MSSP space, will provide you with insight into the differences of each role. Additionally, they will provide insight that will help you choose the right vendors and third-party service providers when it comes to protecting your organization, employees, and clients.
Plan to sit in on this informative session. Attendees will ...
- Be treated to a deep dive into the differences between Managed Service Providers and Managed Security Service Providers.
- Gain an understanding of your MSSPs role and where they provide support for your security program.
- Discover what the CIA Triad is and why is it important for your organization's cybersecurity infrastructure.?
- And so much more ...
Find out how outsourced cybersecurity services and managed detection and response services are essential to threat hunting and protecting your business. If you would like to learn more about MSPs vs. MSSPs, check out the following resources, including the following episodes from Rea & Associates' award-winning weekly business podcast, unsuitable on Rea Radio:
https://www.reacpa.com/insight/episode-276-msp-versus-mssp-whats-the-difference/
https://www.reacpa.com/insight/are-you-managing-your-cybersecurity-risk-exposure/
https://www.reacpa.com/insight/perspectives-what-does-the-it-department-do/
#MSSP #CyberServices #BusinessProtection #ReaCPA
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Providers
1. REA CYBER SERVICES & DATA PROTECTION
MSP V. MSSP
Jun
2021
Shawn M Richardson, US Army (Ret)
Principal, Cyber Services | Rea & Associates, Inc.
shawn.richardson@reacpa.com
O: 234-249-3478 | M: 614.554.3450
CONFIDENTIAL
2. 2
Presenters
Shawn M Richardson, US Army (Ret)
Principal, Cyber Services Segment
Dublin, Wooster offices
Director of MSIT, Cyber Security
Services
Trusted Advisor, Speaker, Thought
Leader
4. AGENDA
MSP vs MSSP
Mission and Purpose
CIA Triad
What are the differences?
What is a SIEM & MDR?
How They Work Together
Managed Security & Information Technology Services (MSIT)
Intro to MSSP + TOA = MSIT | Security First
Conclusion
Questions
4
CONFIDENTIAL
5. REA CYBER SERVICES IMPACT STATEMENT
As Rea Ambassadors, quality counts. We all can
take ownership of this cyber epidemic by showing
others you care and let your listening fuel action.
Share your ideas and vision with not just your
clients but also your colleagues. Never stop
learning. Our learning will drive change within the
world of Cyber and protect our clients networks
from the ever-evolving treat-landscape.
5
CONFIDENTIAL
6. MSP V. MSSP | MISSION & PURPOSE
MSP – Managed Services Provider
Managed Service Providers are the practice of outsourcing the
responsibility for maintaining, and anticipating need for, a
range of processes and functions of IT in order to maintain
operations (keep the lights on), improve efficiencies, and cut
expenses. Availability
6
CONFIDENTIAL
7. MSP V. MSSP | MISSION & PURPOSE
MSSP – Managed Security Services Provider
A managed security service providers sole focus is to detect
and protect against ongoing threats. A firm providing
continuous managed security services coupled with best-in-
class information technology is a “Trust Oriented Approach”.
Common services include continuous monitoring, threat
hunting, managed firewalls, vulnerability scanning and
manage/detect/respond (MDR) services to protect enterprise
data, identities, and reduce overall cost to the business.
Confidentiality & Integrity
7
CONFIDENTIAL
8. MSP V. MSSP | CIA TRIAD
8
CONFIDENTIAL
Confidentiality:
Protect sensitive, private
information from unauthorized
access. Confidentiality is
dependent on being able to
define and enforce certain access
levels for information organized
by who needs access to the
information and sensitivity of the
information.
Integrity:
Designed to protect data from
deletion or modification from
any unauthorized party and
ensures when an authorized
person makes a change that
should not have been made the
damage can be reversed.
Availability:
Availability of systems and
computing resources that have
architectures specifically
designed to improve
availability. This covers
hardware failures, upgrades or
power outages, or managing
several network connections to
route around various network
outages.
Principles of
Information Security
9. MSP V. MSSP – WHAT ARE THE DIFFERENCES? 9
Management,
Implementations, &
Outsourcing
Value Added Resellers
(VAR)
Selling Products
Stop Breaches
Continuous Security
Monitoring
CONFIDENTIAL
Managed Services Provider
10. MSP V. MSSP – WHAT ARE THE DIFFERENCES? 10
Stop Breaches
Continuous Security
Monitoring
CONFIDENTIAL
Managed Security Services Provider
11. WHAT IS A SIEM? 11
SIEM stands for Security
Information and Event
Management. SIEM
products provide real-
time analysis of security
alerts generated by
applications and network
hardware.
Security software
packages ranging from
Log Management
Systems to Security Log /
Event Management,
Security Information
Management, and
Security Event
correlation. These
features are combined
for 360-degree
protection. CONFIDENTIAL
12. WHAT IS MDR? 12
MDR stands for
Managed
Detection and
Response (MDR),
which is a
managed
cybersecurity
service that
generally
provides a 24/7
service for threat
detection,
response, and
remediation.
CONFIDENTIAL
13. MSSP + TOA = MSIT
Trust Oriented Approach
Building trust starts with leading with security first, reducing risk
to the business by:
Learning the business to grow them safely
Performing annual risk assessments
Building mature cybersecurity programs
Continuous 24x7x365 monitoring
This approach improves the overall security “health” within
businesses and allows for growth safely without compromise.
13
CONFIDENTIAL
14. MSSP + TOA = MSIT (CONT)
The digital transformation has evolved rapidly over the
last two decades. This transition has forced businesses to
find ways to cut costs and improve efficiencies. In most
cases, MSPs focus on availability, not confidentiality or
the integrity of data, systems, and networks. Additionally
for the last decade, security providers have been selling
solutions without understanding the business FIRST.
Then analyzing the most important assets within their
business; the data.
14
CONFIDENTIAL
15. MANAGED SECURITY & IT SERVICES = MSIT
15
Management,
Implementations, &
Outsourcing
Value Added Resellers
(VAR)
Selling Products
(As needed)
Stop Breaches
(MDR)
Continuous Security
Monitoring
(SIEM)
CONFIDENTIAL
Rea Cyber Services is
‘security focused’
working together
seamlessly with
governance, risk, and
compliance combining
best-in-class IT with
layered security and
continuous monitoring.
17. CONCLUSION
As Rea Ambassadors, quality counts. We all
can take ownership of this epidemic by
showing others you care and let your listening
fuel action. Share your ideas with not just
your clients but also your colleagues. Invest
in your family, your community and your
future. Never stop learning.
17
CONFIDENTIAL
18. 18
Conclusion
CONFIDENTIAL
Shawn Richardson
Principal & Director
Dublin & Wooster Offices
Direct Line
234.249.3478
shawn.richardson@reacpa.com
Jorn Baxstrom
Manager
Wooster Office
Direct Line
234.249.3451
Jorn.baxstrom@reacpa.com
Security must assume everything coming into the network is bad. SIEMs assume everything is good until proven bad. Therefore, SIEMs are not built for security. MDRs use SIEM or build their own engine with an SIEM like approach. SIEMS should feed into orchestration platforms.
This image will NEVER change. However, our segments mission is to articulate the inherent risk within this image to our clients.