Scribd Logo
Upload

Welcome to Scribd!

  • Emagined Security MSSP Partner Evaluation Checklist

    Uploaded by

    nader2013
    34 views2 pages
    The document provides a checklist of questions for customers to evaluate prospective managed security service providers (MSSPs). It includes questions about the MSSP's background, security monitoring and response capabilities, log retention and collection architecture, vulnerability management, security operations and delivery, service onboarding, customer portal, security of the MSSP's environment, and pricing models. The checklist aims to help customers determine if an MSSP will be a true partner that can adapt to their needs or just a provider of basic services. It focuses on transparency, customization, and security of the service.

    Original Description:

    Original Title

    Emagined+Security+MSSP+Partner+Evaluation+Checklist

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document provides a checklist of questions for customers to evaluate prospective managed security service providers (MSSPs). It includes questions about the MSSP's background, security monitoring and response capabilities, log retention and collection architecture, vulnerability management, security operations and delivery, service onboarding, customer portal, security of the MSSP's environment, and pricing models. The checklist aims to help customers determine if an MSSP will be a true partner that can adapt to their needs or just a provider of basic services. It focuses on transparency, customization, and security of the service.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    34 views2 pages

    Emagined Security MSSP Partner Evaluation Checklist

    Uploaded by

    nader2013
    The document provides a checklist of questions for customers to evaluate prospective managed security service providers (MSSPs). It includes questions about the MSSP's background, security monitoring and response capabilities, log retention and collection architecture, vulnerability management, security operations and delivery, service onboarding, customer portal, security of the MSSP's environment, and pricing models. The checklist aims to help customers determine if an MSSP will be a true partner that can adapt to their needs or just a provider of basic services. It focuses on transparency, customization, and security of the service.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 2

    MSSP/Partner Evaluation Checklist

    The following are some sample questions that you may consider asking when
    evaluating prospective MSSPs to determine if they will be a Provider or a
    Partner:
     If we (the customer) need to retain logs for an
    COMPANY BACKGROUND & REPUTATION
    extended period of time, what are the options?
     How long has your company been providing MSS
     Who is responsible for backing up collected logs?
    services?
     How does MSS solution fit into your larger company SECURITY MONITORING & RESPONSE
    focus and portfolio? GENERAL
     Are you willing to provide at least 3 references?  What are your service level options for Security
     Are 100% of the employees / resources in the USA? Monitoring?
    (Required for Government Contractors / DoD)  Will the SOC work with us to refine which incidents
     Will the MSSP consider being part of a Proof of are more/less important?
    Concept project?  How do you monitor threat actors and how do you
    leverage this information?
    TOOLS AND SECURITY EVENT DATA  How far do you go in evaluating whether or not we
    OWNERSHIP
    have an incident?
     Who owns the security technology and can it still be
     Can the service be adjusted for hunting after critical
    used if the MSSP services are no longer required?
    incidents instead of just monitoring?
     Is the SIEM technology COTS or is it proprietary to
     Are fully encrypted computing resources /
    MSSP?
    communications used?
     Is open source technology being used in the SIEM
     Can SLA’s be tailored after contract completion based
    technology or it a commercially viable product?
    upon real needs without a contract modification?
    (Commercial Products Provide Advantages to
    Stability) SIEM
     How are logs analyzed for Security Incidents?
    LOG RETENTION AND COLLECTION
     Do you support the following technologies (state your
    ARCHITECTURE
    key security tools)?
     Do we (the customer) have access to the logs?
     How long are logs available online to be queried?
    EDR
     How are the logs stored and can they be accessed if
     Can EDR events be monitored and action be taken?
    the MSSP services are no longer required?
     Do you take any actions if malware is identified on
    EDR protected systems?
     What type of blocking response actions can be taken  Can you create custom collectors for non-standard
    by the MSSP? (e.g., Delete a file, kill a process; delete devices?
    a registry key)
    CUSTOMER PORTAL
    VULNERABILITIES  How is authentication to your customer portal
     How is Vulnerability data leveraged as part of Incident handled?
    analysis and presentation?  Does your portal support role-based access control?
     Do we (the customer) have access to the vulnerability  Can everyone be granted access to security incidents,
    data? device details, and reports for different parts of my
     Are dashboards available to help turn raw organization?
    vulnerability data into a management program?  Do we (the customer) have access to the same
    dashboards and data as the MSSP?
    SECURITY OPERATIONS & DELIVERY  Are we (the customer) and MSSP part of the same
     Is there an individual that is assigned as a primary communication channels (e.g., Microsoft Teams)?
    MSSP interface?
     How is communication with the SOC conducted? SECURITY & RESILIENCY OF VENDOR
     On an average week, how often do you chat with ENVIRONMENT
    each customer?  Describe your process for vetting staff that have
     Are any 3rd party contractors or companies used as access to client data.
    part of your solution?  Do you have Disaster Recovery and Business
     Are services tailored to each client’s needs? Continuity Plans?
     Can support be made available to support other  How long has your backend technology been in
    security needs (Tool Installation, Deployment, place?
    Patching and System Maintenance)?  Describe your vulnerability management approach for
     Can security coaching and mentoring be made ensuring the security and integrity of the SOC.
    available?
     Are services available 24x7? PRICING
     Describe your pricing model, licensing agreements,
    SERVICE ON-BOARDING and maintenance agreements.
     Detail your methodology for on-boarding managed  Is the pricing predictable?
    security services.  Is pricing designed to maximize utilization or is it a
     How long does it typically take bring a new customer charge per device?
    onboard and start reporting alerts?  Is there a charge to changed out or added new
     How long does it take to realize full benefits of the technologies / servers?
    SOC?  Do different technology characteristics (i.e. devices
     Do any forms need to be filled out to onboard each type, device size, high availability, firewall interfaces)
    security device? impact pricing of the solution?
     Approximately how long to does it take to add a new
    device for monitoring?

    You might also like