As breaches continue to batter organisations, many companies are curious around whether an MSSP can be the solution to a successful cybersecurity posture.
By Tiana Cline, Contributor
Johannesburg, 11 Jan 2024
Stephen Kreusch, Performanta.
Stephen Kreusch, Performanta.

Are you considering engaging a managed security service provider (MSSP) to improve the security posture of your business? If so, you're not alone. Transparency Market Research predicts that the global MSSP market will generate revenue of $53.2 billion by the end of 2031 and, according to Gartner, MSSPs can help organisations reduce the risk of a data breach by up to 50%.


“When engaging an MSSP, it’s crucial to establish a clear service level agreement (SLA) to hold them accountable for security monitoring and threat prevention across all vectors, including network, infrastructure, and applications,” says Pankaj Bhula, regional director: Africa, Check Point Software Technologies. “The SLA should encompass the management of all security tools, from hotfixes and upgrades to adherence to industry best practices for configurations.” An MSSP should align with your company's security policy and strategy regarding threat management, incorporating risk assessments, continuous vulnerability identification and remediation, patch management, security awareness training for staff, incident investigations, and necessary actions to mitigate threats. “The customer may also be required to define elements in their security policy and strategy, such as identity and access management, data classification, access controls, and compliance standards,” adds Bhula. 

To gauge the effectiveness of an MSSP before a breach occurs, several indicators can be considered. An effective MSSP should not only meet standard security metric measures outlined in the SLA, but also provide quick response times, concise incident handling, and regular reporting on security events and incident responses, says Bhula. “They should align their tooling, methodologies, and security expertise with your long-term security roadmap, whether that involves zero-trust adoption or digital and cloud transformation. Key indicators include their ability to assess all security domains, review architecture, and make recommendations in line with best practices and high-level designs to enhance your security maturity as you progress.”

“Today’s agile working environment means the traditional security perimeter is no longer a fixed boundary, which means companies may now have critical security gaps in their infrastructure,” says Bertrandt Delport, BT South Africa’s country manager. “Most organisations are focused on commodity-type security solutions, things like antivirus and firewalls, but these days, increasingly, we see organisations going out and requesting services on the managed detection and response side,” says Stephen Kreusch, a cybersecurity director at Performanta. Performanta recently ranked 28 globally in MSSP Alert’s Top 250 MSSPs for 2023 list. “We’ve seen a steady increase in ransomware incident response engagements, catching many organisations unprepared. However, those that have implemented more advanced endpoint detection and response technology like Microsoft Defender for Endpoint or CrowdStrike Falcon, along with utilising MSSPs for 24/7 incident monitoring and response, are better equipped to contain and mitigate the damage caused by ransomware.” Kreusch says that many of the attacks today require an advanced skill level that goes beyond normal security product administration “because you need people who can understand attacks and know what to look for and can drill into what actually happened”.

“There’s a level of expertise that comes with an MSSP – you’re getting a number of cybersecurity professionals under one roof who can collaborate to generate the best solution for any given issue,” says Matthew Kline, Corvid Cyberdefense’s director of compliance. “Even if you have a security programme within your organisation, you can use an MSSP to boost your cybersecurity capabilities.”

Plugging the gaps

MSSPs offer invaluable assistance when it comes to the five primary areas of improving a customer’s security posture – protect, detect, respond, govern, and report. “As far as ‘protect’ and ‘detect’ is concerned, many MSSPs offer a consistent, often cloud-based security platform that not only removes the hassle of buying and maintaining hardware, but also provides an end-to-end incident report,” says Delport. “Event monitoring services highlight potential gaps in security posture, and then the advisory services to plug those gaps in the posture that leave the company vulnerable to threats.”

Even if you have a security programme within your organisation, you can use an MSSP to boost your cybersecurity capabilities.

Matthew Kline, Corvid Cyberdefense

From firewalls to endpoint protection, vulnerability scans and training, there are many benefits that come from partnering with an MSSP. “You’re not tied down to one way of doing things,” says Kline. “If you already have certain tools in place that you’d like to keep, you don’t need to use what the MSSP offers. An MSSP should work with your team to implement whatever tools you do end up purchasing to work alongside the ones you already have.”


Delport says that an MSSP with the necessary credentials will often be in a position to leverage threat intelligence feeds from the world’s cyber community, such as ENISA (European Network and Information Security Agency), the FBI, CERT-UK Interpol, NCSCC and others, along with their own ringside seat to the threat landscape. “They will be able to keep the customer well informed of potential threats happening globally,” he says. “MSSPs will be in a position to offer the remediation advice to assist with the ‘respond’ element to avert or recover should these threats materialise. This is the minimum requirement a company should expect from an MSSP.”

One of the biggest benefits of an MSSP is cost savings, particularly for small businesses with tight cyber budgets, says Kline. “The additional cost of cybersecurity tools and services can be daunting. Working with an MSSP can help you to customise what you have in place alongside some additional tools that the MSSP can provide to cut costs and still maintain a decent level of cybersecurity within your company.” Another reason businesses are choosing MSSPs is the global cybersecurity skills shortage. Research from the Enterprise Strategy Group found that the skills shortage led to increasing workloads by 61% for existing cybersecurity staff, leading to a 43% burn-out rate. There’s clearly a high need for this kind of expertise, but finding in-house cybersecurity professionals can be a challenge and MSSPs plug that gap.

If the consuming organisation isn’t strong on its governance, it might end up with an that, on paper, says this is what it’s going to do and then actually fails to deliver.

Stephen Kreusch, Performanta

An MSSP can also be a good avenue for a company to meet compliance requirements to align with regulatory standards. “MSSPs have a lot of tools that can help you get there,” says Delport. “On the compliance front, it’s about tailoring all those tools to meet an organisation’s needs, comparing those tools to the cybersecurity frameworks and provide adequate language that shows how the tools meet any of the applicable requirements.”

Ultimately, it’s important to make sure that the MSSP you choose is doing things properly. Kreush suggests that everything should be clear upfront and included in a contract. “So, if an MSSP is working towards having to meet specific compliance objectives for the client, that’s something that should start on day one. It shouldn’t be an afterthought and this is where sometimes things can go a little pear-shaped if it’s not managed properly,” he says. “If the consuming organisation isn’t strong on its governance, it might end up with an MSSP that, on paper, says this is what it’s going to do and then actually fails to deliver.”


* Article first published on