Hi! I am Nick Gipson, the Director of Cyber Operations here at Pareto Cyber. This is Part 2 of my 10-part series “10 Things I Hate About Cybersecurity: A Love Story” where I dissect the problems within this industry and my personal encounters with them.
While outsourcing some or all of your security operations can have many benefits, some providers do more harm than good.
One of the main types of outsourced cybersecurity providers is particularly infamous for the harm they cause. A Managed Security Service Provider (MSSP) can monitor, maintain, and manage your threat detection with their own hardware and software. While this model can hypothetically help you offload some time-consuming and difficult tasks, certain vendors act more as what we call “ticket mills”.
Ticket mills are MSSP vendors who optimize their own operations and margins to the point where they no longer serve you as the client. These companies just generate and throw out tickets for security alerts without bothering to help you beyond calling attention to a problem.
Why It Matters
One of our clients was also using a second outsourced cybersecurity provider for monitoring their endpoints.
This MSSP company would monitor incoming security alerts and send them to our client in a simple spreadsheet. That spreadsheet would not be accompanied by any context as to where the security alerts popped up, what other incidents they might be tied to, or any recommendations for how our client could remediate an underlying threat.
While our client hired this firm to help them save time and expenses on a portion of their security operations, the way this provider sent them alerts only created more work.
Unfortunately, we still haven’t been able to convince our client to switch away from that MSSP vendor to a service that would actually help them improve their cyber maturity.
While they haven’t suffered from any major breaches, I am frustrated watching this client struggle to manage all of their endpoints when they are supposed to be paying for a service to remove some of that workload.
What Can We Do?
Ticket mill companies just send you a ticket and tell you that you have a new problem to deal with.
When you experience any issue with their service or want further information, you may not even be able to get the help you need. These vendors also often lack specialized support staff, outsourcing customer service to general contact centers who don’t understand the unique cybersecurity needs of your company.
After dealing with a ticket mill, many clients would rather not trust any other external cybersecurity provider. So now they miss out on all the benefits of outsourcing their threat detection and remediation efforts.
At Pareto Cyber, we try to operate in an entirely different way. Ticket mills represent everything that we are trying to fix within the cybersecurity industry.
To better serve our clients, we do as much as we can to improve their security posture. When we report any security alerts, we accompany them with extensive context and recommendations on how our client can address that incident and address any underlying vulnerabilities.