Assessing your cyber security stack: A guide for MSPs

The cyber security vendor market space has grown significantly. As an MSP, you’re likely inundated with calls about the latest technologies. There's a nearly limitless menu of options to secure your clients’ environments—how do you know which tools to choose?

As threat actors continuously orchestrate new ways to attack, companies fell into the habit of adding individual products to address each emerging risk. These limited-function products, known as point solutions, are the leading cause of stack bloat.

Every so often, it’s essential to set aside time to ask whether these tools are really getting the job done. If your tools aren’t generating the value you’d hoped, or if your suite has become unwieldy and hard to manage, assess your security stack. Before we discuss how to do that, let’s explain how assessing your stack benefits you.

3 reasons to assess your security stack

Minimize unnecessary costs

It’s completely normal for MSPs to use multiple cyber security solutions to protect their clients’ threat surfaces. After all, no two threat surfaces are the same. However, there’s a tipping point. There is such a thing as too many products.

You must carefully and thoughtfully plan your cyber security toolkit. Choose each product based on client needs and your available resources. Otherwise, you may mistakenly add a solution that delivers capabilities you already have, causing you to pay more for functionality you didn't need.

What's more, redundant tools lead to major inefficiencies. The volume of threat alerts from all these tools creates significant noise that quickly becomes overwhelming. Consider the effort it takes to investigate alerts—many of which will likely be duplicates or false positives due to overlapping functionality in your stack—and it becomes clear why less is often more.

Taking time to assess your stack will help you pinpoint redundant tools that could be removed without harming your clients’ defence.

Address gaps and other risks

An assessment also allows you to find gaps in your security stack. You may think that a specific tool helps you achieve a goal, but evaluating your stack could reveal gaps or blind spots putting your clients at risk.  

A proper assessment will also help ensure you use all the tools you have to their fullest extent. Instead of buying another solution to fill a gap, for instance, you may discover that one of the tools you already pay for has the functionality you need. Why spend time and money looking for a new tool if one in your stack will get the job done?

Similarly, poor tool integration impacts a cyber security stack's effectiveness. When tools are built separately, they struggle to integrate and communicate. This adversely impacts the efficiency of your tools, even allowing suspicious behaviour or blatant attacks to go undetected.

Remove inefficient tools

Businesses need qualified experts to manage complex security stacks, but each added piece of software puts more weight on teams. The pressure can quickly become overwhelming. Regularly reviewing your toolset with an eye on efficiency and interoperability can help you reduce stack bloat and make managing the technology easier. 

Even with the right resources, complex products are frustrating to manage. Slow portals, messy dashboards, and unclear alerts cause more harm than good. A poor user experience makes it harder to detect legitimate threats, giving attackers more time to cause damage.

Assessing your stack will help you understand how recently added tools are meshing with your environment. Sometimes MSPs will find that their tools aren’t meant for their line of work, or perhaps require specialized expertise that's extremely difficult to find.

How to assess your cyber security stack

Step one:

Create an inventory of existing security tools you use to protect your clients. Your exact list of tools will vary greatly, but remember to include things like: 

• Threat monitoring, detection, and response for your
  • Endpoints
  • Networks
  • Cloud-based services
• Firewalls
• Password managers
• Multi-factor authentication tools
• Virtual private networks (VPN)
• Data and device backups

Step two:

Find a framework that can help you keep things organized. Industry standards offer frameworks that enable organizations to evaluate their cyber security service in a tangible and objective way.

The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), for example, shows how to properly layer security solutions to minimize cyber risks (and stack bloat). The framework focuses on five core components (which are then broken down further into sub-components):

• Identify: determine business-critical functions and what cyber security threats could disrupt them.
• Protect: limit the impact of a security incident and may include technologies (e.g., antivirus or firewall).
• Detect: the measures in place to pinpoint threats or risks (e.g., continuous monitoring for suspicious activity).
• Respond: the capability to react to incidents effectively (e.g., proactive incident response (IR) planning).
• Recovery: the controls in place that help restore business after an incident (e.g., data backups).

According to NIST, an organization can “use the Framework to determine which activities are most important to assure critical operations and service delivery. In turn, that will help to prioritize investments and maximize the impact of each dollar spent on cybersecurity.

Step three:

Map your inventory of tools from step one to the framework in step two (or the framework of your choosing). This is also a great time to factor in the ROI of your security stack—how much profit does each tool bring in? How does that compare to its costs? Calculating ROI can be time-consuming, but it can help you make strategic business decisions that also improve your margins.

We suggest using a table to keep your mapping efforts organized. It should look something like this:

Take note of where there are empty spaces, which would imply gaps, or overflowing sections, which would imply redundancies.

Then you can take steps to make sure your stack is well-balanced by removing and adding tools as needed.

Tips for optimizing your cyber security stack

Pivot away from the point solution approach to optimize your security stack. Not only do point solutions offer an inadequate defence, but they’re also complex to manage, and the individual costs of each tool quickly absorb your budget.

By replacing point tools with solutions with a holistic, hybrid solution, you can drastically simplify your tech stack while improving its capabilities. Think of all the time and effort you’d save not having to piece together tools to create the comprehensive defence your clients want.

Covalence is Field Effect’s hybrid cyber security solution. Our partners get access to a complete managed detection and response (MDR) solution that lowers their monthly costs, puts time back in their team’s day, and results in better defences for their clients.

Want to know more about what it’s like partnering with us as an MSP? Visit the Field Effect Partner Program