Does a managed security service enhance overall security posture? Usually No!
Managed security services are highly built on customer expectation instead of precise protocols to build a security barrier for client.
There are many factors involved in quality of security services after migration to a managed service but most effective one is “client expectations”, or better say, client understanding of cybersecurity realm. That’s why most of the companies downgrade by migrating to managed service because they think best way to manage an unknown and scary world is to bring someone else to take care of it for them, but if one’s did not understand the challenges of Cybersecurity and was not able to manage it before then there is no way expecting an MSSP can manage it.
Providing managed security services is a market highly built on customer expectation versus definite and precise protocols to build a security barrier for client. This is currently happening with cheapest analysts you could imagine. There is no way to set up a SOC for any number of clients and dedicate analysts for them with less price than having same workforce in-house. So obviously quality of security services is affected, not considering securing an unknown entity where all the objects and workflows are unknown is way more than a tune-up sessions, months and even years of understanding a system.
Imagine one brings a firm to secure their house and let them watch video cameras 24/7, even if privacy is not a concern which it has to be, we usually bring people to “set-up” things, not to watch them for us.
However, there are pieces one could outsource and utilize managed security services for areas that are meant to be managed by third-party. There are tasks we could pass to a 3rd-party security provider which I am going to cover later on “how and where to refer to a managed security services provider”?