MSSP (Managed Security Service Provider)
Overview
An MSSP delivers outsourced security operations—often 24/7 monitoring, log aggregation, alerting, vulnerability scanning, and sometimes incident response—so organizations without large in-house SOCs still get continuous coverage.
Key concepts
- SOC-as-a-service — Analysts triage alerts from customer telemetry.
- SIEM / EDR — Tooling for correlation and endpoint visibility.
- SLAs — Response times for severity tiers and reporting cadence.
- Shared responsibility — Customer must send the right logs and fix owned assets.
- Playbooks — Runbooks for phishing, malware, account takeover, etc.
Alert triage sequence
Sample: handoff fields for an incident ticket
| Field | Example |
|---|---|
| Detection time | 2026-04-14T09:12Z |
| Affected host | app-03.prod |
| MITRE technique | T1190 — Exploit public-facing app |
| Containment | WAF rule + isolate host |
| Status | Contained — root cause TBD |