The role of a cybersecurity team is part maintenance, part emergency response. Most days are spent reviewing alerts and mitigating events. It’s critical work, but with the right response, Level 1 and 2 threats are no cause for alarm.
Sometimes, however, a threat becomes a true crisis. Whether a data breach, exposed vulnerability, or ransomware attack, cybersecurity teams guide the company through the crisis and prevent these attacks in the future — and the stakes are high. The IBM Cost of a Data Breach report finds that the global average cost of a breach is $4.9M USD.
When a crisis occurs, the quality of your managed security services provider (MSSP) is paramount. It is what establishes and maintains your business resiliency in the face of cyber attacks. Partnering with the right MSSP could mean the difference between successful mitigation and a very costly disaster.
Will your MSSP hide behind contract limitations or go above and beyond to solve the problem? This question became a reality for one of our clients during a 2024 infrastructure failure.
Our technology hardware and services provider client discovered zero day exploits of their SSLVPN infrastructure, and the OEM provided little support in fixing the issue. Day after day, the OEM released new “patch updates” that would allegedly solve the problem, only for another update to be released the following day. Moreover, these updates required the full reinstallation of the infrastructure. It was an involved, laborious process that ultimately didn’t work.
With trust in the manufacturer shattered, our client decided to accelerate their migration to Palo Alto SSLVPNs. “We had every indication that our customer was being actively exploited. It wasn’t theoretical," explains Erik.
This security event was a true disaster. Fraudsters were actively exploiting the vulnerabilities and a breach could occur any moment. But, according to the terms of the partnership, SecureOps was not obligated to perform the migration. Doing so would require personnel and resources outside the scope of the contract. “Most people would not consider three deployments in one week to be in scope. That's the kind of thing we charge $5,000 per device to do normally. An argument could be made that we should have charged hundreds of thousands of dollars for the whole project. We didn't,” said Montcalm.
This approach would have left our client in a difficult position. So instead, we went above and beyond to deliver solutions over limitations.
Facing a live threat, SecureOps deployed an immediate, all-hands-on-deck response. We paired our senior architects with our analysts to develop custom documentation to execute the patch updates from the OEM. When new updates were issued, we executed those as well. The 10-person team worked tirelessly, manning the crisis line until the issue was resolved. Montcalm stressed how involved this project was, saying, “All of the smaller MSSPs would have invoked an exception clause in their contract at this point, because honestly most MSSPS would not have the manpower to do this.”
Our deep familiarity with the client’s environment and close working relationship with the internal team proved vital, enabling us to complete the migration to a secure Palo Alto solution in less than a month.
Most importantly, we acted as a true partner. Rather than weaponize the contract and deliver a quote for the network migration, we found a creative solution. “Sharing the pain goes a long way to supporting the customer. Even if it is nobody's fault, it shows that we're all in this together and we're all on the same team,” said Montcalm. By extending the contract duration, we covered the migration costs without changing their monthly bill. The client received a full-scale crisis response and critical network migration with zero added financial pressure. This scale of project for this size of customer would have otherwise cost over $125,000.
The fundamental purpose of an MSSP partnership is to create resilience in your business. When a crisis occurs, you need a partner who won’t lose sight of that primary mission. Security events like those in this story will occur in every business eventually, and there are millions of dollars on the line. “There's no phoning it in. Customers often say we go to war together, they're in it with us. That's the type of thing we want to be known for," said Montcalm.
How will your MSSP respond?