This toolkit is designed to help you navigate the vendor selection process quickly and efficiently, so you have the information you need to select the solution that best fits your organization’s unique requirements.
What can you do with this toolkit?
- Identify the critical problems that your MSP solution needs to solve.
- Identify which tasks you would like to manage in-house and which tasks you would like to outsource to the MSP vendor.
- Communicate your data protection requirements to potential MSP vendors.
- Weigh and compare vendors’ responses to help support your decision.
There are many important criteria to consider when evaluating and selecting a managed security program (MSP) vendor. The following toolkit contains a criteria template and a checklist to help identify which elements of a security solution you wish to start and/or continue to manage and which you wish to outsource to the vendor.
Text
Why Use Our MSP for Data Loss Prevention Scorecard?
Organizations are dealing with an increase in complexity of their security environments, coupled with a scarcity of resources, be it technology, expertise/staff, or budget. Implementing and managing their own DLP program in-house can be difficult under these restraints. For other organizations, the decision to outsource management of security solutions is purely a strategic decision, allowing their internal staff to focus on business-critical activities rather than maintaining security infrastructure. To address both use cases, DLP as a service has emerged as a smart alternative.
DLP as a service gives organizations immediate access to DLP technologies that continually monitor for and protect against insider threats and attempts at data exfiltration, managed by the DLP vendor’s own team of security analysts.
Considerations When Researching an MSP Vendor
Pre-RFP Preparation Steps
- Establish and document all your requirements before engaging with a vendor
- Assess technology compatibilities and potential inefficiencies
- Align performance metrics of the MSP with your internal KPIs
- Ensure successful two-way iteration of your program
To determine which MSP offering is right for your organization, look for a vendor with a proven track record, a strong balance of security and cloud expertise, and threat intelligence capabilities. All of the following should be considered:
Vendor Reputation & Expertise Checklist
- Experience delivering MSP solutions
- Ability to provide extensive use cases
- Established brand portfolio
- Financial stability
- Industry regulations and proper certifications
- Service level agreement (SLA) document (including a dedicated account manager, incident response contact, etc.)
Vendor Technology
- Robust web-based management and analytics tools
- Understanding of both compliance and IP protection
- Detailed solution architecture
- Vendor compatibility with current technology stack
- Extent of customization capabilities
Vendor Infrastructure Management
- Fully managed DLP infrastructure
- Managed appliance/agent installation and ongoing administration
- Continuous improvements and implementation of updates
Vendor Back-Ups and Storage Capabilities
- Recovery Point Objective (RPO)
- Recovery Time Objective (RTO)
- Service-level exemptions
- Off-site/cloud-based storage
Vendor Deployment
- Planning and Requirements Phase - focus on designing and defining requirements based on your business objectives
- Qualification Phase - building and testing agent deployment
- Deployment Phase - focus on configuring, testing, and deploying
- Use Case Implementation Phase - focus on reviewing and implementing the necessary data loss prevention (DLP) rules and policies
- Transition Phase - focus on assisting the client with the definition of their operations and support processes, as well as facilitating a knowledge transfer to ensure a smooth transition of regular operations to the MSP operations team
Identify Which Solutions You Wish To Manage In-House and Outsource
Coverage Capabilities
Endpoint DLP
| Can your solution provide the following: | In-House | Outsource |
| Support for Windows Workstations and Server OS? | ||
| Support for macOS Workstation and Server? | ||
| Support for Linux Workstation and Server? | ||
| Support specifically designed for Virtual Workstation Infrastructure? | ||
| Support for Windows, iOS, Android, and Blackberry mobile devices? | ||
TOTALS: |
Note: If the vendor offers support for multiple operating systems, have them describe any functionality differences between the three OS environments.
Data Discovery
| Can your solution provide the following: | In-House | Outsource |
| Discovery support for Windows Workstations and Servers? | ||
| Discovery support for macOS? | ||
| Discovery support for Linux Workstations and Servers? | ||
| Discovery support for Structured data (e.g. SQL, Oracle)? | ||
| Discovery support for Office 365 | ||
| Discovery support for file shares (Windows, Samba, CIFS, NFS)? | ||
| Discover and evaluate files by type using mechanisms other than the extension? | ||
TOTALS: |
Data Classification
| Can your solution provide the following classification and tagging: | In-House | Outsource |
| Automatic, based on context (something about the file, e.g. it's location)? | ||
| Automatic, based on content (something in the file, e.g. a string match)? | ||
| User-driven (user can classify a file or an email manually)? | ||
| Based on file operations (tag is driven by a file movement, transmission, or email)? | ||
| Application-specific (tag can be created based on an application touching a file)? | ||
| User-specific (tag can be created based on a user or group touching a file)? | ||
| Classification results in a tag on a file? | ||
| Persistency (tag persists when files are manipulated)? | ||
| Inheritance (new files can inherit tags from source files based on policy)? | ||
| Multiple tags (used to reflect more than one content or context classification)? | ||
| Support visibility into archives (e.g. tag propagates from file into .zip/.tar)? | ||
TOTALS: |
Cloud DLP
| Can your solution provide the following: | In-House | Outsource |
| Scan files uploaded to cloud storage for confidential or regulated data? | ||
| Audit files based on an event occurring in the cloud provider? | ||
| Audit files while quarantined by the cloud provider? | ||
| Audit existing files uploaded to cloud storage? | ||
| Remediation of incident | ||
| Automatic and/or after administrative review? | ||
| API level integration with cloud storage vendors? | ||
TOTALS: |
Network DLP
| Can your solution provide the following: | In-House | Outsource |
| Inspect network traffic? | ||
| Inspect email traffic? | ||
| Inspect webmail traffic? | ||
| Inspect Web 2.0 app traffic? | ||
| Inspect HTTP and HTTPS traffic? | ||
| Inspect FTP and FTPS traffic? | ||
| Inspect TCP/IP traffic? | ||
| Inspect subject, message, and attachments for sensitive content | ||
| Remediate email traffic | ||
| Types of email remediation offered (block, encrypt, modify, etc..) | ||
| Block network traffic | ||
| Notify users when network traffic violates corporate policies | ||
| Notify administrators when network traffic violates corporate policies | ||
TOTALS: |
Applications (Including Source, Destination, Extensions, Exe, Etc.)
| Does your solution have multi-browser support for: | Y/N | In-House | Outsource |
| Outlook, Thunderbird, Apple Mail, Lotus Notes, Evolution? | |||
| IE, Chrome, Firefox, Safari? | |||
| Antivirus? | |||
| Full disk encryption? | |||
| SQL, Oracle databases? | |||
| Data stores (e.g. SharePoint, Documentum)? | |||
| Microsoft Office? | |||
| Adobe Acrobat? | |||
| Libre Office? | |||
| Source code (Visual Studio, Xcode, other)? | |||
| CAD? | |||
| Image (e.g. jpg, tiff, png, bmp)? | |||
| Audio and video? | |||
| PLM (Siemens, Agile, etc.)? | |||
TOTALS: | |||
Data Egress Capabilities
All Egress Channels
| In-House | Outsource | |
| Source file location? | ||
| Source file classification? | ||
| Source file type? | ||
| Threshold based on number of files transferred over a certain period? | ||
| Threshold based on amount of data transferred over a certain period? | ||
TOTALS: |
| In-House | Outsource | |
| Control mail based on any combination of file attachment, email body/subject, and destination recipient? | ||
| Tag an email (e.g. using X-header)? | ||
| Integrate with 3rd party mail gateway solutions? | ||
TOTALS: |
Network Upload
| In-House | Outsource | |
| Distinguish domains, IP addresses, URL strings? | ||
| Control network uploads with coverage across all major browsers (e.g. IE, Chrome, Firefox, Safari)? | ||
| Inspect and control contents of the http-post operation for webmail? | ||
TOTALS: |
Removable Media (e.g., Thumb Drives, Portable Hard Drives, CD/DVD, etc.)
| In-House | Outsource | |
| Provide controls based on device characteristics (manufacturer, model, serial number)? | ||
TOTALS: |
| In-House | Outsource | |
| Distinguish printers by name and domain? | ||
| Control printing based on network context (e.g. allow if in the office, block if at home)? | ||
TOTALS: |
Application Data Exchange/Screen Buffer Control
| In-House | Outsource | |
| Inspect the clipboard buffer for content in copy/paste operations? | ||
| Control copy/paste based on the source file location/content/classification? | ||
| Control printscreen? | ||
| Control printscreen based on contextual parameters? | ||
| Control screen capture (third-party apps)? | ||
| Control screen capture based on contextual parameters? | ||
TOTALS: |
Policy Controls
Administrative
| Are the following configurable based on policy? | Y/N | In-House | Outsource |
| Provide notifications which are available based on policy or rule? | |||
| Notifications customized by alert and recipient? | |||
| Send policy alerts to security administrators in real time via email? | |||
| File capture configured based on policy and is it available for all egress channels? | |||
| Key logging configured for specific endpoints or users? | |||
| Screen capture? | |||
TOTALS: | |||
Data and Process Controls
| Are the following configurable based on policy? | Y/N | In-House | Outsource |
| Silent alert? | |||
| Warn user? | |||
| Prompt for justification? | |||
| Block action? | |||
| Stop an existing process? | |||
| Encrypt? | |||
| Quarantine endpoint? | |||
| File capture (admin can request a file based on specified conditions)? | |||
| Process vaulting (can mark a process as sensitive based on certain characteristics)? | |||
TOTALS: | |||
Additional Offerings
Endpoint Detection and Response
| Can your solution provide the following: | In-House | Outsource |
| Automatically detect and block ransomware, malware, malware-free attacks and other suspicious data movements? | ||
| Stop threats without an IOC signature? | ||
| Detect and block advanced threats across the attack lifecycle? | ||
| Block the attack’s initial entrance vector? | ||
| Block exploit installation/execution? | ||
| Block the command and control phase? | ||
| Only trigger alarms for high-fidelity incidents? | ||
TOTALS: |
User Entity Behavior Analytics
| Can your solution provide the following: | In-House | Outsource |
| Continuosly record and track every user action? | ||
| Detect abnormal file operations? | ||
| Capture files, screen shots and keystroke logging? | ||
| Indentify suspicious user behavior and/or exifiltration attempts? | ||
| Identify suspicious or unauthorized application use? | ||
| Detect suspicious system configurations? | ||
| Monitor and control priviledged users? | ||
| Collect and preserve chain-of-custody forensic evidence? | ||
TOTALS: |
Advanced Threat Detection (e.g., Cyber/APT)
| Can your solution provide the following: | In-House | Outsource |
| Endpoint heuristics (e.g. application and user behavior anomaly analytics)? | ||
| Endpoint threat detection and prevention functionality? | ||
| Does your endpoint agent/console solution integrate with third-party solutions? | ||
| Control of malware proliferation? | ||
| Application whitelisting/blacklisting? | ||
| Can your solution evaluate files by type using mechanisms other than the extension? | ||
| Does your solution use threat detection to control access to classified data? | ||
TOTALS: |
Interested in Fortra's Digital Guardian Managed Security Program?
Our team of 24/7 data protection specialists hosts, manages, and monitors your security platform to prevent emerging threats, ensuring compliance and threat detection every step of the way. Get in touch with our Services Team to learn how we can deliver a smooth transition with comprehensive data protection capabilities.