top of page


<<Buyer Beware – Own Your Tools and Security Event Data>>


Imagine for a moment that you have procured a Managed Security Service Provider (MSSP) that is designed to monitor your security event data (logs) and report to you if you are under attack and validate identified issues. You are happy because you found a managed security service which is much cheaper than trying to run a 24x7 security operation. Buyer beware - not all services are created equal.

Let me tell you a story…

A customer outsourced their managed security service to a large MSSP and the following challenges ensued. For a bit of background, the customer in this story is subject to regulatory requirements that require them to maintain security event data (logs) for several years. No worries, the MSSP is doing that for them. Right?

About six months passes by and the customer was growing more and more frustrated with the MSSP. They were just not getting the attention they need from the MSSP and started evaluating options for when the contract came up for renewal. At the time, Emagined Security was just working in an advisory role and was not directly involved. This allowed us to hear multiple sides of the story.

About two months before the end of the contract term, the customer notified the MSSP that they intended to not renew the contract. The current provider did not flinch a bit upon the termination notification. The customer was shocked and could not figure out why they did not seem to care. After all, it was a large contract.

Around the same time, the customer contracted with another provider for MSSP for the next year and started a project to replace the original MSSP. One of the first steps in the replacement process was to acquire the security event data (logs) for long term archival from the MSSP to meet their regulatory requirements. When they asked for the logs the MSSP told them that they are not entitled to them since the customer the logs were only available if they remained a client. Bewildered, the customer insisted that they acquire a copy of the logs since they have a long-term government requirement to preserve them.

One Million Dollars!!

The MSSP said they would allow the customer to pay a fee to deliver the logs to them. A few days later a quote was provided to the customer for ONE MILLION DOLLARS. The customer was stunned! How could this be… aren’t they entitled to the logs? At that time, the customer turned to the contract they signed. Surely, that couldn’t be right. No where in the contract did it say they are entitled to the logs, in fact, it said they are not entitled once they stop being a customer.