Integrate Asset Management
“We started performing regular scans of our customer’s networks for new/changed assets. This scanning not only helped our customers by decreasing their attack surface but enabled us to increase our per-customer revenue.”
If you’re delivering SOCaaS, it’s wise to integrate asset management into your security practices.
MSSPs primarily scan for compliance requirements, but scans should be done regularly for all clients.
Once that information is collected, there are several vital steps to take:
- Review the scan to ensure all relevant assets have been included – this is an important step if
customers forget to let you know when they add additional systems. - Review the posture of the systems for devices that require updates.
- Develop a list of required updates and set a timeline.
- Build a closed-loop process to ensure the assets are maintained – notify administrators and users and audit regularly to make sure any needed steps are taken.
- If protected data is detected, add data classification tags by the asset.
Most MSSPs scan monthly, and some scan daily for continuous compliance. The approach will vary based on the maturity of your customers.
