Definition
A Managed Security Service Provider (MSSP) operates security infrastructure on a customer's behalf - SIEM monitoring, SOC operations, incident response, threat hunting, vulnerability management. MSSPs serve organizations that lack scale to build a 24x7 SOC internally, or that prefer to outsource non-differentiating operational work. Modern MSSPs differentiate on: specialization (industry vertical or technology focus), tooling (proprietary detection content vs. customer-owned SIEM), service tier (Tier 1 alerting only vs. full incident response with playbook execution), and outcomes vs. activity contracts.
Related terms
- SOC (Security Operations Center) - Centralized team responsible for monitoring, detecting, investigating, and responding to security incidents.
- SIEM (Security Information and Event Management) - Platform that aggregates security events from across the environment for correlation, search, and alerting.
- EDR (Endpoint Detection and Response) - Endpoint security capability focused on detection, investigation, and response to threats that have evaded prevention.