MSSs provide organizations with a variety of management and operational services specific to security technologies and business outcomes for security. Capabilities include security monitoring, detection and response, exposure assessment and management as well as security consulting and security technology implementation. MSSs are delivered in a variety of modes, in the providers’ cloud infrastructure, as consultative engagements or through staff augmentation and on-premises. MSS providers offer a variety of different engagement models. These include heavily customized and consultancy-led models and commoditized technology management-driven experiences.
The SACBT market is characterized by vendor offerings that include one or more of the following capabilities: Ready-to-use training and educational content; Employee testing and knowledge checks; Availability in multiple languages, natively or through subtitling or partial translation (in many cases, language support is diverse and localized); Phishing and other social engineering attack simulations; Platform and awareness analytics to help measure the efficacy of the awareness program. Training modules are available as cloud-hosted SaaS applications or on-premises deployments via client-managed learning management systems (LMSs), and also support the Sharable Content Object Reference Model (SCORM) standard, enabling integration with corporate LMSs.
Security consulting firms are advisory and consulting services (see 'Definition: Cybersecurity' ) related to information and IT security design, evaluation and recommendations. These services are procured by various stakeholders in an organization, including boards of directors, CEOs, chief risk officers (CROs), chief information security officers (CISOs), chief information officers (CIOs), and other business and IT leaders for the purpose of obtaining and ensuring acceptable risk levels for a specific client organization.