What is the Cyber Defense Score™?

The Cyber Defense Score™ is an A–F letter grade plus a 0–100 numerical score produced by a 100-tool external attack surface scan. It shows you exactly what cyber insurance underwriters see when they assess your business. It is mapped to NIST CSF 2.0, CIS Controls, SOC 2, NIST 800-171, FTC Safeguards Rule, and PCI-DSS readiness.

How does Cyber Defense Agent help with cyber insurance?

Cyber Defense Agent runs the same external scans that cyber insurance underwriters use to assess your risk. By scanning first, you can identify and fix gaps (missing MFA, DMARC, open ports, SSL issues) BEFORE your renewal or new application. This helps you avoid denials, reduce premiums, and pass underwriting on the first attempt.

What do cyber insurance underwriters scan for?

Underwriters typically scan for: MFA enforcement across all remote access, DMARC/SPF/DKIM email authentication, open RDP ports (3389), SSL/TLS configuration, known vulnerabilities in public-facing services, DNS security, and evidence of endpoint detection (EDR). Cyber Defense Agent checks all of these in 60 seconds.

Can Cyber Defense Agent help me lower my cyber insurance premium?

Yes. Carriers offer premium discounts of 10–25% for businesses that demonstrate strong security posture. By fixing the gaps Cyber Defense Agent identifies and presenting your Cyber Defense Score™ and trust page to your broker, you provide concrete evidence of risk reduction that carriers reward with lower premiums.

Why was my cyber insurance application denied?

The most common denial reasons are: no MFA on email and remote access (41% of denials), missing DMARC email authentication, open RDP ports, no EDR/endpoint protection, and no incident response plan. Cyber Defense Agent scans for all of these and shows you exactly what to fix before reapplying.

How long does a Cyber Defense Agent scan take?

A full 100-tool external attack surface scan completes in approximately 60 seconds. No software installation, no questionnaires, and no credit card is required to get started. You see the same view of your attack surface that underwriters see.

What frameworks does Cyber Defense Agent map to?

Cyber Defense Agent maps scan results to NIST CSF 2.0, CIS Controls, SOC 2, NIST 800-171, FTC Safeguards Rule, and PCI-DSS readiness. These are the same frameworks cyber insurance carriers reference in their underwriting guidelines.

How much does Cyber Defense Agent cost?

Essentials starts at $149/mo ($1,490/yr). Pro is $349/mo ($3,490/yr) and includes internal scanning, SOC 2 readiness, and full MCP toolset. Enterprise is $999/mo ($9,990/yr) with daily scans, custom framework mapping, and a dedicated AI agent instance. MSP partners pay $79/business/mo with a 25-business minimum. The free scan is always free.

How do I prepare for cyber insurance renewal?

Start 60–90 days before renewal. Run a Cyber Defense Agent scan to identify gaps. Fix critical items: enforce MFA everywhere, deploy DMARC, close open ports, update EDR. Re-scan to verify improvements. Present your Cyber Defense Score™ and trust page to your broker as evidence of improved posture. This positions you for renewal without premium increases or coverage reductions.

What is a trust page?

A trust page is a public cybersecurity posture page hosted at trust.cyberdefenseagent.ai/{your-slug}. It displays your Cyber Defense Score™, framework compliance status, and last scan date. Brokers, underwriters, and business partners can verify your security posture in 60 seconds instead of reviewing 30-page questionnaires.

How-To Guide

How to Evaluate a Managed Security Service Provider

A structured framework for evaluating and selecting a managed security service provider that matches your organization size, budget, and risk profile.

Farhad Mirza Khawar

Founder of HIPAA Agent and Cyber Defense Agent. Compliance infrastructure for SMBs. Sacramento, CA.

2026-05-01

Before You Start

A completed risk assessment identifying your key security gaps
An understanding of which security functions you want to outsource versus keep in-house
Budget range approved by leadership for managed security services
A list of your current security tools and infrastructure

Define your requirements and scope of services needed

Before evaluating providers, clearly define what you need. Common MSSP services fall into several categories. Security monitoring and alerting includes twenty-four seven monitoring of your security tools, log aggregation and correlation, and alert triage and investigation. Managed detection and response goes beyond monitoring to include active threat hunting, incident investigation, and guided or automated response actions. Vulnerability management includes regular vulnerability scanning, patch prioritization guidance, and remediation verification. Compliance support includes audit preparation, policy review, and regulatory reporting. Some organizations need full-service outsourced security while others need a co-managed model where the MSSP augments an internal IT team. Document your requirements as specific outcomes, such as all critical alerts investigated within fifteen minutes rather than vague requests like improve our security. Include your current tool stack so providers can indicate which tools they support natively.

Create a shortlist and request proposals

Research MSSP providers that serve organizations of your size and industry. Ask for referrals from your cyber insurance broker, industry peers, and technology vendors. Check industry analyst reports from Gartner, Forrester, and IDC for provider rankings. Create a shortlist of three to five providers and send a formal request for proposal that includes your requirements document, current tool inventory, number of users and endpoints, compliance requirements, and expected service levels. Ask each provider to describe their security operations center staffing and certifications, technology platform and how it integrates with your existing tools, onboarding process and timeline, escalation procedures and communication channels, reporting capabilities and frequency, and client references in your industry. Set a deadline for responses and schedule presentations with each provider.

Evaluate technical capabilities and SOC operations

During provider presentations, dig into their technical capabilities. Ask to see their security operations center, whether physically or virtually. Understand their analyst staffing model including the ratio of analysts to clients, shift coverage, and analyst certification requirements like GCIA, GCIH, or OSCP. Ask about their detection engineering process, specifically how they create and tune detection rules and how often they update them based on new threat intelligence. Evaluate their technology platform including their SIEM or data lake, automation and orchestration capabilities, and threat intelligence feeds. Ask how they handle your specific tool stack and whether they have native integrations or require custom development. Request a sample alert investigation workflow showing how an alert moves from detection through triage, investigation, escalation, and resolution. Ask about their false positive rate and mean time to detect and respond. Verify their claims by speaking with the references they provide.

Scrutinize service level agreements

The SLA defines what you are actually paying for, so review it carefully. Key SLA metrics include mean time to detect, which is how quickly they identify a genuine threat. Mean time to notify is how quickly they alert you after confirming a true positive. Mean time to respond is how quickly they take containment action for incidents requiring immediate response. Uptime guarantees for their monitoring platform should be at least ninety-nine point nine percent. Review the consequences for SLA violations, as penalties without teeth are meaningless. Understand how severity levels are defined in the SLA and make sure their definitions align with yours. Check whether the SLA covers all hours or only business hours. For twenty-four seven monitoring, verify staffing during nights, weekends, and holidays. Ask about their business continuity plan for their own SOC, because if their operations center goes down during an active attack against your organization, the SLA should define how continuity is maintained.

Evaluate pricing models and total cost of ownership

MSSP pricing varies widely and the cheapest option is rarely the best value. Common pricing models include per-device or per-endpoint pricing, per-user pricing, data volume pricing based on log ingestion, and flat-rate pricing for a defined scope. Understand exactly what is included and what costs extra. Common add-on charges include onboarding and setup fees, custom integration development, incident response beyond initial triage, compliance reporting, and adding new data sources or log types. Calculate the total cost of ownership over three years including setup costs, monthly service fees, expected add-on charges, and the cost of internal staff time needed to manage the MSSP relationship. Compare this against the cost of hiring equivalent in-house security staff, which for a twenty-four seven SOC typically requires a minimum of five to six full-time analysts plus management. For most SMBs, an MSSP is significantly more cost-effective than building an in-house SOC.

Negotiate the contract and plan the onboarding

Before signing, negotiate key contract terms with your legal team. Ensure the contract includes a clearly defined scope of services with specific deliverables, SLAs with meaningful penalties for non-performance, data ownership and handling provisions confirming your data remains yours, data deletion requirements at contract termination, right to audit the MSSP security practices, breach notification requirements if the MSSP itself is breached, termination provisions including notice period and transition assistance, and limits on subcontracting to third parties. Negotiate the contract length carefully. A one-year initial term with annual renewals gives you flexibility, while a multi-year commitment may secure better pricing. Plan the onboarding process with specific milestones and a projected timeline. Typical onboarding takes four to eight weeks and includes deploying log collection agents, integrating your security tools, tuning detection rules to reduce false positives, and training your team on the communication and escalation process.

Common Mistakes to Avoid

Selecting a provider based on price alone without evaluating detection quality and response capabilities

Not checking references from organizations of similar size and industry

Accepting vague SLAs without specific metrics, penalties, and definitions of severity levels

Assuming the MSSP handles everything and not designating an internal owner to manage the relationship

Not reviewing data ownership and deletion terms, risking data exposure after contract termination

How to Set Up EDR for Your SMB How to Conduct a Cybersecurity Risk Assessment How to Prepare for a Cyber Insurance Application

Get your Cyber Defense Score™ in 60 seconds.

100 tools. No installation. No credit card.

Get My Cyber Defense Score™ →