.png)
What is a ticketing system?
A ticketing system is an application used for tracking security incidents from discovery through remediation and mitigation. Commonly known options are ZenDesk, ServiceNow, or Jira. Ticketing systems allow for a specific point of communication and information capture about a security concern. They help prioritize incidents and work assignments for incident responders, security analysts, security engineers, SOC managers, and other roles handling incidents.
Why your MSSP needs a good ticketing system
Choosing the right ticketing system is key to building an MSSP that serves both client and analyst needs. The ability for clients to clearly understand incident response is paramount. So is your ability to communicate issues in an efficient and transparent manner that is in line with SLA compliance.
It’s also good to look for ticketing systems that assist your development team with robust APIs that require strong documentation. Think about choosing one that supports your product team with multiple metrics and reports.
Features to consider
Workflow Management
The ability to set up a ticket escalation process that matches your internal flow will keep efficiency high and reduce confusion when off. You want to be able to set the specific statuses you use to evaluate an incident and not have to condense multiple steps into the same assignments.
Automations
Along with Workflow Management, the ability to automate tickets based on status, client, SOC tier, or the capability to escalate based on SLA or other business rules adds to the efficiency of ticket touches. All of this will keep tickets from falling behind.
Integrations
The ticketing system is what makes an MSSP more than the sum of its parts, or its integrations.
You want a ticketing system that you can easily move data from being flagged in your threat intelligence platform, end point detection, SIEM vendor, or SecOps solution into your platform for action. The same goes for any internal or proprietary APIs. The ticketing system propels your team into action.
Extras
Ticketing systems may provide extra tools or information to increase their value.Providers that come with a knowledge base or wiki software can be used for internal documentation, or public publishing of threat intelligence and advisories. Chatbots can be given referential information that analysts can request. Extensive reporting that may come with a solution could be used to extend what you already provide. If you’re weighing your top few options, look for those additional benefits to determine which gives you the best bang for your buck.
Top ticketing systems for cybersecurity software [2024]
As a design and technology consultancy, we’ve helped many national and global cybersecurity firms choose the best option for their MSSP. Evaluating our partner’s needs and workflow gives insight into choosing which option best meets their delivery goals.
Jira
Atlassian’s Jira provides very extensible workflows and ticket statuses, with an easy to use API.
Pros:
- Jira has straightforward licensing costs, and is easy to spin up– even for small teams.
- Setting up complex workflows for tickets is relatively easy. The same with giving permissions to users.
Cons:
- Tickets will need some setup to remove excessive fields.
- Getting specific data beyond the provided reports can be hard.
Jira is a great choice for a team that has prior experience with the application, or if the team is small or cost conscious.
ServiceNow
An enterprise behemoth, ServiceNow is a great choice for the most varied of options, and if you want a ticketing application that can be used beyond security incidents.
Pros:
- Well suited for larger companies or more complex security needs.
- They have a full suite of security orchestration tools that can be implemented.
- ServiceNow’s knowledge base is excellent and a great addition for either internal or external guidance.
Cons:
- Implementation timeline can be longer, and may need the help of dedicated staff or consultants.
- ServiceNow may be too much for your needs.
ZenDesk
ZenDesk is a good mix of highly powered, with a well documented API for easy integration.
Pros:
- ZenDesk has excellent API documentation and organization.
- Custom fields can be used to create useful data stores and reference material for analysts.
Cons:
- Updating and retrieving the proper statuses can be picky. Using webhooks and planning for an initial Open status can be helpful.
- Auto-archiving of tickets may remove tickets earlier than you need. Tickets will need to not be closed to prevent auto-archiving if they are related to an ongoing incident.
Wrap up
There is no one-size-fits-all solution to your MSSP ticketing needs, and no option that is best suited for every product. Evaluating current workflows, price, and speed to integrate are necessary to make a decision that allows your team to work incidents efficiently and with visibility into the history and techniques that lead to rapid remediation.
