Our Take On Forrester's New Research Around Managed Security Services

Forrester – one of the leading technology research firms – recently released two reports outlining the critical role Managed Security Service Providers (MSSPs) will be playing for their customers. 

1. Now Tech: European Managed Security Service Providers, Q2 2020 
2. Now Tech: Global and Emerging Managed Security Services Providers, Q2 2020

The reports – which include CyberProof as one of the vendors, provides an overview of both the Global and European MSSP market based on two factors: market presence and functionality. The reports highlight how the cyber security market is evolving and provides recommendations for selecting MSSPs based on size and functionality. 

Our Key Takeaways

We believe the following points that Forrester covers in these reports demonstrate the critical role MSSPs will play for their customers and how the market is evolving to meet the needs of organizations at various stages of digital transformation: 

• Pure-play providers
• Managed-IT-service-providers
• Consulting firms
• Telcos

Forrester recognizes Pure-play providers – the category in which CyberProof is included – as having high segment functionality in security expertise. 

This illustrates the importance of security as a “class A” problem in today’s cyber climate – and that it underscores the fact that only by working with an A team will you find the value you’re seeking.

Cyber security specialists that have hands-on, nation-state level experience are hard to come by, but “Pure-play providers” can help plug that gap.

Cyber security specialists that have hands-on, nation-state level experience are hard to come by, but “Pure-play providers” can help plug that gap. We believe that by offering specialized skills in areas like Threat Hunting, Digital Forensics & Incident Response and Managed Threat Intelligence, organizations can benefit from a hybrid engagement model and augment their security team where needed. 

Forrester notes the importance of using MSSPs to ease the challenges of overburdened security teams, as well as high segment functionality  of “Pure-play providers” in automation and orchestration.

Ideally, an organization should look for an MSSP that leverages SOAR capabilities to:

• Improve the quality of analysis and reduce the SOC team’s workload - As reported in a recent survey by 451 research, over 61% of midsize and large enterprises believe their security staffing level is inadequate and yet they are expected to do more with less. Incorporating SOAR capabilities can dramatically help security teams to streamline specific tasks and increase productivity of human analysts.
• Leverage existing technology investments & provide ‘single pane of glass’ visibility – Many organizations still have existing point solutions that are creating too many data points to identify real threats, not least causing teams to focus too much time on fixing or updating security controls rather than on detecting incidents. Choosing an MSSP that can plug into your environments natively to orchestrate disparate solutions will provide you with contextual visibility. This will also help security teams to continuously evaluate and improve security controls to stay ahead of threats.

According to the Forrester reports, MSSPs are starting to recognize the need to proactively support customers with incident remediation. 

Forrester’s Now Tech reports outline the role MSSPs should play in delivering value beyond alert notification. To expand on this, we believe delivering value goes beyond reducing alert fatigue and false positives; We believe proactive incident remediation begins at the onboarding process and continues throughout the engagement, for example by:

• Conducting agile sprints to evaluate existing monitoring gaps (detection rules, playbooks use cases) against the MITRE ATT&CK Framework and threat intelligence sources.
• Continuously develop, test, and deploy digital playbooks to improve detection and remediation.
• Working in a hybrid engagement model; where your MSSP’s analysts are collaborating with you day-to-day to manage incidents, rather than providing a ‘black-box service’ with no transparency.

The best MSSPs should support the crucial needs of transparency, real-time collaboration with security and stakeholders across other functions, and the ability to draw on threat intelligence and forensics expertise to validate and speed up remediation.

To Summarize - The Underlying Opportunity with Cyber Security Services

Whether you call it Managed Security Services (MSS), Managed Detection and Response (MDR) or Security Operations Center (SOC) services, the real opportunity to recognize is a market where having a “next-generation SOC” is possible now.

Whether you call it Managed Security Services (MSS), Managed Detection and Response (MDR) or Security Operations Center (SOC) services, the real opportunity to recognize is a market where having a “next-generation SOC” is possible now.

These are the required capabilities that your cyber security partner should be able to leverage and provide to your organization:

• Visibility of what matters without draining internal  resources or new investments
• Gives any organization, no matter their security maturity or size, the ability to draw on best-of-breed tools natively into their environments
• Reduces the workload on stretched security staff and resources
• Continuously tests and improves security controls 
• Reduces detection and response time 
• Provides key metrics to demonstrate continuous improvement and return on investment

Forrester’s Now Tech reports are available to Forrester subscribers or for purchase.

• Now Tech: European Managed Security Service Providers, Q2 2020
• Now Tech: Global and Emerging Managed Security Services Providers, Q2 2020

Contact us today to find out how CyberProof can work with you to realize your next-generation SOC.