Our 5 Key Takeaways from Forrester’s MSSP Wave™ Report


Forrester – one of the leading independent technology research firms – recently published its highly respected report: The Forrester Wave™: Midsize Managed Security Services Providers, Q3 2020.

The report – which rates CyberProof as a leader – provides organizations with its evaluation of MSSPs and recommendations on how to choose the right provider based on their business needs.

If you're interested in reading the full report, visit our website to download a complimentary copy. Here’s some of our key takeaways that we’d like to highlight that we believe supplement the findings of the report:

1. How the MSSP Market Has Shifted

Forrester’s report notes how midsize MSSPs are often selected over larger counterparts because they appreciated their new and refreshing approach to MSS delivery. Legacy MSSP approaches employed a “do everything” mantra which over time caused organizations to lose visibility into operations.

Today, MSSPs are expected to adopt a hybrid model which provides transparency into their activities and facilitates easy collaboration with the providers' teams.

Those days are over. Today, MSSPs are expected to adopt a hybrid model which provides transparency into their activities and facilitates easy collaboration with the providers’ teams, especially when working together to solve complex issues and remediate advanced threats.

Security leaders are needing some breathing space – especially, now that cloud migration projects have been expedited and budgets have been tightened. However, this doesn’t mean they are looking to relinquish control or outsource their entire function. Forrester recommends customers look for MSSPs that prioritize collaboration and teamwork as much as their technical capabilities.

2. Our Smart Virtual Analyst, SeeMo, is a Game Changer

Forrester notes how “CyberProof excels with its virtual analyst, SeeMo,” highlighting, in our opinion, the value that combined human expertise and artificial intelligence (AI) provides. SeeMo not only brings threat intelligence and vulnerability-related context to alerts – but also automates steps in the incident investigation and remediation process.

Without the assistance of a smart virtual team member like SeeMo, repetitive Tier 1 and 2 activities such as enrichment and investigation can take up the majority of analysts’ workload. It is important to recognize this significant role a smart virtual team member can play in focusing security analysts on response and remediation – by automating these repetitive, time-consuming tasks.

Another advantage of working with SeeMo is that you have a virtual analyst that works around the clock. This is a huge advantage especially as, for many organizations, handling 24x7 monitoring is a drain on resources. The alternative – relying (and spending more money) solely on human analysts to be 100% vigilant during the night shift – can be a daunting route to take.

With a virtual analyst like SeeMo, there is an extra member of the team that’s working 24x7 – “always on” and monitoring the environment, on hand to react and respond to any requests. A virtual analyst brings the best of machine and human intelligence together – by adding context to incidents, enriching the gaps, and ensuring work processes become more efficient.

3. Automation and Orchestration Proves Its Worth

The Forrester report states: “ Companies looking for an MSSP that provides high-context alerts and is well versed in automation, orchestration, and remediation should consider Cyberproof.” Among the benefits that can be realized by adopting an MSSP with SOAR capabilities, two stand out to us:

  1. Visibility into what matters with less time and effort – Due to the fast adoption of cloud infrastructure, BYOD and OT/IoT environments, organizations’ critical data and assets are becoming increasingly exposed to attackers. The advantages of having a SOAR platform at the core of how an MSSP delivers services means customers can accelerate existing detection and response capabilities. SOAR also supports the integration of new capabilities into the existing infrastructure relatively quickly.

    The CyberProof Defense Center (CDC), our cloud-native SOAR platform, integrates with clients’ existing infrastructure. This enables the platform to pull data from multiple internal sources such as endpoints, vulnerability data, networks, and the cloud, as well as from external threat sources that enrich the alerts as they come in. The CDC provides a single pane of glass for faster incident detection and response.

  2. Collaborative incident management and transparent engagement – Gone are the days when bringing in an MSSP meant having disparate platforms and communication channels to handle incidents. If your MSSP is still doing this, challenge them to keep up with the pace of change. By leveraging SOAR technologies, MSSPs can provide customers with a single interface that acts as the “glue” between various technologies and teams to provide a real-time, collaborative approach to incident handling.

    CyberProof received the highest score possible in the incident management process and collaboration methods criteria. We believe this is testament to our team’s ability to provide customers with a single platform that enables them to:
    • Leverage their existing technology investments
    • Automate monitoring and response workflows
    • Remediate collaboratively, in real-time, using built-in ChatOps functionality
    • Adopt an appropriate operating model (hybrid, fully managed or augmented) 

4. Integrations with cloud – and Microsoft – security solutions

With the pandemic forcing organizations to expedite their cloud migration plans, MSSPs are expected to provide more cloud-native service delivery that leverages security solutions from the main cloud providers such as Microsoft, AWS and Google Cloud and monitors activity across their cloud environments. In the report, Forrester recommends customers look for MSSPs that can easily integrate with Microsoft’s security suite along with other cloud and API-event collection technologies. This has brought about the need for a smarter, cloud-based approach to security operations that is able to scale at the speed of digital transformation. CyberProof was recently included in Microsoft’s Azure marketplace as an MSSP. You can find out more about how CyberProof’s partnership with Microsoft is helping organizations adopt these capabilities here or visit our listing on Microsoft’s Azure Marketplace.

5. Delivering Technical & Business Value with Continuous Improvement

A common challenge faced by security teams is the need to translate ROI and cyber risk priorities into a language that can be understood by the board. Turn it the other way, the security function also has a responsibility to understand business goals and deliver on a strategy that helps achieve those. Essentially, both business and technical value needs to be demonstrated clearly.

To accomplish this, managed security services must implement the right people, processes, and technology and demonstrate technical, operational, and business value. Forrester gave CyberProof the highest score possible in the business and technical value criterion – which we think reflects our ability to demonstrate value right from the beginning of the onboarding process and to ensure continuous improvement throughout the engagement.

Continuous improvement is a key factor in the delivery of technical and business value. It helps security and executive leaders define their top business risks, map these against tailored threat intelligence, and identify the most likely attack scenarios.

Once we've determined the most likely attack scenarios, we can identify target assets, control gaps, and define a target response window for acceptable loss.

Once we’ve determined the most likely attack scenarios, we can identify target assets, control gaps, and define a target response window for acceptable loss. At CyberProof, we do this using our Use Case Factory. The Use Case Factory can be leveraged to build personalized threat detection rules and automated response procedures – and to continue optimizing these to adapt to the threat landscape and sector-specific compliance requirements.


At CyberProof, we’re thrilled to have been recognized by Forrester as a Leader. We’ve made big strides in recent years to optimize the experience and approach to delivering managed security services to organizations and this achievement shows, in our opinion, that our efforts have paid off.

Bottom line: We feel Forrester’s report indicates the real value that’s being provided to the cyber security industry today by midsize MSSPs, and we feel that anyone in the security industry should find Forrester’s research of interest. If you're interested in reading the full report, you can visit our website to download a complimentary copy.

We’d love to hear from you! To hear about how CyberProof is helping organizations operate smarter SOCs, please contact us.

Our newsletter is only one click away!