Gartner Blog Network


My “How to Work With an MSSP to Improve Security” Paper Publishes

by Anton Chuvakin  |  January 30, 2015  |  Comments Off on My “How to Work With an MSSP to Improve Security” Paper Publishes

My “How to Work With an MSSP to Improve Security” has just published. It took a lot of work, and – at 37 pages – it cannot be called “an MSSP user bible.” However, I think I hit many of the sore spots of client – MSSP relationship and provided guidance on preparing, onboarding and running with the managed service. The abstract states ““Managed security services are a popular, growing, yet somewhat failure-prone approach to information security. This guidance gives security practitioners a structure to shape the managed security service provider relationship and develop joint security processes and architecture for success.”

A few fun quotes follow below:

  • “Using an MSSP is not the same as outsourcing security to somebody else. It is integrating with another organization’s security monitoring and system management processes, often using standardized processes at the provider.”
  • “It seems that many organizations do not realize that getting maximum value from their MSS relationship requires work on their part — and that the MSSP delivery approach will only be successful if the organization does its share.”
  • “Some Gartner clients report difficulties with deciding on the very basic model of monitoring: whether they should use a SIEM product in-house, look for a managed SIEM (where the tool is owned by the organization, but the personnel operating it comes from a third party) or engage with an MSSP.” (like so)
  • “While it is seemingly too late to test the provider after the contract is signed, it is not really the case. A relationship with an MSSP calls for ongoing testing, especially during the onboarding phase.”

Enjoy!

P.S. Gartner GTP subscription required, for those without …

… Blog posts related to this research on MSSP usage:

Others posts announcing document publication:

Category: announcement  mssp  security  

Anton Chuvakin
Research VP and Distinguished Analyst
5+ years with Gartner
17 years IT industry

Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio




Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.