My next research project at Gartner GTP will be about working with managed security services providers (MSSPs). We have great content that compares major MSSPs (such as MSSP Magic Quadrant), but none yet on how to work well with one.
In the past, our team’s work focused on helping people who “do stuff” (as opposed to those who “find people to pay for doing their stuff for them”), and this document would be a bit of a departure from that tradition.
In my effort, I plan to tackle questions such as these:
- What can an MSSP do well in security monitoring vs just OK vs not at all?
- How to onboard an MSSP provider and prepare for an effective joint operation?
- How to provide the right information for the MSSP to succeed?
- How to work together with MSSP for improving security?
- How to learn from the MSSP operations and improve yours?
- How to define the right SLAs for various security activities?
- How to build joint workflows with an MSSP?
- How to MSSP-enhance various security operational practices?
- How to avoid pitfalls with security monitoring outsourcing?
- How to run a hybrid MSSP+SIEM operation?
(Got any other ideas? Hit the comments!)
And here is my call to action:
- Are you at least a semi-decent MSSP and have something useful to say about it? Here is a briefing link … you know what to do! I’d love to hear what advice you give clients on how to succeed with your services
- A consultant who advices clients to select [or avoid] MSSPs, care to share your experience?
- Enterprises, got an MSSP story to share – both WIN stories or FAIL stories will do fine? Hit the comments or email me privately (Gartner client NDA will cover it, if you are a client).