Gartner Blog Network


Find Security That Outsources Badly!

by Anton Chuvakin  |  September 27, 2014  |  6 Comments

In this post, I wanted to touch on a sensitive topic: what security capabilities outsource badly? Keep in mind that this post is Anton contemplating a topic, not a Gartner research position (BTW, I don’t slap this disclaimer on every post, but I feel that it is strangely appropriate here)

Let’s start: whole lot of companies would take on your perimeter NIDS/NIPS monitoring and management, but much fewer will do content-aware DLP using the same model. Think about this: there are very few managed DLP providers and even fewer managed network forensics (NFT) providers. Why is that?

Here is how I think about it (pardon my gross over-simplification here, but it serves the purpose):

Defense = know what to defend + know how to defend

(see On “Defender’s Advantage” for a longer discussion)

In more detail:

  1. know what to defend = your IT environment, business processes, assets, systems, application, personnel, company culture, mission and other knowledge of your IT, business and culture
  2. know how to defend = understanding threat actors, attacks methods, exploits, attacks, vulnerabilities, security architecture and other security domain knowledge.

To not completely suck with security [and we are talking about the very, very, very basics here], you need to have some idea of what to protect and some on how to do it. However – and this is the punch line! – the balance between #1 knowledge (about the lay of the land) and #2 knowledge (about techniques and methods of infosec) varies dramatically across different domains of infosec.

Intuitively, we all get it: anti-malware kills viruses without any requisite knowledge of your environment, while using a SIEM effectively requires a lot of it. Further, detecting insider fraud requires knowledge of how your business functions and how your people behave. And don’t even get me started on business logic flaws in web applications: to find business logic flaws you do need to know the logic of your business … duh!

So, answer this one – think of two security capabilities:

  • security capability A requires 90% of #2 knowledge (security domain knowledge) and 10% of #1 knowledge (your environment)
  • security capability B requires 90% of #1 knowledge (your environment) and 10% of #2 knowledge (security domain knowledge)

Which one will outsource better? OK, you got this one :-)

Firewall configuration, anti-malware (whether AV or MPS), perimeter NIDS/NIPS, threat intelligence heavily rely on security domain knowledge and less on the knowledge of your IT and business. DLP (especially data discovery or DAR DLP), network forensics (NFT) for internal networks, user behavior monitoring require an incredible amount of “site knowledge” (some written and much unwritten and thus only present in some peoples’ heads). Security incident response presents a peculiar example: IMHO it requires a delicate balance of both (so when the IR ninja paratroopers drop in, they will require support from the indigenous forces aka your IT and BU personnel – otherwise the attacker wins again).

Where am I getting with this?

You can go to an MSSP, you can get consultants to help you, you can do staff augmentation, you can ask Gartner — but for some security capabilities that critically rely on the knowledge of your environment, you have to also play the game yourself!

Blog posts related to this research on MSSP usage:

Category: mssp  philosophy  security  

Anton Chuvakin
Research VP and Distinguished Analyst
5+ years with Gartner
17 years IT industry

Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio


Thoughts on Find Security That Outsources Badly!


  1. I totalt agree with you on this. Unfortunately a lot of companies outsources it-processes or security services that (using your words) outsources badly.

    Outsourcing services that requires it-process and business knowledge, can also adversely affect BCM and IT-DR effectivness..

    I’m guessing the sales people selling the solutions are partly responsible as well -:)

  2. @Gaffri I think both sellers and buyers [who desperately want this, despite it being ‘unbuyable’] are at fault. BTW, I never said “any security is not outsourcable”, but pointed at specific domains which are harder to outsource well….

  3. Tal Be'ery says:

    Hi Anton, great column. The security domain is certainly in deep need for strategical/philosophical/fundamental thinking.

    Would it make sense, in your mind, to further dissect the “what to defend” section to things that are intrinsic to the business e.g. the business logic and the data itself, and things that are extrinsic such as the internal network and servers that can theoretically be outsourced to the cloud?

    Using the same logic, it may add another advantage to outsourcing infrastructures to the cloud as it enables the outsourcing of their security.

  4. @Tal Thanks for the comment. Indeed, it would be useful to look there — with 3rd party infrastructure (like public cloud) you inherently KNOW LESS about what you are defending. So, your hands are tied and you rely more on “trust”, attestations, audits, validation, assessment, etc, etc, etc.

  5. […] Find Security That Outsources Badly! […]

  6. ขายทิงเจอร์ขาว

    แบบเกร็ด สามารถใช้งานได้หลายครั้ง ทิงเจอร์ขาว
    ใครๆก็รู้ว่าเป็นยาปลุกเซ็กส์เบอร์ 1 ของโลก เพราะว่าเขาใช้งานมาแล้ว คือทิงเจอร์ขาวเขาใช้กับสัตว์เพื่อการผสมพันธุ์ เช่น ม้า อูฐ ลา ล่อ เป็นต้น โดยใช้ทิงเจอขาวผสมน้ำหรืออาหารให้สัตว์กิน แล้วยาก็จะไปกระตุ้นทำให้อยากผสมพันธุ์นั่นเอง ป.ล.
    เขาใช้กับสัตว์ตัวเมีย

    ทิงเจอร์ขาว สินค้านำเข้า ของแท้ เรากล้ารับประกันคุณภาพ รับรองกระตุ้นอารมณ์เซ็กส์
    สาวๆไม่ใช่เรื่องยากอีกต่อไป มันคือน้ำมันพรายยุคไฮเทคนั่นเอง
    โดนเข้าไปล่ะเป็นเสร็จทุกรายเลยทีเดียว

    สรรพคุณของทิงเจอร์ขาว
    ทิงเจอร์ขาวแบบเกร็ด
    เป็นยาปลุกเซ็กส์ และเป็นยาเสียสาวผู้หญิงที่แรงที่สุด อารมณ์พุ่งพล่านเร่าร้อน รุนแรงมากที่สุด ในบรรยาปลุกเซ็กส์คงไม่มียาตัวไหนเทียบชั้นมาสู้กับทิงเจอร์ขาวได้ แล้วก็เป็นอีกยาปลุกsexคุณภาพที่หาซื้อยากมากๆ ทิงเจอร์ขาวตัวนี้เขานิยมผสมเครื่องดื่ม ถ้าสาวๆท่านใดได้ประทานเข้าไปแล้ว
    ขอบอกเลยว่า ทิงเจอร์ขาวจะออกฤทธิ์เร็วมากๆ และตัวยาออกฤทธิ์นานอยู่ได้นาน 1-2ชม.
    หญิงสาวคนไหนโดนเข้าไปแล้วละก็เป็นเสร็จทุกคน ตัวยาทำให้การมีเซ็กแบบถึงใจเร่าร้อน ลองได้เลยรับรองเห็นสวรรค์แน่นอน

    วิธีการใช้งานทิงเจอร์ขาว ให้ท่านใส่ทิงเจอร์ขาว 3-4 เกร็ด ต่อน้ำ 1
    แก้ว ใช้ผสมกันกับเหล้าและน้ำผลไม้หรือเครื่องดื่มเข้ากันได้ดี ไร้สีไร้กลิ่นไร้ตะกอนตกค้าง



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.