Blog post

My “How to Work With an MSSP to Improve Security” Paper Publishes

By Anton Chuvakin | January 30, 2015 | 0 Comments


My “How to Work With an MSSP to Improve Security” has just published. It took a lot of work, and – at 37 pages – it cannot be called “an MSSP user bible.” However, I think I hit many of the sore spots of client – MSSP relationship and provided guidance on preparing, onboarding and running with the managed service. The abstract states ““Managed security services are a popular, growing, yet somewhat failure-prone approach to information security. This guidance gives security practitioners a structure to shape the managed security service provider relationship and develop joint security processes and architecture for success.”

A few fun quotes follow below:

  • “Using an MSSP is not the same as outsourcing security to somebody else. It is integrating with another organization’s security monitoring and system management processes, often using standardized processes at the provider.”
  • “It seems that many organizations do not realize that getting maximum value from their MSS relationship requires work on their part — and that the MSSP delivery approach will only be successful if the organization does its share.”
  • “Some Gartner clients report difficulties with deciding on the very basic model of monitoring: whether they should use a SIEM product in-house, look for a managed SIEM (where the tool is owned by the organization, but the personnel operating it comes from a third party) or engage with an MSSP.” (like so)
  • “While it is seemingly too late to test the provider after the contract is signed, it is not really the case. A relationship with an MSSP calls for ongoing testing, especially during the onboarding phase.”


P.S. Gartner GTP subscription required, for those without …

… Blog posts related to this research on MSSP usage:

Others posts announcing document publication:

The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.

Comments are closed