My “How to Work With an MSSP to Improve Security” has just published. It took a lot of work, and – at 37 pages – it cannot be called “an MSSP user bible.” However, I think I hit many of the sore spots of client – MSSP relationship and provided guidance on preparing, onboarding and running with the managed service. The abstract states ““Managed security services are a popular, growing, yet somewhat failure-prone approach to information security. This guidance gives security practitioners a structure to shape the managed security service provider relationship and develop joint security processes and architecture for success.”
A few fun quotes follow below:
- “Using an MSSP is not the same as outsourcing security to somebody else. It is integrating with another organization’s security monitoring and system management processes, often using standardized processes at the provider.”
- “It seems that many organizations do not realize that getting maximum value from their MSS relationship requires work on their part — and that the MSSP delivery approach will only be successful if the organization does its share.”
- “Some Gartner clients report difficulties with deciding on the very basic model of monitoring: whether they should use a SIEM product in-house, look for a managed SIEM (where the tool is owned by the organization, but the personnel operating it comes from a third party) or engage with an MSSP.” (like so)
- “While it is seemingly too late to test the provider after the contract is signed, it is not really the case. A relationship with an MSSP calls for ongoing testing, especially during the onboarding phase.”
… Blog posts related to this research on MSSP usage:
- Should I Use “SIEM X” or “MSSP Y”?
- How To Exit an MSSP Relationship?
- MSSP Client Onboarding – A Critical Process!
- MSSP: Integrate, NOT Outsource!
- On MSSP Personnel
- On MSSP SLAs
- Acting on MSSP Alerts
- MSSP Client Responsibilities – What Are They?
- Find Security That Outsources Badly!
- Challenges with MSSPs?
- How To Work With An MSSP Effectively?
Others posts announcing document publication:
- My UPDATED “SIEM Technology Assessment and Select Vendor Profiles” Publishes
- My UPDATED “Security Information and Event Management Architecture and Operational Processes” Publishes
- Our “Selecting Security Monitoring Approaches by Using the Attack Chain Model” Publishes
- My Blueprint for Designing a SIEM Deployment Publishes
- My Evaluation Criteria for Security Information and Event Management Publishes
- My Threat Intelligence and Threat Assessment Research Papers Publish
- My Updated Vulnerability Management Practices Paper Publishes
- My Security Solution Paths Published: Threats and Vulnerabilities
- All My Research Published in 2013
The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.