Contrary to what some people think, using MSSP is not just for
losers low-maturity organizations and SMBs.
For sure, we do see a lot of MSSP usage by clients who “need some monitoring for compliance” or “have no team and no process, and want ‘security outsourced’” (the latter seems like a good indication for MSSP use, but in reality smells like MSSP FAIL in the making).
Still, with emergence of top-tier MDR providers who possess real experience dealing with advanced threats, we observed that tactical [=aimed at a very specific capability gap in client secops] MSSP / MDR use at higher maturity organizations is growing as well [here and everywhere on this blog, this refers to the maturity of security operations]
However, it is very clear that these are not the same MSSPs!
So, we now face a problem of matching MSSP/MDR providers to clients’ maturity. We hear from clients where their procurement people literally push them to a low-price MSSP even though they have a clear set of business requirements for an elite MDR.
In essence, MSSPs are NOT all the same, even if they say the same things in their glossies. “MSSPs baffle their buyers with complex or vague service descriptions,” as we say in a recent paper. Picking the one that fits your needs best is harder than most realize….
Care to share your MSSP or MDR horror stories (aka “learnings”) or perhaps your EPIC WIN stories?
Related blog posts from our MSSP research:
- How To Test Your MSSP/MDR?
- The Curse of A Black MSSP
- SIEM Future: A UEBA Path or An MDR Way?
- My “How to Work With an MSSP to Improve Security” Paper Publishes
- Should I Use “SIEM X” or “MSSP Y”?
- How To Exit an MSSP Relationship?
- MSSP Client Onboarding – A Critical Process!
- MSSP: Integrate, NOT Outsource!
- On MSSP Personnel
- On MSSP SLAs
- Acting on MSSP Alerts
- MSSP Client Responsibilities – What Are They?
- Find Security That Outsources Badly!
- Challenges with MSSPs?
- How To Work With An MSSP Effectively?
- All posts tagged MSSP
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.