I recently completed the third update on my Foundational Managed Security Services (MSS) note: Get the Foundational Elements Right When Selecting a Detection and Response Service Provider. This was the first piece of research i published when i joined Gartner back in 2018 and provides a guidance framework for organisations looking to outsource security operations. At the time i recognised that part of the reason that organisations change MSS providers so frequently was because they didn’t have a good idea around how they were going to consume the outputs of the service.
The core of the advice hasn’t really changed:
- Establish and document requirements and use cases before engaging providers.
- Align the offered service performance metrics with internal key performance indicators (KPIs).
- Integrate internal processes so they can effectively consume the service.
But… consumption models have, as has the market.
With the evolution of the MSS Market and the emphasis most organisations have on detection and responding to threats there have been some key updates.
A couple of key quotes from the document:
Services that include a response element, such as managed detection and response (MDR) regularly include the identification and, most importantly, the containment and disruption of issues. These services commonly provide a mitigative response, rather than forensic or fix, and are designed to reduce the burden and create breathing space for internal teams, but not to replace them altogether.
Service outputs are usually provided in the form of security incidents and disseminated via a provider’s portal, with email, mobile and human-driven notifications to alert occurrences of serious issues. These security incidents should be verbose and action-oriented, detailing the activity detected and the assets involved.
I hope you enjoy the updates, don’t hesitate to set up a Gartner inquiry if you are thinking about outsourcing for the first time, or even re-contracting. We can help with a wide range of price benchmarking, requirement setting and SLA evaluation etc…
View Free, Relevant Gartner Research
Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.Read Free Gartner Research
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.