July 28, 2020 By Spencer Ingram 4 min read

Managed security service providers (MSSPs) can speed up detection and response capabilities in complex, distributed security environments.

However, many traditional managed security providers simply act as alert factories that collect log data and spit out low-value alerts. These increase the workload on their clients’ security teams rather than offloading work and enhancing their security posture. In addition to this alert fatigue, more problems pile up. Fragmented tools, increases in the attack surface and the complexity of response to a threat all create additional strain on security teams today. Conversely, quality MSSP can streamline the entire pipeline.

In Forrester’s new report The Forrester Wave: Global Managed Security Services Providers, Q3 2020, the independent research firm mentioned that “MSSPs have attempted to solve the alert-factory problem by adopting the philosophy that any problem that exists can be solved by managed detection and response (MDR).”

A significant client driver we see today is a focus on managed detection and response (MDR) capabilities. Essentially, this technique moves beyond log collection and alerting to more proactive response, remediation and threat hunting. The goal is to detect threat actors faster. Therefore, teams can limit the impact of security incidents as they move across the threat management lifecycle.

Download a copy of the report

Increasing Speed and Precision With a MSSP

With so many disconnected and fragmented security tools, it’s not surprising that complexity and inefficiency arise during the threat management lifecycle. Security analysts simply have too many tools to use to quickly triage and respond to threats. In the 2020 Ponemon Institute Study The Cyber Resilient Organization, organizations deploy more than 45 security solutions on average and use 19 different tools when responding to a cybersecurity incident. This study also found that there’s actually an adverse effect when using more security solutions and technologies to detect, prevent, contain and respond to incidents. More tools can mean your analysts spend too much time in any one stage of the threat management lifecycle.

Analysts must monitor and manage the intricacies of these environments with speed and precision. Doing so is an imperative within dynamic and evolving security environments. Teams can bring together best-of-breed technologies and best-of-suite platforms with the right MSSP to deliver an all-in-one, integrated security experience.

Questions to Ask

For now, you might have one vendor covering your vulnerability scanning, another for security information and event management (SIEM), and still another vendor for your identity and access management (IAM) program. These systems and tools rarely connect and talk to one another. Security leaders are left without answers to the following:

  • Are we getting the right telemetry across all these systems and tools?
  • Are our best-of-breed solutions offering a broader picture of our security program?
  • How do we use orchestration and integration to unify our offense and defense?
  • Are we covering the new perimeterless environment with a multitude of endpoints?

Security leaders and their teams need to see the sum of the parts to understand the entirety of their environment. Without this broader perspective, you’re not getting the right context the way you might with a MSSP and could miss insights needed to rapidly make decisions.

Combining Best-of-Breed and Best-in-Suite in MSS

Comparatively, best-of-suite solutions can combine multiple tools into one. A best-of-suite MSS provider may provide multiple security solutions into a single unified console. The solution should provide threat intelligence, incident response, vulnerability, artificial intelligence (AI) and machine learning (ML) enhancement on workflows, for on-premise, as well as your multicloud security visibility. However, the selection of tools and technologies is at the discretion of the provider’s security suite.

This approach means the security team has one source of truth when handling incidents. Rather than switching between multiple provider’s security applications, your team works in a single interface and ecosystem to triage threats.

Benefits of All-in-One MSS

According to Forrester’s 2020 Now Tech report, “security leaders can’t build and maintain teams focused on detection, investigation, compliance, risk, regulatory requirements and more. MSSPs exist to offset some of the workload, and leaders must use them for their programs to succeed.”

For example, maybe outsource the threat and vulnerability management lifecycle to a security partner but focus your in-house resources on pandemic response or that key strategic, transformative project.

The right all-in-one managed security platform offers unmatched intellectual property (IP) and assets, like AI and ML, to filter out the noise your team may be experiencing. It also offers opportunities to speed up your detection and response. This is a chance to bring clarity and direction to overwhelmed security teams. Some MSSPs have developed partnership-based bundles that include consulting services and technology that can help speed up your initiatives across networks, hybrid cloud, data and app, identity and more.

Global and in-region support are possible from this approach, as well. Your team benefits from global scalability, better data sovereignty and regionalized architecture and the capabilities of local security operations centers. Moreover, an all-in-one MSS model gives your team more individualized attention through staff training opportunities to level up their skills.

Legacy MSSPs are Missing the Future

Finally, an all-in-one MSSP that has been in the business for at least 10 or more years is likely a stable and established business. It’s unlikely that the MSSP is going to get acquired or end support any time soon. The organization likely services thousands of clients and analyzes billions of security events across industries, which allows you deeper insights into current global threats. These types of providers can offer unmatched knowledge-sharing and expertise from working on major security flaws and zero-days that have impacted clients over the last several decades. That kind of expertise and knowledge can be invaluable for your team in gaining better insights and decision making in the operations center.

IBM Named a Leader in Global Managed Security Services

Forrester named IBM as a leader in its new report, The Forrester Wave™: Global Managed Security Services Providers (MSSPs), Q3 2020. Only four vendors were ranked as a leaders out of the 15 evaluated vendors in the MSSP space.

According to the Forrester report, “IBM’s portfolio of intellectual property now directly benefits its MSS clients, something mentioned as a strength by client references.”

We believe Forrester’s evaluation validates our goal to provide a next generation, all-in-one MSS solution. This solution brings together the best of IBM’s proprietary technology (AI and ML) and an ecosystem of best-of-breed technologies. At best, it can speed up our customer’s detection and response capabilities for today’s fast-paced and distributed enterprise environments.

Download a copy of the report




More from Security Services

39% of MSPs report major setbacks when adapting to advanced security technologies

4 min read - SOPHOS, a leading global provider of managed security solutions, has recently released its annual MSP Perspectives report for 2024. This most recent report provides insights from 350 different managed service providers (MSPs) across the United States, United Kingdom, Germany and Australia on modern cybersecurity tools solutions. It also documents newly discovered risks and challenges in the industry.Among the many findings of this most recent report, one of the most concerning trends is the difficulties MSPs face when adapting their service…

A decade of global cyberattacks, and where they left us

5 min read - The cyberattack landscape has seen monumental shifts and enormous growth in the past decade or so.I spoke to Michelle Alvarez, X-Force Strategic Threat Analysis Manager at IBM, who told me that the most visible change in cybersecurity can be summed up in one word: scale. A decade ago, “'mega-breaches' were relatively rare, but now feel like an everyday occurrence.”A summary of the past decade in global cyberattacksThe cybersecurity landscape has been impacted by major world events, especially in recent years.…

How a new wave of deepfake-driven cyber crime targets businesses

5 min read - As deepfake attacks on businesses dominate news headlines, detection experts are gathering valuable insights into how these attacks came into being and the vulnerabilities they exploit. Between 2023 and 2024, frequent phishing and social engineering campaigns led to account hijacking and theft of assets and data, identity theft, and reputational damage to businesses across industries. Call centers of major banks and financial institutions are now overwhelmed by an onslaught of deepfake calls using voice cloning technology in efforts to break…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today