Gartner: Is your MSSP fit for purpose?

Gartner – the world’s leading research and advisory company – has issued some stark statements on why managed security service providers (MSSPs) may be irrelevant for large, established organizations.

Posted on 24 October 2017 by Peter Cohen

“We all know that some clients who sign up with an MSSP do NOT want quality,” writes Research VP, and distinguished analyst, Anton Chuvakin, in one [1] of two [2]  posts on Gartner Blog Network. “They need a checkbox, a party to scream at (and possibly to sue) when they are hacked.”


Chuvakin believes that MSSPs are unable to align with many clients’ organizational maturity and the evolving range of cyber security threats and attackers they face. “We hear from clients where their procurement people literally push them to a low-price MSSP even though they have a clear set of business requirements for an elite MDR [managed detection and response],” he writes. “We do see a lot of MSSP usage by clients who “need some monitoring for compliance” or “have no team and no process, and want ‘security outsourced’.”


Fortunately, he says, those elite MDR companies are present, growing, and able to take on the cyber security requirements of mature organizations, citing “the emergence of top-tier MDR providers who possess real  experience dealing with advanced threats.”


 Large, established organizations have complex security requirements, as you would expect. They have tens or hundreds of thousands – of employees, and a vast technical infrastructure to support them. They must also securely manage varying elements of the supply chain, as well as the procurement processes necessary to remain profitable, competitive, and agile. The cyber security threats to large corporations require more than just monitoring and reactive patching; they require proactive teams that are constantly testing the whole ecosystem for threats and vulnerabilities, well before they can impact the bottom line.


With requirements so vast, it is no wonder that Chuvakin believes that the process of finding and choosing a cyber security partner is so thorny. “Picking the one that fits your needs best is harder than most realize,” he writes. But his message is clear – an elite business requires a managed detection services partner who understands how to defend the organization and continually monitor the threat landscape.


If you need guidance to evaluate your level of risk, or aren’t sure whether an MDR is an appropriate solution for your organization, then we’re here to help. If you’d like to know more about how we could support you then please complete the form  above or email