Our 5 Key Takeaways from Forrester’s MSSP Wave™ Report

Forrester – one of the leading independent technology research firms – recently published its highly respected report: The Forrester Wave™: Midsize Managed Security Services Providers, Q3 2020.

The report – which rates CyberProof as a leader – provides organizations with its evaluation of MSSPs and recommendations on how to choose the right provider based on their business needs.

If you're interested in reading the full report, visit our website to download a complimentary copy. Here’s some of our key takeaways that we’d like to highlight that we believe supplement the findings of the report:

1. How the MSSP Market Has Shifted

Forrester’s report notes how midsize MSSPs are often selected over larger counterparts because they appreciated their new and refreshing approach to MSS delivery. Legacy MSSP approaches employed a “do everything” mantra which over time caused organizations to lose visibility into operations.

Today, MSSPs are expected to adopt a hybrid model which provides transparency into their activities and facilitates easy collaboration with the providers’ teams, especially when working together to solve complex issues and remediate advanced threats.

Those days are over. Today, MSSPs are expected to adopt a hybrid model which provides transparency into their activities and facilitates easy collaboration with the providers’ teams, especially when working together to solve complex issues and remediate advanced threats.

Security leaders are needing some breathing space – especially, now that cloud migration projects have been expedited and budgets have been tightened. However, this doesn’t mean they are looking to relinquish control or outsource their entire function. Forrester recommends customers look for MSSPs that prioritize collaboration and teamwork as much as their technical capabilities.

2. Our Smart Virtual Analyst, SeeMo, is a Game Changer

Forrester notes how “CyberProof excels with its virtual analyst, SeeMo,” highlighting, in our opinion, the value that combined human expertise and artificial intelligence (AI) provides. SeeMo not only brings threat intelligence and vulnerability-related context to alerts – but also automates steps in the incident investigation and remediation process.

Without the assistance of a smart virtual team member like SeeMo, repetitive Tier 1 and 2 activities such as enrichment and investigation can take up the majority of analysts’ workload. It is important to recognize this significant role a smart virtual team member can play in focusing security analysts on response and remediation – by automating these repetitive, time-consuming tasks.

Another advantage of working with SeeMo is that you have a virtual analyst that works around the clock. This is a huge advantage especially as, for many organizations, handling 24x7 monitoring is a drain on resources. The alternative – relying (and spending more money) solely on human analysts to be 100% vigilant during the night shift – can be a daunting route to take.

With a virtual analyst like SeeMo, there is an extra member of the team that’s working 24x7 – “always on” and monitoring the environment, on hand to react and respond to any requests. A virtual analyst brings the best of machine and human intelligence together – by adding context to incidents, enriching the gaps, and ensuring work processes become more efficient.

3. Automation and Orchestration Proves Its Worth

The Forrester report states: “ Companies looking for an MSSP that provides high-context alerts and is well versed in automation, orchestration, and remediation should consider Cyberproof.” Among the benefits that can be realized by adopting an MSSP with SOAR capabilities, two stand out to us:

  1. Visibility into what matters with less time and effort – Due to the fast adoption of cloud infrastructure, BYOD and OT/IoT environments, organizations’ critical data and assets are becoming increasingly exposed to attackers. The advantages of having a SOAR platform at the core of how an MSSP delivers services means customers can accelerate existing detection and response capabilities. SOAR also supports the integration of new capabilities into the existing infrastructure relatively quickly.

    The CyberProof Defense Center (CDC), our cloud-native SOAR platform, integrates with clients’ existing infrastructure. This enables the platform to pull data from multiple internal sources such as endpoints, vulnerability data, networks, and the cloud, as well as from external threat sources that enrich the alerts as they come in. The CDC provides a single pane of glass for faster incident detection and response.

  2. Collaborative incident management and transparent engagement – Gone are the days when bringing in an MSSP meant having disparate platforms and communication channels to handle incidents. If your MSSP is still doing this, challenge them to keep up with the pace of change. By leveraging SOAR technologies, MSSPs can provide customers with a single interface that acts as the “glue” between various technologies and teams to provide a real-time, collaborative approach to incident handling.

    CyberProof received the highest score possible in the incident management process and collaboration methods criteria. We believe this is testament to our team’s ability to provide customers with a single platform that enables them to:

    1. Leverage their existing technology investments
    2. Automate monitoring and response workflows
    3. Remediate collaboratively, in real-time, using built-in ChatOps functionality
    4. Adopt an appropriate operating model (hybrid, fully managed or augmented)