European MSS Firms Are Letting Down Their Customers By Providing More “Pew-Pew Maps” And Noise Rather Than Remediation Support
We’ve all been on a site visit to a managed security services (MSS) provider’s security operations center (SOC), where your prospective MSS provider shows you yet another set of screens with big “pew-pew maps” with little dots and lines going haywire where it has seen cyberattacks. These maps are about as useful as an NFT: artistic to look at but with no obvious function or inherent value.
MSS providers (or MSSPs) provide a wide range of services options, which customers can select from an à la carte menu. The range of options, technologies supported, and operational running skills are highly industrialized and standard. What a lot of these services still fail to provide, however, is the hands-on remediation support that clients crave and need. Too many still escalate alerts to clients in classic MSSP-outsourced SOC use cases or, in areas like vulnerability management or application security, simply provide a dirty laundry list of issues for IT infrastructure admins or developers to fix, with limited prioritization or practical hands-on guidance provided.
What we are starting to see is a bit of a sea change in Europe, with remediation outcomes front and center for them and managed detection and response (MDR) offerings beginning to take hold with more remediation-focused outcomes built in as standard. I found the following key themes from my recent analysis of the 40 firms that participated in my European MSSP Now Tech:
- Firms are bamboozling clients with a panoply of acronyms to describe their services. Reviewing the submissions revealed a number of different names, acronyms, and buzzwords used to describe offerings. Firms are using dangerous nonsense from MXDR to MDR to cyber defense and all manner of packaging names to describe their services. You can be forgiven for understanding why European customers feel confused about what all of this delivers. Clients need to look past the marketing and examine the outcomes the services deliver, with a focus on the remediation and prioritization offerings they desperately need.
- CISOs want more help in getting to the resolution of issues raised by managed services. Customers routinely tell us that they are drowning in alerts and don’t know what to prioritize or look at first. This is where MSSPs can really step up, and some are beginning to do so. This trend is strongest in MDR where response is a core component of the offering, with the service provider now taking some response actions on behalf of clients in certain situations. Even when they aren’t, they’re by their clients’ side, helping them with the expertise they need, which is precisely what customers want. This is not replicated in all of the other services offerings we saw, with “lights on” services focused on platform maintenance and alert forwarding still common in areas like application security, identity, and traditional network security services.
- More use of MSS providers is here to stay for now. MSS usage within Europe has been through many waves of discontent over the past 10 years, with clients swapping between in-sourced and outsourced models and hybrid options over the years. What we see now is that spending on security managed services has increased by 5 percentage points as a share of European CISOs’ security budgets since 2019. We noticed this big increase at the beginning of the COVID-19 pandemic, and it is here to stay for now. For MSS firms to maintain that spending, they need to show they deserve to keep that spending by responding better to customer needs.
- European security leaders are drawing down on a broader set of managed services than ever before. European CISOs have historically thought of services related to the SOC when thinking about the use of MSS firms. We have discovered that while this still remains the case, there is a rapidly increasing usage of services in the application security, identity management, vulnerability management, and cloud security domains beyond the traditional services of managed firewalls or security monitoring. Firms should respond to this trend of clients looking to outsource more of their capability by improving them beyond the basics of platform maintenance, service provision, and alert forwarding. Client expectations are higher, and firms need to meet them.
Forrester clients who want to read the research outlining the European MSSP market can find it here.