I published my first Forrester Wave™ today, covering the managed security services provider (MSSP) market in Europe. The culmination of four months of hard work by not just us but all the vendors involved, this is to my knowledge our first analysis focused on the needs of the European market for MSSPs.

Here are some of the key takeaways from the Wave that security pros in Europe should pay attention to:

  1. European security leaders demand local awareness and context. One of the biggest themes from the interviews with customers was that local security leaders expect their providers to understand the local context that they operate within in Europe. Regulations, geopolitical context, and threat-actor motivations all differ dramatically in Europe on a country-by-country basis. They expect the provider to be able to help them prioritize the needles in the proverbial haystack. Customers consistently expressed a desire for their provider to develop a deeper understanding of their business, in particular in helping them understand system criticality within their environment. Customers don’t want to receive critical alert notifications only to throw them back as a false alarm — for example, when port scanning events are simply the monthly scheduled vulnerability scan. Providers in the study need to work hard at meeting these needs through continuing to improve how they collect system and asset criticality information and use automation to refocus the efforts of their personnel.
  2. Vendors need to prove they can walk the walk and deliver locally within Europe. The best vendors offered local-only versions of their services or had provided highly customized services delivered in near-shore/customer premises, giving our European customers ultimate flexibility in how they consume the services. More than one vendor expressed surprise when I asked, “So where is your team in Europe on this demonstration?” Due to issues of data sovereignty, international data transfer obligations, and cultural backgrounds, vendors playing in this market must be able to demonstrate their delivery credentials locally. They should give autonomy to their local sales functions and service delivery teams to deliver in the way that makes sense for their customers. Forrester customers should hold vendors to account and clearly specify their expectations up front to make sure requirements are being met by a team that understands the local context because they live and work here, as well.
  3. Customers expect vendors to work within their existing ecosystem, rather than rip out and replace. One interesting feature of this study was the large variances in delivery models being offered by the various providers. While the traditional multi-tenanted MSSP model certainly has a place, there was a marked trend to clients asking providers in this study to work with existing on-premises SIEM or security analytics platforms. Several vendors confirmed that this made up more than 50% of their deployments, as clients seek to build on earlier investments rather than replace them entirely.
  4. Customers need to think hard and carefully about how they will use MSSPs to secure their organizations. One final observation is that the investment in an MSSP for most security leaders is one of the most complex purchasing decisions that they can make. One observation is that one of the biggest challenges to a successful MSSP deployment is to make sure that your organization is set up to manage and get the service you need from the MSSP suppliers. Several vendor customers noted that they could have done a better job at being specific about their explicit security services requirements and making sure that they understood whether the services they were buying really met their needs. One customer revealed that during due diligence and performing a site visit at final RFP stages, this is when they found out that their prospective provider’s claims about being able to do OT monitoring were blown out of the water by one of their SOC analysts. In this case, the simple and humble onsite SOC inspection as part of the procurement process saved that customer a potentially costly mistake. Forrester customers should bear in mind that these providers’ services are very complex and that it is worth taking the time to make sure that they have the right people and processes in place to manage the providers and their onboarding. Customers can take a services-based approach to security as recommended in my report here.

This is a snapshot of some of the insights we gained from doing the research. Find out more about the marketplace and how the providers stacked up in my report here.