My Reflections From The 2020 European MSSP Forrester Wave™
My first refresh of the Forrester Wave™ evaluation on European managed security services providers (MSSPs) went live this week. In the previous Wave, differentiators in the market included matured escalation processes enabled by automation, remediation, and chat capabilities, as well as the introduction of mobile apps to improve the user experience. In the current Wave, some elements have improved, notably the use of SOAR technologies, which has improved consistency for customers. Almost all providers in the market have implemented this technology, with most demonstrating playbooks automating tasks previously conducted by L1 SOC analysts such as looking up threat intelligence indicators and correlating events with related information like vulnerability reports and client asset criticality.
While MSSPs have improved their capabilities since the last Wave, challenges still remain. Here are some of our key takeaways from this year:
- MSSPs need to ditch the “alert factory” model. Customers feel that their providers are passive and are failing to provide contextual, action-oriented remediations. Instead, vendors are operating as alert factories to their clients. Compounding this problem is that MSSPs have the knowledge and resources to solve this issue, but it’s wrapped in a premium service — typically an MDR solution — outside of the MSSP scope. Of course, this poses challenges to security leaders with budget constraints in the middle of a global pandemic, rendering customers frustrated with a service that doesn’t live up to their initial expectations.
- Cloud monitoring has improved but not at the pace it should be. While cloud monitoring has shown progress since the last Wave, vendors’ maturity in this space is not where customers need it to be. MSSPs should aim to be able to use cloud telemetry natively using direct or API integrations. Providers’ playbooks should support use of a wide range of artifacts in the cloud to drive remediation actions, not solely relying on capabilities like the security utilities included in major public cloud platforms from Amazon, Microsoft, or Google. In practice, many still rely on client-provided CASB solutions or only directly integrate with a small subset of cloud providers. European MSSPs struggle to provide a one-stop shop for multicloud environments across PaaS, SaaS, and IaaS applications. While most have roadmaps to broaden this, customers need this activity to be accelerated to protect them now, not in the future.
- Compliance with data regulations is nonnegotiable for European customers. EU-based customers actively voiced their concerns around data sovereignty in the research. It is and will continue to be a make-or-break buying requirement for customers in many parts of Europe (this is notably strong in France, Germany, Switzerland, Austria, and the Nordics). With the recent Court of Justice of the European Union judgment striking down the Privacy Shield and with the end of the Brexit transition imminent, this issue is becoming more crucial than ever. While many vendors meet these needs, they must continue to respond to the evolving legal and regulatory position of the EU and adjust their service provision accordingly.
For Forrester clients, click here to read the full report and an audio recording of my reflection on the MSSP Wave customer feedback.
(written with Melissa Bongarzone, research sssociate at Forrester)