Our Key Takeaways from Forrester’s APAC MSSP Market Research Report

Forrester – one of the leading technology research firms – recently released a report to help organizations understand the value they can expect from Managed Security Service Providers (MSSPs) in Asia Pacific region. The report, Now Tech: Managed Security Services In Asia Pacific, Q4 2020, places each vendor into a category of either Pure-play providers, Managed IT providers, Consulting firms, or Telcos

CyberProof has been included as a “pure-play provider” – a category recognized as having a high capability level in security expertise, remote multi-tenant monitoring and administration, analytics and reporting, orchestration and automation, and roadmap product flexibility.

Our Key Takeaways:

We believe the following points that Forrester covers in this report demonstrates the critical role MSSPs will play for their organizations within Asia Pacific, as well as the key factors you should consider when evaluating your options.  

1. Alleviate stress and pressure in the SOC by partnering with an MSSP

Alert fatigue continues to plague security analysts due to huge volumes of security log and event data being generated by multiple point technologies and an outdated approach to correlating and centralizing the information that matters. Forrester notes that 78% of SOC staff say that their work is very painful and 67% suffer from information overload. 

We believe that security orchestration and automation will continue to be key components that help Level 1 and Level 2 analysts speed up repetitive, manual tasks. 

At CyberProof, we leverage our investments in next-generation SOC capabilities such as our smart virtual analyst, SeeMo, to help analysts accelerate detection and response by automating activities such as alert enrichment, incident investigation, reporting and the execution of pre-defined response playbooks. Ultimately, this enables staff to focus more on strategy and innovation.

2. Take advantage of the investments made by an MSSP to access their specialized skill sets

Customers should leverage their MSSP as the interface for bringing the people, processes and technologies that can help achieve their goals. Here’s how they can help:

  • Technology – The provider has done the work of evaluating various innovative technologies and has selected those that can help future-proof their customers’ defenses. This means your team doesn’t have to spend time doing the same thing. Before speaking to your MSSP about this, be sure they have a clear understanding of your ecosystem to avoid any unnecessary expenditure and prioritize investment.
  • People – With the threat landscape constantly changing, you need to access skills that are agile enough to adapt to these changes. If you already have a core SOC team in place, consider adopting a hybrid engagement model that enables you to augment your team with specialists in areas such as incident response, Managed Detection and Response, threat hunting, threat intel monitoring, vulnerability assessments, etc.
  • Process – Without implementing sustainable and effective processes that a team can comfortably maintain, the investments you make in people or technology will only cause more complexity. Adopting processes that are aligned to industry frameworks such as NIST is a good start but isn’t as simple as using it as a template for your organization – your business needs tailored processes that fit your maturity and unique goals. At CyberProof we leverage our smart virtual analyst, SeeMo, to automate level 1 processes such as monitoring, alert enrichment and incident handling – speeding up mean time to detect and mean time to respond.

3. Get clarity on service deliverables and how the MSSP’s staff will work with yours

Forrester notes that CISOs should be clear on what MSSPs are expected to do and should ensure that they can deliver the necessary services.

Organizations should consider working with an MSSP that adopts a hybrid engagement model – a form of outsourcing that enables the provider to work as an extension of the customer’s team and reduce siloed working. Essentially, a hybrid engagement involves the following key traits:

  • Providing transparency – Traditional approaches to outsourcing often result in a “black-box” approach where the customer has no visibility into what the provider is doing – such as which alerts are being investigated, what analysis rules are being introduced or who is triaging a particular incident. Challenge the MSSP to leverage a service delivery platform that can be used by the customer to provide on-demand visibility into the day-to-day SOC activities and processes being conducted.
  • Facilitating easy collaboration – Have a real-time communication channel, such as ChatOps features, that enable your internal team to collaborate with both internal stakeholders and the providers’ domain experts.
  • Service delivery engagement – Push the MSSP to provide a dedicated team that ensures high-touch service delivery, manages the relationship, and facilitates recurring customer value workshops to ensure agreed-upon KPIs are being met.

To Summarize – The Varied Level of Maturity in APAC Requires a Flexible MSSP

According to Forrester’s report, the varied maturity of organizations in APAC has spawned different types of leaders – from more transformational CISOs to those who are focused on dealing with the day-to-day operations. Consequently, security leaders should prioritize MSSPs that can customize their delivery approach, pricing, and operating model based on each organization’s unique challenges. Entering into a managed security services agreement is a strategic move which requires clarity from both sides regarding what to expect from this partnership and how it can flex to meet the changing requirements of the customer.

Working with a provider that brings a hybrid approach – a model that encourages clear communication, transparency of operations, and an integrated team – will ensure you are not outsourcing control along with security but rather enabling your existing SOC team to continuously optimize their cyber defenses in an agile way.

To learn more about how to reduce the risk to your organization, contact us!