Last year, I was presented with an opportunity to learn a new skill. One of the walls in my house had become damaged to the point that the only sensible solution was to tear out what remained of the mangled sheet rock and start fresh. “This is something I can handle”, I told myself. I’m a handy guy. YouTube has more than enough content to fill any knowledge gaps I might have. I was going to hang a wall.
I bought all my materials and got to work. The end-result was…well, it was a wall. But that was the most flattering description I could give it. It looked terrible. Every seam was visible. It turns out, cutting sheet rock precisely and working with joint compound are things that take a lot of practice and experience to master, and the people I saw on YouTube, making it look so easy, had already put in those hundreds of hours. It was my first try, and I ended up having to hire an experienced tradesman to come fix what I had done. When the job was finished it looked great! Later, the person I hired informed me that it would have been cheaper if I had just hired him to do the job from scratch because of the time it took him to undo my poor craftsmanship. Not so great.
My problem was, I had not been truly focused on my desired outcome. I thought my desired outcome was to have a new wall in my house. This was sort of true, but the outcome I actually wanted was to have a new wall that looked professionally done, with no visible seams or rough patches of spackle. I got there in the end, but at great extra cost.
As a cybersecurity professional, I was extra disappointed in myself because this is a lesson I should have already learned having seen similar scenarios play out in my working life. For many small to midsize (SMB) businesses, maintaining a strong cybersecurity posture can be a daunting task, oftentimes well outside of the scope of their in-house expertise. They need a guide, a partner or sometimes even a full-service security provider to help ensure their data and infrastructure are properly protected. They need to hand the putty knife over to a craftsman instead of going it alone. So, they turn to Managed Security Service (MSS) providers for help. But seeking help is only the first step. Organizations must also carefully assess what kind of help they need based on what they intend to achieve.
In the recently published Gartner® Market Guide for Managed Security Services1, the analyst firm notes that “Differentiation and comparison between MSS providers can be hard for buyers to quantify, as service capabilities and delivery models vary greatly from provider to provider.”
Apart from providing a list of 40 Representative Vendors, the report recommends that:
“Security and risk management (SRM) leaders responsible for security operations should:
- “Focus on the specific security needs of their business when approaching security service providers, looking specifically at the individual markets for managed detection and response (MDR), vulnerability assessment (VA) and incident response (IR).
- “Separate consultative and service-driven requirements to ensure service delivery is as consistent as possible and customized capabilities are appropriately defined.
- “Define expected outcomes and required deliverables in detail, evaluating internal security response processes to identify how security services will be consumed.
- “Assess if existing managed service providers (MSPs) and ITO partners meet security technology management requirements before approaching dedicated security service providers.”
Pondurance was recognized as a Representative Vendor in the 2022 Gartner Market Guide for Managed Security Services. We believe it’s because we can help you design and manage a cybersecurity posture with your business outcomes driving every step of the process. Whether you have already tried to put up your (fire)wall, and realize you require more expertise, or you need to build anew from the studs, we believe we offer a curated approach to design, build and service implementation that ensures clients get the maximum value, and most importantly, maximum protection from their security spend.