Last year, I was presented with an opportunity to learn a new skill. One of the walls in my house had become damaged to the point that the only sensible solution was to tear out what remained of the mangled sheet rock and start fresh. “This is something I can handle”, I told myself. I’m a handy guy. YouTube has more than enough content to fill any knowledge gaps I might have. I was going to hang a wall.
I bought all my materials and got to work. The end-result was…well, it was a wall. But that was the most flattering description I could give it. It looked terrible. Every seam was visible. It turns out, cutting sheet rock precisely and working with joint compound are things that take a lot of practice and experience to master, and the people I saw on YouTube, making it look so easy, had already put in those hundreds of hours. It was my first try, and I ended up having to hire an experienced tradesman to come fix what I had done. When the job was finished it looked great! Later, the person I hired informed me that it would have been cheaper if I had just hired him to do the job from scratch because of the time it took him to undo my poor craftsmanship. Not so great.
My problem was, I had not been truly focused on my desired outcome. I thought my desired outcome was to have a new wall in my house. This was sort of true, but the outcome I actually wanted was to have a new wall that looked professionally done, with no visible seams or rough patches of spackle. I got there in the end, but at great extra cost.
As a cybersecurity professional, I was extra disappointed in myself because this is a lesson I should have already learned having seen similar scenarios play out in my working life. For many small to midsize (SMB) businesses, maintaining a strong cybersecurity posture can be a daunting task, oftentimes well outside of the scope of their in-house expertise. They need a guide, a partner or sometimes even a full-service security provider to help ensure their data and infrastructure are properly protected. They need to hand the putty knife over to a craftsman instead of going it alone. So, they turn to Managed Security Service (MSS) providers for help. But seeking help is only the first step. Organizations must also carefully assess what kind of help they need based on what they intend to achieve.
In the recently published Gartner® Market Guide for Managed Security Services1, the analyst firm notes that “Differentiation and comparison between MSS providers can be hard for buyers to quantify, as service capabilities and delivery models vary greatly from provider to provider.”
Apart from providing a list of 40 Representative Vendors, the report recommends that:
“Security and risk management (SRM) leaders responsible for security operations should:
- “Focus on the specific security needs of their business when approaching security service providers, looking specifically at the individual markets for managed detection and response (MDR), vulnerability assessment (VA) and incident response (IR).
- “Separate consultative and service-driven requirements to ensure service delivery is as consistent as possible and customized capabilities are appropriately defined.
- “Define expected outcomes and required deliverables in detail, evaluating internal security response processes to identify how security services will be consumed.
- “Assess if existing managed service providers (MSPs) and ITO partners meet security technology management requirements before approaching dedicated security service providers.”
Pondurance was recognized as a Representative Vendor in the 2022 Gartner Market Guide for Managed Security Services. We believe it’s because we can help you design and manage a cybersecurity posture with your business outcomes driving every step of the process. Whether you have already tried to put up your (fire)wall, and realize you require more expertise, or you need to build anew from the studs, we believe we offer a curated approach to design, build and service implementation that ensures clients get the maximum value, and most importantly, maximum protection from their security spend.
Get everything you need; and nothing you don’t
Another harsh lesson I learned from the tradesman who helped me with my wall was that I overpaid for materials in the first place. He told me that I had purchased a lot of commercial grade materials that far exceeded the requirements for what I was trying to do. I got what I needed, but also a lot of things I didn’t.
Clients researching MSS providers should take care not to make the same mistake I did. In this report Gartner mentions that “the typical buyer for the wider group of security requirements met by MSSs regularly request technology implementation and staff augmentation. They also have a wider desire to use third parties to accelerate the build of an internal security operations center (SOC) capability rather than look at longer term outsourcing options.” In our opinion, this can be tricky for SMB clients, particularly because the level of in-house cybersecurity capabilities varies drastically from client to client in that market, and there are so many MSS providers offering a “one size fits all” approach to MSS. Going with one of these could leave clients paying for a lot of services they don’t need.
Pondurance offers solutions in four key areas of MSS:
While our goal is to deliver proactive, personal, around the clock detection and response with 360-degree visibility into cyber environments, Pondurance works closely with clients to curate individual services or packages of service to fit each client’s unique requirements. We partner with clients to deliver only the technology and services required to fulfill the client’s desired outcomes and ensure protection across their IT infrastructure.
Technology alone cannot defeat adversaries: An outcome focused approach brings people, processes, and technology together to solve the biggest cybersecurity challenges
Our people and the expertise we bring to process and technology are why we believe our approach is perfect for SMB clients looking for a security partner to provide guidance, technology and services tailored to their specific needs. Our highly skilled analysts, threat hunters and incident responders can help you build the right security posture for your environments, then back that with 24/7 monitoring to detect and respond to threats, while providing guided recommendations in service of your desired business outcomes. Our curated approach offers you:
- Best-in-class detection and response through machine learning backed by humans. Our elite U.S.-based cybersecurity team has decades of experience protecting organizations from the most sophisticated cyberthreats.
- We are the only MSS provider that applies the Dynamic Defense Methodology by using our managed detection and response platform to identify and prioritize threats. This method enables us to provide specialized protection by understanding an organization’s unique infrastructure and what to prioritize in terms of alerts and threats.
- Pondurance MDR, IR, vulnerability management and consulting services are the core capabilities any organization needs to minimize business risk, mitigate threats and accelerate their security maturity.
With our expertise and curated approach to building a security strategy, you can be sure you are getting an MSS provider who puts your organization first and remains focused on your business goals.
I sure wish I had thought of this sooner when I embarked on my drywall project; that there are times when things are best left to the experts. Construction is one of them, and cybersecurity is certainly another. Schedule a demo to learn more about Pondurance and see why we are mentioned in this Gartner Market Guide for Managed Security Services.
1Gartner, Market Guide for Managed Security Services, Pete Shoard, Mitchell Schneider, John Collins, Al Price, 16 March 2022
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Gartner is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.