News Story.

MSP and MSSP’s

MSP and MSSP’s

Now, we’re not usually ones to talk about or present our competition, and especially not on our website, but we have always aimed to be both transparent and impartial. Managed Service Provider and Managed Security Service Providers both fill a useful gap in the market. We’re neither of those but equally, we’re no longer just a Value Added Reseller.  Read on…

In the latest “Magic Quadrant for Managed Security Services, Worldwide”[i] from Gartner, which was released in February 2018, they define it as:

the remote monitoring of security events and security-related data sources, or the management of IT security technology along with security event monitoring, delivered via shared services from remote S (SOCs), not through personnel on-site nor remote services delivered on a one-one basis to a single customer”.

That’s all very well and works quite well for certain types of, what may be termed security mature organisations. That is those organisations who have covered the basics, understand their infrastructure, have proper policies, standards, guidelines and procedures in place with fully formed, well-rounded and tested disaster recovery, incident response and business continuity plans. They also typically have a detailed risk register, which informs decisions, a continual improvement program, and a culture that has security baked in. In fact, NIST has published a really useful definition of Security Maturity Levels[ii] and where organisations fit above level 3 (i.e. 3.5 and above)  then they may be suitable candidates for MSP/MSSP model.


Fig 1. Comparison of Managed Service Providers and Managed Security Service Providers

However, for those organisations that sit below level 3 (and to be brutally honest, that’s probably most of them), they probably need to look beyond MSSPs and get additional help. This is where organisations like ours, Secon Cyber, can add real value. We take time to understand our clients’ security landscape, tools and technologies, how they work, and further take care to understand their environment and maturity levels. We’re then ideally placed to be able to advise them how they can move from the basics (1 and 2) to a more secure environment (3 and 4). We’ve been doing it for a long time and are getting better every year.

The problem with ‘cyber’ is that it moves so quickly. Every day there is a new vulnerability exposed, a new breach reported or a new entrant in the market.  Each one needs to be looked at carefully by someone who appreciates the nuances that each brings. Equally, your businesses changes daily and large organisations and MSSPs just aren’t designed to deal with the intricacies of developing organisations. They do best with consistency and scale. That’s not to say we don’t or can’t, but we are much more agile and can react in an appropriate timescale to the requests we invariably get.

As I said at the beginning, we aim to be transparent. We’ve included a link to the Gartner report and you can read about the relative strengths and weaknesses of the suppliers in their review. Do keep in mind, their services are limited to letting you know what is broken, and its then onto you to do all the handwork of lifting and shifting.

At Secon Cyber, we go the extra mile. Our SOC really helps. Real people with a real interest in making and keeping you safe and secure. Our Managed Detection and Response platform delivers real value and is easily and quickly installed. It goes beyond SIEM and we keep the rules and reports configured and up to date. Why not ask for a demonstration or even a proof of value?

For more information please don’t hesitate to contact us on 0845 567 8777 or email us at




book a demo for our managed detection and response service