Last month, we were sponsors of the 2023 RSA Conference, one of the biggest — if not the biggest — cybersecurity event of the year. We spoke to tons of MSSPs at RSAC, which gave us a great opportunity to learn about what they’re looking for, what their challenges are, and what they’re seeing (and not seeing) in the security automation market.
Here are a few of the main themes in our conversations with MSSPs at RSAC 2023.
A lot of MSSPs that came to our booth were evaluating security solutions based on scalability. A master MSSP mentioned to us that they need to be able to process millions of alerts per minute, because that’s the volume generated by the clients of their MSP partners.
With that massive volume as a possibility, SOAR, or other automation solutions need to be highly scalable in order to meet the needs of the MSSP market. Features that can’t scale won’t be of interest to larger MSSPs.
Unsurprisingly, being able to integrate with as many tools as possible is a high priority for busy MSSPs, who are likely to use different toolsets across their customer base, and therefore acutely feel the inefficiency created by screen-switching.
One MSSP we spoke to at RSAC said their analysts were using multiple tools for every incident response or investigation. That might not seem like a big problem, but it’s the kind of issue that makes it hard for an MSSP to grow its business.
Efficiency Through Automation
MSSPs also told us they would like to use automation to create efficiencies beyond the usual use cases, like alert triage and incident response orchestration. Lots of people talked about automated reporting, with one MSSP telling us they were still manually writing incident reports for their clients in Microsoft Word.
Larger MSSPs were particularly focused on streamlining onboarding with automation, since they spend a lot of time setting up clients’ sites, integrations, playbooks, and more.
And finally, MSSPs expressed that they wanted more security solutions that were built with their needs in mind. This would include some of the features we’ve already covered, but also things like multitenancy, and normalizing data from a wide range of sources.
MSSPs are a major market for security vendors, and they don’t want to be treated as an afterthought. All the efficiency created by automation is wasted when MSSP users have to shoehorn their operations into an enterprise-focused solution.
Learn More About D3 Security
D3 Security supports MSSPs around the world and enables high-value services with our Smart SOAR platform. Importantly, we’re vendor-agnostic and independent, so no matter what tools your clients use, our unlimited integrations will meet their needs.
Our new MSSP Client Portal streamlines communication, reporting, and collaboration between MSSPs and their clients. D3 Security’s Event Pipeline can automate the alert-handling capacity of dozens of analysts, while reducing alert volume by 90% or more. Watch our case study video with Trifork Security to see how a successful MSSP uses Smart SOAR.