Don’t Be Fooled By Marketing

I’ve been in the Cybersecurity space for close to a decade and I’ve been in the Managed Detection and Response space for almost 5 years. When I talk with other IT and Security sellers, they share a common theory that a company will purchase their technology and hopefully stay with that same vendor for the next 5 - 6 years.?

Now if you enter the Managed Security or Managed Detection and Response space we find the norm is the exact opposite. I am seeing company’s re-evaluate their newly deployed solution within 7-8 months of deployment. Are customers constantly re-evaluating every year and not finding what they are looking for? Why the heck is that?

Well, I have a few assumptions, but let’s dive into the data first.

Just in the past year of 2022 - 2023, I presented a demo to over 85 potential customers and in that first call we identify if the buyer currently runs Managed Security or is 100% in house. After reviewing my notes, 49 of these potential customers currently run some form of Managed Security, while the other 36 are looking to enter in a relationship with a Managed Security partner for the first time.

That means 58% of current Managed Security customers are re-evaluating their current Managed Security investment, that’s over half! While the remainder of the sourced pool of 42% are looking to enter a partnership with a Managed Security provider for the first time. We absolutely have identified there is a need in the market, in fact Gartner predicts that 50% of organizations will use an MDR by 2025. I personally believe that estimate is slightly light and it is probably closer to 60% - 70+%.

Why do companies want to invest in a Managed Security Partner?

Top 3 Reasons from the 85 account pool we met with from 2022 - 2023:

1. My job, I am concerned that if my company does indeed experience an incident or an event that causes data loss or even worse a breach, I am potentially on the chopping block to be let go.
2. I can’t do this alone. We literally have over 5,000 machines in circulation and how the heck does my management expect 5 IS people to look at this data 24x7 and protect us on every single alert? I am anxious even when I’m on PTO or Holiday, hackers know that’s when we are understaffed.
3. I need 24x7 support, you know I have to sleep and honestly only some of my team is super advanced in security in the case a Powershell behavioral event occurs, we might need help from experts to respond.

Why are these companies re-evaluating their Managed Security partner almost every year?

Top 3 Reasons from the 85 account pool we met with from 2022 - 2023:

1. The sales team we spoke with shared that they can in fact do all of the things to keep us secure, however we have quickly identified that is not so accurate.
2. I am sharing confirmed threats with my Managed Security provider that has been identified by my team, but not identified by my Managed Security provider. I thought this is what we were paying you for?
3. I just ran an annual Pen Test and my Managed Security Provider did not alert on the manual testing performed, ughhhh this is scary!

What can you do to not be in the 58% re-evaluating your need for a Managed Security Partner every year?

1. Do not listen to the sales team! I am a seller and do not listen to us. Ask to speak with an actual Threat Hunter or a Detection Engineer, hear from them and understand their bandwidth, what can a customer truly expect from you and your team? Tell me about your onboarding process, this is more than just technology, it is also a service.
2. Ask for 2 customer references and do not take no for an answer. I would ask for a reference that is industry specific and a local reference. This will give you two different perspectives and if you want to make it worthwhile you can ask a few questions to identify if the person you are speaking with is a security expert or bought into the marketing. Don’t forget to ask the reference how many references they have done, if it’s 2-3 in the past year you should be good to go. If it’s 10 you should run or atleast ask for another reference, sounds like that could be your only happy customer?
3. TEST! No seller or sales engineer wants to spend extra time testing to make sure you are happy, but don’t worry about the vendor. You need to do what is right for you and your organization. Now a vendor might say we have to do paid testing to cover costs. Tell them tough cookies and you are only buying if you can at least turn it on to make sure it works. Besides I’m sure our contract will cover a 2 week testing period if we sign on. If you can’t see it for yourself how do you know it is going to work??

Don’t be part of the majority re-evaluating your Managed Security partner every year. Find the right one that has your back and is a real extension of your team.