Christina Richmond

Christina Richmond

Principal Analyst Christina Richmond covers cybersecurity services at ESG, drawing on more than 20 years in the technology industry. Christina has studied routes to market through channels and distribution alliances across the entire infrastructure spectrum and more recently managed a worldwide cybersecurity services research practice. From Delhi to Dublin and across North America, Christina enjoys sharing strategic guidance with companies ranging from startups to established enterprises, spanning vendors, large systems integrators, communication service providers, and consulting firms.

Recent Posts by Christina Richmond:

Why Engage Cybersecurity Service Providers?

Folks come to cybersecurity services for a lot of reasons, complexity and compliance being two of the top ones. In fact, 40% of respondents to a recent ESG cybersecurity services study state that they need advice on dealing with the complexity from multi-cloud and hybrid architecture. And another 26% specifically call out that they need help rearchitecting their security posture during cloud migration and digital transformation efforts.

Topics: Cybersecurity

Mind the Gap: Why MSSPs Still Matter

Good move by Secureworks partnering with Microsoft. I wrote a blog just a few days ago about how cloud providers are blurring the lines in cybersecurity services delivery, especially in managed security services.

Topics: Cybersecurity

Wait, What? Cloud Providers are MSSPs?

A ZDNet article yesterday brought to my attention today just how far Microsoft has moved the needle to becoming a cybersecurity services provider. Increasingly, cloud providers are entering this market and Microsoft has started off by providing the most important services to cloud customers. Cloud has become a ubiquitous infrastructure and buyers are demanding cloud security monitoring and alerting. In fact, 40% of respondents to a recent ESG cybersecurity services study state that these services are must-haves from managed security services providers (MSSPs). In this instance, Microsoft can be considered an MSSP as it offers many of the services in this market.

Microsoft is making great strides in adding cybersecurity services to its arsenal. In April, it introduced the managed threat hunting service called Threat Experts on Demand as part of the Microsoft Defender Advanced Threat Protection (ATP) service for customers with subscriptions such as Windows 10 Enterprise E5 and the Microsoft 365 bundle, giving enterprise customers access to top Microsoft security experts when they need help working through a tough threat. Last September, the company launched its Azure Sentinel cloud-SIEM, enabling data collection across the enterprise and detection of unknown and advanced threats utilizing Microsoft’s threat intelligence telemetry, which is significant in quantity and is made actionable by the company’s artificial intelligence (AI) and machine learning (ML) and threat hunting capabilities. These ingredients enable faster response to incidents, but not all enterprises have the resources to dig deep into these tools on their own. Now with Threat Experts on Demand, Microsoft assists the enterprise to make sense of the most challenging threats. 

Topics: Cybersecurity

Grupo Tecno and Trustwave Team Up in Mexico

Trustwave and Grupo Tecno, a large information technology integrator in Mexico, are teaming up to offer Trustwave Managed Security Services and cybersecurity technologies to enterprises and other institutions in Mexico and other Spanish speaking countries in Latin America. This is exciting news for both. Trustwave expands its footprint in Latin America; Grupo Tecno firmly implants itself in the managed security services (MSSs) and security operations center (SOC) arena with a strong global partner.

Topics: Cybersecurity

MDR Top Cyber Services Theme at Black Hat 2019

Just as I expected, my conversations at BlackHat 2019 mostly centered on how to define MDR, whether MDR will replace MSS, and which vendors are really MDR and which are not. Oh, and xDR was discussed too.

Topics: Cybersecurity Black Hat

Why Cybersecurity Services Matter

Security loves to tout the “blinky lights” or the newest technology. Don’t get me wrong, advancements in firewalls, endpoint detection and response (EDR), cloud access security brokers (CASBs), and others have revolutionized protection in their respective corners of the environment. But a more holistic approach is needed. I talk a lot about services helping the organization manage and monitor its blinky lights with managed security services (MSS), and others in the industry discuss staff augmentation as a key component of services because of the skills shortage. (Note, three-quarters of cyber professionals state they have been impacted by the skills shortage.) These are necessary pieces of services. But the biggest reason services matter goes beyond these two: To mature, security must grow beyond the tactical management of security products and become more strategic thinking.

Topics: Cybersecurity

All About the Customer at C-Scape 19

C-Scape at Cisco Live is always a good event and this year was no exception. I wasn’t sure what to expect as so many changes had occurred during the last year, but I was pleasantly surprised to find strong progress made in the cybersecurity services realm and excellent answers to all of my burning questions.

Topics: Cybersecurity

Sophos Acquires Rook Security

Sophos announced in June 2019 that it has acquired Rook Security, which it will integrate across all products. In today’s managed security services (MSS) landscape, it’s imperative to have managed detection and response (MDR). The requirement to enter MSS no longer demands a security operations center (SOC) and SOC analysts (though those are still necessary to the enterprise). Rather, strong security vendors, such as Sophos, can broaden services with an acquisition of an MDR provider. In this case, Rook Security does have a SOC and SOC analysts, making this a boon to Sophos. The new MDR solution will initially launch in the Americas later this year. An invitation-only early access program (EAP) will focus on existing endpoint detection and response (EDR) customers to gain feedback from them on the new solution.

Topics: Cybersecurity

Is Managed Detection and Response (MDR) the New Managed Security Service (MSS)?

As architectures move increasingly to the cloud, hybrid environments are harder to keep secure. Nearly nine out of ten (85%) respondent organizations in ESG’s 2019 Public Cloud Computing Trends are currently leveraging at least one of the three public cloud computing service models, with another 11% expressing plans for or interest in using these services.

Topics: Cybersecurity

Cybersecurity Services Discussions

In the digital era, the enterprise has a new range of cybersecurity services to consider from cloud-hosted to SaaS-based SOC services, migration to DevSecOps in software development lifecycle (SDLC), and automated detection and response in managed detection and response (MDR) services. In a series of videos with industry leaders, I drill into these emerging areas of security services as well as the old tried and true segments that continue to burgeon like managed security services (MSS) and advisory services for strategy planning and policy development.

Topics: Cybersecurity cybersecurity services discussions