Christina Richmond

Christina Richmond

Principal Analyst Christina Richmond covers cybersecurity services at ESG, drawing on more than 20 years in the technology industry. Christina has studied routes to market through channels and distribution alliances across the entire infrastructure spectrum and more recently managed a worldwide cybersecurity services research practice. From Delhi to Dublin and across North America, Christina enjoys sharing strategic guidance with companies ranging from startups to established enterprises, spanning vendors, large systems integrators, communication service providers, and consulting firms.

Recent Posts by Christina Richmond:

Sophos Acquires Rook Security

Sophos announced in June 2019 that it has acquired Rook Security, which it will integrate across all products. In today’s managed security services (MSS) landscape, it’s imperative to have managed detection and response (MDR). The requirement to enter MSS no longer demands a security operations center (SOC) and SOC analysts (though those are still necessary to the enterprise). Rather, strong security vendors, such as Sophos, can broaden services with an acquisition of an MDR provider. In this case, Rook Security does have a SOC and SOC analysts, making this a boon to Sophos. The new MDR solution will initially launch in the Americas later this year. An invitation-only early access program (EAP) will focus on existing endpoint detection and response (EDR) customers to gain feedback from them on the new solution.

Topics: Cybersecurity

Is Managed Detection and Response (MDR) the New Managed Security Service (MSS)?

As architectures move increasingly to the cloud, hybrid environments are harder to keep secure. Nearly nine out of ten (85%) respondent organizations in ESG’s 2019 Public Cloud Computing Trends are currently leveraging at least one of the three public cloud computing service models, with another 11% expressing plans for or interest in using these services.

Topics: Cybersecurity

Cybersecurity Services Discussions

In the digital era, the enterprise has a new range of cybersecurity services to consider from cloud-hosted to SaaS-based SOC services, migration to DevSecOps in software development lifecycle (SDLC), and automated detection and response in managed detection and response (MDR) services. In a series of videos with industry leaders, I drill into these emerging areas of security services as well as the old tried and true segments that continue to burgeon like managed security services (MSS) and advisory services for strategy planning and policy development.

Topics: Cybersecurity cybersecurity services discussions

Cybersecurity Services Discussions: Automated Security Video with Secureworks (Part 1)

I recently caught up with Jon Ramsey, CTO of Secureworks, to chat about automated security. I asked Jon what he believes automated security is.

We’ll never outpace and outmaneuver the adversary with security the way it is today, according to Jon. The bad actors are using machine learning and automation to launch and perpetuate attacks. We simply do not have the human capital to combat the leverage that machines have. Throwing software capabilities into detection and response can help the good guys keep up.

Topics: Cybersecurity cybersecurity services discussions

Security Risk as a Business Discussion

There is a lot of buzz in the market this year about risk management and how hard it is given current architectural complexity and the increased sophistication of attackers. Add to this the continued dearth of talent in cybersecurity.

Enter cybersecurity service providers to assist the organization with a broad range of services: risk assessments replete with gap heatmaps and remediation suggestions; strategic program design including security best practices; and a nascent but trending offering to educate the board, executive management team, and CISOs on how to have the risk conversation within a business context. Experienced CISOs are having this conversation among themselves and in fact, one savvy security leader is calling for Risk as a Lingua Franca. Worthy service providers are helping to create this lingua franca and to educate their clients through enterprise risk management offerings, continuous vulnerability monitoring, and penetration testing.

Topics: Cybersecurity

SOCaaS versus Managed SOC (with video)

We live in a sea of acronyms: SOC, MSS, MDR, IDS, IDP, SOCaaS, SECaaS… Three of these in particular are causing consternation in the market: SOCaaS, MSS, and MDR. Let’s see if we can shed some light on them.

Topics: Cybersecurity

Be Prepared

Cybersecurity services are at an inflection point, where they are no longer "nice to have" but "must have" for security teams. Migration to digital and cloud-driven architectures, continued lack of resources, and rapid growth of breaches escalate the need for an objective service partner. Admittedly, I’m a services wonk, and see all markets through the lens of services, but it’s obvious that complexity and overwhelm abound as a myriad of new security solutions confuse the market annually at conferences. (Speculation about this year’s RSA “theme” is rife on LinkedIn.) Security teams are challenged to manage security effectively, and to negotiate business against risk. The evolution of this market necessitates services that drive assessment and rationalization of existing security programs rather than adoption of new technologies. It also demands preparedness.

Topics: Cybersecurity