Christina Richmond

Christina Richmond

Principal Analyst Christina Richmond covers cybersecurity services at ESG, drawing on more than 20 years in the technology industry. Christina has studied routes to market through channels and distribution alliances across the entire infrastructure spectrum and more recently managed a worldwide cybersecurity services research practice. From Delhi to Dublin and across North America, Christina enjoys sharing strategic guidance with companies ranging from startups to established enterprises, spanning vendors, large systems integrators, communication service providers, and consulting firms.

Recent Posts by Christina Richmond:

Grupo Tecno and Trustwave Team Up in Mexico

Trustwave and Grupo Tecno, a large information technology integrator in Mexico, are teaming up to offer Trustwave Managed Security Services and cybersecurity technologies to enterprises and other institutions in Mexico and other Spanish speaking countries in Latin America. This is exciting news for both. Trustwave expands its footprint in Latin America; Grupo Tecno firmly implants itself in the managed security services (MSSs) and security operations center (SOC) arena with a strong global partner.

Topics: Cybersecurity

MDR Top Cyber Services Theme at Black Hat 2019

Just as I expected, my conversations at BlackHat 2019 mostly centered on how to define MDR, whether MDR will replace MSS, and which vendors are really MDR and which are not. Oh, and xDR was discussed too.

Topics: Cybersecurity Black Hat

Why Cybersecurity Services Matter

Security loves to tout the “blinky lights” or the newest technology. Don’t get me wrong, advancements in firewalls, endpoint detection and response (EDR), cloud access security brokers (CASBs), and others have revolutionized protection in their respective corners of the environment. But a more holistic approach is needed. I talk a lot about services helping the organization manage and monitor its blinky lights with managed security services (MSS), and others in the industry discuss staff augmentation as a key component of services because of the skills shortage. (Note, three-quarters of cyber professionals state they have been impacted by the skills shortage.) These are necessary pieces of services. But the biggest reason services matter goes beyond these two: To mature, security must grow beyond the tactical management of security products and become more strategic thinking.

Topics: Cybersecurity

All About the Customer at C-Scape 19

C-Scape at Cisco Live is always a good event and this year was no exception. I wasn’t sure what to expect as so many changes had occurred during the last year, but I was pleasantly surprised to find strong progress made in the cybersecurity services realm and excellent answers to all of my burning questions.

Topics: Cybersecurity

Sophos Acquires Rook Security

Sophos announced in June 2019 that it has acquired Rook Security, which it will integrate across all products. In today’s managed security services (MSS) landscape, it’s imperative to have managed detection and response (MDR). The requirement to enter MSS no longer demands a security operations center (SOC) and SOC analysts (though those are still necessary to the enterprise). Rather, strong security vendors, such as Sophos, can broaden services with an acquisition of an MDR provider. In this case, Rook Security does have a SOC and SOC analysts, making this a boon to Sophos. The new MDR solution will initially launch in the Americas later this year. An invitation-only early access program (EAP) will focus on existing endpoint detection and response (EDR) customers to gain feedback from them on the new solution.

Topics: Cybersecurity

Is Managed Detection and Response (MDR) the New Managed Security Service (MSS)?

As architectures move increasingly to the cloud, hybrid environments are harder to keep secure. Nearly nine out of ten (85%) respondent organizations in ESG’s 2019 Public Cloud Computing Trends are currently leveraging at least one of the three public cloud computing service models, with another 11% expressing plans for or interest in using these services.

Topics: Cybersecurity

Cybersecurity Services Discussions

In the digital era, the enterprise has a new range of cybersecurity services to consider from cloud-hosted to SaaS-based SOC services, migration to DevSecOps in software development lifecycle (SDLC), and automated detection and response in managed detection and response (MDR) services. In a series of videos with industry leaders, I drill into these emerging areas of security services as well as the old tried and true segments that continue to burgeon like managed security services (MSS) and advisory services for strategy planning and policy development.

Topics: Cybersecurity cybersecurity services discussions

Cybersecurity Services Discussions: Automated Security Video with Secureworks (Part 1)

I recently caught up with Jon Ramsey, CTO of Secureworks, to chat about automated security. I asked Jon what he believes automated security is.

We’ll never outpace and outmaneuver the adversary with security the way it is today, according to Jon. The bad actors are using machine learning and automation to launch and perpetuate attacks. We simply do not have the human capital to combat the leverage that machines have. Throwing software capabilities into detection and response can help the good guys keep up.

Topics: Cybersecurity cybersecurity services discussions

Security Risk as a Business Discussion

There is a lot of buzz in the market this year about risk management and how hard it is given current architectural complexity and the increased sophistication of attackers. Add to this the continued dearth of talent in cybersecurity.

Enter cybersecurity service providers to assist the organization with a broad range of services: risk assessments replete with gap heatmaps and remediation suggestions; strategic program design including security best practices; and a nascent but trending offering to educate the board, executive management team, and CISOs on how to have the risk conversation within a business context. Experienced CISOs are having this conversation among themselves and in fact, one savvy security leader is calling for Risk as a Lingua Franca. Worthy service providers are helping to create this lingua franca and to educate their clients through enterprise risk management offerings, continuous vulnerability monitoring, and penetration testing.

Topics: Cybersecurity

SOCaaS versus Managed SOC (with video)

We live in a sea of acronyms: SOC, MSS, MDR, IDS, IDP, SOCaaS, SECaaS… Three of these in particular are causing consternation in the market: SOCaaS, MSS, and MDR. Let’s see if we can shed some light on them.

Topics: Cybersecurity