Is Penetration Testing and Vulnerability Assessment becoming a saturated market? Are companies open to outsourcing the services or would they prefer to build an in-house team?

Outsourcing & Managed Services Threat & Vulnerability Management

37.6k views3 Upvotes19 Comments

Sort By:

Oldest

Partner in Software6 years ago

The market had saturated for some time but is now looking a possible growth with more next generation security solutions focused on this space. These solutions are largely more focused towards multi-cloud environments as well as having more sophisticated and intent based integrations with a company's infrastructure. A lot of companies have adopted using managed services for the overall security needs that typically focus on monitoring but is likely to expand in to outsourcing these services. As companies build and embed more software in their organizations, the need to monitor as well as patch vulnerabilities is going to need much greater focus. This can be achieved via a larger outsourced managed services versus trying to acquire, train and retain security talent internally.

3 2 Replies

Associate Director in Software6 years ago

Thank you Yousuf. Could you please elaborate on the "next gen security solutions". Are they part of MSSP's offerings?

Partner in Software6 years ago

Yes part of MSSP's offerings and I would consider these to be in larger demand going forward.

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

Peer Discussions and Polls
One-Minute Insights
Connect with like-minded individuals

Chief Security Officer in Software6 years ago

I've seen both. Totally depends on company size and how often you need this type of service. If you have a continual need it makes sense to build an in house capability. If you have set time periods or gates that you need to hit and can control the scope and cost it makes sense to outsource or do it on demand.

1 1 Reply

Associate Director in Software5 years ago

Thank you!

CTO in Software6 years ago

I'll continue to beat the drum of the culture of DevSecOps and attempt to build consensus around the fact that periodic penetration testing and assessments are a legacy, broken model that hasn't improved the state of security. Security testing, inventory, and assessments need to be embedded into the SDLC and Deployment processes.

Chief Security Officer in Software6 years ago

Agree with @MikeD.Kail, but not every company is fully Agile and DevOps.

VP of Global IT and Cybersecurity in Manufacturing6 years ago

Agree with the points raised by everyone, for the organizations which are not fully agile, more waterfall, the outsourcing/managed service approach may work if you have planned, required gates to pass.

Content you might like

In the past 6 months, have you seen an uptick in targeted cyberattacks on telehealth devices and networks?

Security & GRC Network Threat & Vulnerability Management+2 more

No Increase16%

1-5% increase47%

6-25% increase24%

26-50% increase6%

51-75% increase1%

76%+1%

Other2%

View Results

1.7k views1 Upvote

What’s on your IAM roadmap for the next 18-24 months?

Identity & Access Management (IAM)Threat & Vulnerability Management Security Strategy & Roadmap

Director of IT in IT Services4 days ago

Implementation of Zero trust architecture, its modules across the organisation is a priority for us. So, we will be implementing zero trust strategies in IAM, inline with overall strategy.

1.4k views1 Comment

Can anyone share recent or planned improvements when it comes to digital identity management? How are you optimizing those processes/tools?

Identity & Access Management (IAM)Threat & Vulnerability Management Security Strategy & Roadmap

Senior Solution Architect in Finance (non-banking)22 days ago

We've moved from an in-house system to one of the top 2 Digital Identity management solutions/suppliers, this was essential to keep up with the evolving digital identity management landscape.
What we've learned is that ...read more

What's a greater concern for returning to the office? Comment how you are prioritizing...

People & Leadership Strategy & Architecture Cloud+29 more

Human Factors (fears, mental health, physical spacing)85%

Technical / IT Factors (on-premise tools, pivoting back away from remote)14%

3.7k views3 Upvotes2 Comments

How are you assessing the security posture of third-party APIs the business relies on? What criteria do you use currently?

Threat & Vulnerability Management Third Party Risk Management (TPRM)Security Strategy & Roadmap

Director of IT in IT Services5 months ago

We evaluate third-party API security through comprehensive risk assessments, focusing on authentication protocols, data encryption, and vendor compliance.