Is Penetration Testing and Vulnerability Assessment becoming a saturated market? Are companies open to outsourcing the services or would they prefer to build an in-house team?
Sort By:
Oldest
Partner in Software6 years ago
The market had saturated for some time but is now looking a possible growth with more next generation security solutions focused on this space. These solutions are largely more focused towards multi-cloud environments as well as having more sophisticated and intent based integrations with a company's infrastructure. A lot of companies have adopted using managed services for the overall security needs that typically focus on monitoring but is likely to expand in to outsourcing these services. As companies build and embed more software in their organizations, the need to monitor as well as patch vulnerabilities is going to need much greater focus. This can be achieved via a larger outsourced managed services versus trying to acquire, train and retain security talent internally.Associate Director in Software6 years ago
Thank you Yousuf. Could you please elaborate on the "next gen security solutions". Are they part of MSSP's offerings?
Partner in Software6 years ago
Yes part of MSSP's offerings and I would consider these to be in larger demand going forward.
Chief Security Officer in Software6 years ago
I've seen both. Totally depends on company size and how often you need this type of service. If you have a continual need it makes sense to build an in house capability. If you have set time periods or gates that you need to hit and can control the scope and cost it makes sense to outsource or do it on demand.Associate Director in Software5 years ago
Thank you!
CTO in Software6 years ago
I'll continue to beat the drum of the culture of DevSecOps and attempt to build consensus around the fact that periodic penetration testing and assessments are a legacy, broken model that hasn't improved the state of security. Security testing, inventory, and assessments need to be embedded into the SDLC and Deployment processes.Chief Security Officer in Software6 years ago
Agree with @MikeD.Kail, but not every company is fully Agile and DevOps.VP of Global IT and Cybersecurity in Manufacturing6 years ago
Agree with the points raised by everyone, for the organizations which are not fully agile, more waterfall, the outsourcing/managed service approach may work if you have planned, required gates to pass.