As the threat landscape has evolved (e.g., increased number and size of DDoS attacks), MSSPs are being forced by the market to evolve their service offerings. It simply is no longer acceptable for an MSSP to manage perimeter firewalls, a couple of Internet-facing applications, and perhaps a couple of important internal systems (e.g., Active Directory domain controllers). Why not? Because such (effectively) stand alone ‘soda straw’ views do not provide the MSSP (nor the customer) with the context needed to be able to detect today’s sophisticated attacks. For example, with that hypothetical monitoring scenario, it would be extremely difficult to detect lateral movement, let alone a compromise of individual systems.