Magic Quadrant for MSSPs, North America - Tata … · Magic Quadrant for MSSPs, North America...
15
Magic Quadrant for MSSPs, North America Gartner RAS Core Research Note G00166138, Kelly M. Kavanagh, John Pescatore, 16 April 2009, R3053 04272010 Several IT outsourcers entered or increased their presence in the maturing managed security service provider market in North America. In addition to firewall and intrusion detection/prevention monitoring and management, security log management became a nearly universal offering. WHAT YOU NEED TO KNOW Enterprises are engaging managed security service providers (MSSPs) to meet security monitoring and device management requirements for several reasons: • An inability to increase resources or expertise because of the business climate • Compliance requirements for monitoring and reviewing security and user-related activities • The trend toward providing local Internet connections to branch offices, rather than through a central corporate gateway • The increasing use of mobile workforce and consumer-grade technology to access corporate resources MAGIC QUADRANT Market Overview Enterprise use of MSSPs continued its steady growth trend in 2008, and macroeconomic conditions and security threat trends will cause that growth to continue in 2009. These same trends, combined with others, such as increased enterprise use of software as a service (SaaS) and the “consumerization of IT,” will cause cloud-based security-as-a-service offerings to begin to impact the customer-premises-equipment (CPE)-focused MSSP market in 2H09 and beyond. This will bring new entrants into the market for security services, including several large global brands. MSSPs in North America generated revenue of approximately $570 million in 2007, and Gartner estimates that revenue grew about 15% in 2008, and the number of firewalls and intrusion detection/prevention (IDP) devices under monitoring/management grew 20%. The differing growth rates in revenue and devices reflect lower pricing driven by competition, market growth in the small/ midsize enterprise space, and by more multifunction devices managed. Gartner estimates that, in 2008, 60% of Fortune 500 enterprises had engaged in some level of use of an MSSP, representing about 25% of enterprise firewalls under remote monitoring or management. Firewall and intrusion prevention appliance vendors have seen that MSSPs are increasingly important channel partners, and allow the product vendors to propose more-effective monitoring and management as adjuncts to their technology products.
Transcript of Magic Quadrant for MSSPs, North America - Tata … · Magic Quadrant for MSSPs, North America...
Magic Quadrant for MSSPs, North America
Gartner RAS Core Research Note G00166138, Kelly M. Kavanagh, John Pescatore, 16 April 2009, R3053 04272010
Several IT outsourcers entered or increased their presence in the maturing managed security service provider market in North America. In addition to firewall and intrusion detection/prevention monitoring and management, security log management became a nearly universal offering.
WHAT YOU NEED TO KNOWEnterprises are engaging managed security service providers (MSSPs) to meet security monitoring and device management requirements for several reasons:
• Aninabilitytoincreaseresourcesorexpertisebecauseofthebusinessclimate
• Compliancerequirementsformonitoringandreviewingsecurityanduser-relatedactivities
• ThetrendtowardprovidinglocalInternetconnectionstobranchoffices,ratherthanthroughacentralcorporategateway
• Theincreasinguseofmobileworkforceandconsumer-gradetechnologytoaccesscorporate resources
MAGIC QUADRANT
Market OverviewEnterpriseuseofMSSPscontinueditssteadygrowthtrendin2008,andmacroeconomicconditionsandsecuritythreattrendswillcausethatgrowthtocontinuein2009.Thesesametrends,combinedwithothers,suchasincreasedenterpriseuseofsoftwareasaservice(SaaS)andthe“consumerizationofIT,”willcausecloud-basedsecurity-as-a-serviceofferingstobegintoimpactthecustomer-premises-equipment(CPE)-focusedMSSPmarketin2H09andbeyond.Thiswillbringnewentrantsintothemarketforsecurityservices,includingseverallargeglobalbrands.
MSSPsinNorthAmericageneratedrevenueofapproximately$570millionin2007,andGartnerestimatesthatrevenuegrewabout15%in2008,andthenumberoffirewallsandintrusiondetection/prevention(IDP)devicesundermonitoring/managementgrew20%.Thedifferinggrowthratesinrevenueanddevicesreflectlowerpricingdrivenbycompetition,marketgrowthinthesmall/midsizeenterprisespace,andbymoremultifunctiondevicesmanaged.Gartnerestimatesthat,in2008,60%ofFortune500enterpriseshadengagedinsomelevelofuseofanMSSP,representingabout25%ofenterprisefirewallsunderremotemonitoringormanagement.Firewallandintrusionprevention appliance vendors have seen that MSSPs are increasingly important channel partners, andallowtheproductvendorstoproposemore-effectivemonitoringandmanagementasadjunctsto their technology products.
2GrowthinenterprisedemandforMSSin2008wasprimarilydrivenbyfourfactors:
• Staffing and budget growth limitations –Gartner’supdatedforecastforITspendingindicatesa2.2%growthratein2009. Gartner sees continued corporate pressure to reduce operational costs, capitalexpendituresandstaffing,whilemaintaining a sufficient security posture.
• Compliance reporting requirements – Gartner sees increased pressure to reduce the cost of meeting compliance requirements, such as Payment Card Industrystandards,FederalInformationSecurityManagementAct(FISMA)requirements for government agencies, FederalFinancialInstitutionsExaminationCouncil(FFIEC)forbanking,aswellasrequestsbycustomersandbusinesspartnerstodemonstratetheabilitytomonitor,identifyandrespondtoattacks.Customers also cite strong demands to reduce the cost of ongoing compliance activities,suchasmeetingU.S.Sarbanes-OxleyorHealthInsurancePortabilityandAccountabilityAct(HIPAA)requirementsinthefaceofimplementingnewercompliance activities focused on privileged user access or data protection.
• Expansion of Internet connection points–EnterprisesareaddingfirewallsandmultifunctionfirewallstoremotelocationsastheymovetowarddistributedInternetconnections.Thedeploymentofnetworkintrusionpreventiondevicesandincreaseddemandforremote security monitoring of servers also have led to increased devicecountandcontractvaluewhenrenewingmanagedservice agreements.
• Growing experience with remote services for IT – As enterprisesgainexperienceconsumingITfunctionssuchasapplications, storage and processing as services, security outsourcingwillbecomemoreroutine.GartnerseessignificantgrowthinsecurityoutsourcinginareasadjacenttoMSS,suchassecureWebgateways,e-mailsecurity,andidentityandaccessmanagement(IAM).
Smallerbusinessesinretail,energy,bankingandothersectorsenter into security outsourcing agreements to increase their security levelsandtomeetregulatorydemands.Theyhavelimitedabilitytoaddheadcount,andareoftenturningtoserviceproviderswithwhichtheyalreadydobusinesstoaddresssecurityandcompliancerequirements at minimal additional cost.
TheMSSmarketismaturing,withlargerserviceprovidersaddingmanaged security to their portfolios via acquisition and organic development.Manyenterprisesheavilyweightvendorviabilityin their evaluation of outsourcing providers, and larger service providersofferanimportantcomfortlevelforthesebuyers.Formanymainstreamtechnologyadoptersandrisk-aversecompanies
TheMagicQuadrantiscopyrightedApril2009byGartner,Inc.andisreusedwithpermission.TheMagicQuadrantisagraphicalrepresentationofamarketplaceatandforaspecifictimeperiod.ItdepictsGartner’sanalysisofhowcertainvendorsmeasureagainstcriteriaforthatmarketplace,asdefinedbyGartner.Gartnerdoesnotendorseanyvendor,productorservicedepictedintheMagicQuadrant,anddoesnotadvisetechnologyuserstoselectonlythosevendorsplacedinthe“Leaders”quadrant.TheMagicQuadrantisintendedsolelyasaresearchtool,andisnotmeanttobeaspecificguidetoaction.Gartnerdisclaimsallwarranties,expressorimplied,withrespecttothisresearch,includinganywarrantiesofmerchantabilityorfitnessforaparticularpurpose.
©2009Gartner,Inc.and/oritsAffiliates.AllRightsReserved.Reproductionanddistributionofthispublicationinanyformwithoutpriorwrittenpermissionisforbidden.Theinformationcontainedhereinhasbeenobtainedfromsourcesbelievedtobereliable.Gartnerdisclaimsallwarrantiesastotheaccuracy,completenessoradequacyofsuchinformation.AlthoughGartner’sresearchmaydiscusslegalissuesrelatedtotheinformationtechnologybusiness,Gartnerdoesnotprovidelegaladviceorservicesanditsresearchshouldnotbeconstruedorusedassuch.Gartnershallhavenoliabilityforerrors,omissionsorinadequaciesintheinformationcontainedhereinorforinterpretationsthereof.Theopinionsexpressedhereinaresubjecttochangewithoutnotice.
challengers leaders
niche players visionaries
completeness of vision
abili
ty to
exe
cute
As of 2H08
Verizon Business Symantec
SecureWorks
BT Global Services Integralis
VeriSign Perimeter Internetworking
Solutionary Savvis
Trustwave Bell
CompuCom (Getronics NA)
Orange Business Services CGI Group
EDS, an HP Company SAIC
Tata Communications Wipro Technologies
IBM Internet Security Systems AT&T
Unisys
Sprint
Figure 1. Magic Quadrant for MSSPs, North America
Source:Gartner(2H08)
3enteringthismarket,securityexpertise,reputationandMSSinnovationareoflessimportancethananestablishedrelationshipwithatrustedpartnerforotherITservices–“goodenough”securitymonitoringwassufficient.
PricingPricingonadevicebasisformonitoringandmanagementoffirewallsandIDPdevicescontinuestodeclineataslowpace.Gartnerexpectsthatduring2009-2010,pricingwillcontinuetodeclineaslargeIToutsourcing-orientedMSSPslikeTataCommunicationsandWiproTechnologiesincreasetheirpresenceinNorthAmerica,andaspotentialaswellasrenewingcustomersreflectcorporatebudgetpressureonITspending.AsthenumberofdevicesundermanagementbyMSSPsexpands,per-unitpricing should decline as some of the economies of scale are passed on to customers. Pricing remains a strong vendor selection criterionforTypeB(mainstreamITusers)andTypeC(risk-averse)customers,andGartnerseesTypeA(technicallyaggressive)customers increasingly factoring in pricing for MSS vendor selection orrenewalnegotiations.Althoughper-deviceandper-userpricingwillcontinuetodecline,MSSPscanincreasetheiraveragedealsize as enterprises add additional devices under management and consumenewserviceofferings.
Thereareseveralservicetrendsrelatedtopricing:
• Compliance-specific offerings. MSSPs are proposing services designedtomeetcompliancerequirements–forexample,monitoringserverlogsorpaymentsystems,orprovidingWebapplicationfirewallservices.Theseofferingsaredesignedtoobtaincustomerslookingtomeetthosespecificrequirementsatalowprice,withtheMSSPanticipatingexpandingthescopeof services as customers gain familiarity and see value.
• Virtualization.Customersimplementingvirtualizedfirewalls–forexample,replacing10firewallsapplianceswithasingledevicerunning10virtualfirewalls–expectthatthehardwarecostsavingstheyrealizewillalsobereflectedinalowerpricebythe MSSP to manage and monitor 10 virtual devices. Although MSSPsmakethecasethattheircostsformonitoring/managingthe10firewallshavenotfallen,customerexpectationsfor savings are pushing MSSPs to reduce their pricing for virtualizedfirewalls.Basedonpreliminaryinformation,pricingforvirtualizedfirewallmonitoring/managementisbetween50%and80%ofthepricingfordoingsoonphysicaldevices.VirtualizationwillalsoaffectpricingforMSSPsofferingfirewallservicestodatacentersviatheirownequipment.Asthesefirewallsarevirtualized,serviceproviderswillbepressedtopasson some of the reduced costs to their MSS customers.
• Multifunction firewalls.MSSPsareintroducinglow-costmonitoring/managementservicesbasedonmultifunctionfirewalldevicesforfirewall,intrusionpreventionservice(IPS),antivirus(AV)andWebgatewayfunctions.Theseservicesaretargetedtosmallormidsizebusinesses(SMBs)orbranch-officedeployments,withpricingreflectingthelimitedconfigurationchanges, reporting and security operations center (SOC) interactiontypicallyrequiredbycustomersoftheseofferings.
SMB Firewall ServicesMSS providers generally offer monitoring and management forSMBmultifunctionfirewallsthatencompassesfirewall,IPS,e-mailAVandanti-spam,andURLfilteringcapabilityinonedevice.TheseservicestypicallytargetSMBenterprises,and offer minimal security analyst interaction, and limited configurationchangesandreporting.SomeserviceswillincorporatethecostoftheSMBfirewallintheservicesubscriptionfeesothatcustomersdonotneedtobuythedevicesoutoftheircapitalbudgets.SMBsexploringoutsourcing monitoring and management of multifunction devicesshouldassesstheabilityofMSSPstodeploydeviceswithstandardconfigurationsthataddressverticalindustryorcompliancerequirementstowhichtheyaresubject,aswellasupdate those configurations as part of the standard service offering,basedonchangesinthoserequirements.
Managedservicesformultifunctionfirewallsarealsousedbyenterprise customers to provide monitoring or management to remote-officeorbranch-officesecurityappliances.TheseofficeshaverequirementssimilartoSMBneeds;thereislittleneedforanalystinteractionwithallofficelocations,andtypicallytherearealimitednumberofstandardconfigurationsthattheenterprisecustomerdeploystobranchoffices.EnterpriseslookingtouseMSSPsforremote-office/branch-officedevicemanagementandmonitoringshouldassesstheabilityofMSSPstoprovidealertingreportingthatprovidessufficientdetailbylocationtothecorporatesecurity team.
Security Information Management as a ServiceSeveral MSSPs have service offerings for security information management, including the collection, analysis, reporting and storage of log data from servers, user directories, applications anddatabases.Theseserviceofferingstypicallyforgoreal-timemonitoringandalerting,andfocusoncompliance-orientedreportingonexceptions,reviewsanddocumentation,withtheabilitytostoreandarchivelogsforlaterinvestigationandfordataretentionrequirements.Theseofferingsarebeingdrivenbyclientsthatmustmeetcompliancerequirementsandareseekinganalternativetobuyingandimplementingasecurityinformation/eventmanagement(SIEM)product.
Therearethreetypesofinformation/logmanagementofferings,eachwithslightvariationsavailable:
• Customer-premisesapplianceservicesinvolveloggingappliance, such as those from Loglogic or ArcSight (and others) at the customer site to collect and store log data from security andnetworkdevices,servers,applicationsanddirectories.TheMSSPmaymanagetheappliance,andmayprovidethecustomeraccesstotheappliance’sreportingcapabilityviatheMSSP’s portal. Customers can often run queries and reports fromtheloggingappliance’sconsole,aswell.TheappliancecanalsobeconfiguredtoforwardasubsetofeventsandlogstotheMSSPforreal-timecorrelation,analysisandalertingaspartoftheMSSP’susualmonitoringservices.Theon-siteappliancemaybeownedbythecustomer,orprovidedbytheMSSPasapartoftheservicesubscription.
4• AnMSSP-hostedapplianceprovidesthesameservicesas
thecustomer-premisesdeployment,butthelogcollectionandarchivingtechnologyishostedbytheMSSP.Reportingcapabilities,aswellastheabilitytoincorporateselecteddatafeedsintoreal-timecorrelation,analysisandreporting,aresimilartotheon-premisesofferings.Theloggingtechnologyisownedbytheserviceprovider.
• AnMSSP-basedserviceinvolvestheforwardingoflogdatatotheMSSPforstorageandarchiving,withthecustomerabletorun correlation and generate reports via the MSSP’s correlation engine.Thisofferingforegoesreal-timeanalysisandalertingbytheMSSPoperationsstaff.TheMSSP-basedservicecaninclude direct customer log feeds to the MSSP or may include anMSSP-providedon-premisescollectortoacquirecustomerlogsandforwardthemtotheMSSP.
Inpractice,thedeploymentofmanagedlogservicesisstillintheearlystages,withmostdeploymentsbeingon-premisesloggingappliances.Thereareseveralreasonsforthis:
• Enterprisesarestillgainingexperiencewithlogmanagementtechnology and processes. Gartner customers report struggling withissues,suchasthescopeoftheloggingdeployment,determiningwhatspecificlogmessagesandcorrelationsarerelevant,anddevelopingthealerting,reportingandworkflowtomeetthevariousrequirementsofsecurityoperations,IToperations and compliance groups.
• Theamountoflogdatathatmustbeacquired,storedandanalyzed.Forlargeenterpriseloggingdeployments,theincreasednetworkbandwidthrequiredtosendlogstoaremoteserviceprovidermaybeprohibitive.Inaddition,someenterprises may treat the information contained in logs, especiallyregardingprivilegeduserandapplicationordatabaseactivity,assensitive.Therefore,theyarereluctanttosendthoselogstoanexternalserviceprovider.
• Whereapplicationsordatabasesarehostedbyexternalserviceproviders, enterprises may face an additional challenge in including those logs in a centralized logging environment.
Given these ongoing challenges, Gartner anticipates that enterpriseswilloutsourcelogmanagement,deliveredviaon-premisesloggingappliancesorremotely,viaseveralscenariosduringthenext12to18months.Gartneranticipatesanincreaseinthedeploymentofoutsourcedcustomer-premisesandMSSP-basedloggingservicesinfourtypesofenvironments:
• Limitedscopeoftechnologywithspecificcompliancerequirement.WeexpectthatlargeenterprisesandSMBswillseektoreducetheircostsofmeetingspecificcompliancerequirementsviaoutsourcing.Initially,thismaybedonepiecemealforspecificelementsoftheITinfrastructuretiedtospecificcomplianceregimes.Later,weexpectaconsolidationof monitoring approaches to gain efficiencies and reduce costs.
• SMBswithafairlylowvolumeoflogdataandlimitedcapabilitiestodeployandmanageloggingtechnologyin-house.Forthesebusinesseswithlimitedinternalresources,theloggingoutsourcingdecisionissubjecttothesamedriversastheirother outsourcing decisions – limited internal resources to address the requirements.
• Enterprisesthathavealreadyoutsourcedmonitoringandmanagement of their perimeter security technologies and have atrustedrelationshipwiththeirMSSPs.GartnercustomersthatexpressdeeperinterestinoutsourcinglogmanagementaretypicallyalreadyengagedwithanMSSP.Outsourcingsecuritymeans relinquishing control of the technology and process, and theseenterpriseshaveexperiencefindingtherightbalancewitha security outsourcer.
• Enterprisesthathavedevelopedin-houselogmanagementcapabilities,andarereadytooutsourcethem.Enterprisesthathave rationalized the scope of the log management efforts – and have developed the reporting and remediation processes toaddressoperationalandcomplianceconcerns–willseektoreduceongoingmaintenanceandoperationalcostsbyturningtoexternalserviceproviders.Gartneranticipatesthattheoutsourcingoflogmanagementwillfollowthegeneralarcofoutsourcingfirewallmanagementinlargeenterprises:redeploymentofinternalresourcestomore-business-enablingactivitieswilldrivetheoutsourcingdecisions.
Duringthenext24months,MSSPsthatdevelopsuccessfulservicesforlogmonitoringandmanagementwilladdressthedifferencesbetweenthoseactivitiesandtraditionalMSSPperimetersecuritymonitoringexpertiseandexperience.Therearetwoimportant areas MSSPs must address:
• TheMSSP’sexpertiseislimitedinsidetheenterprisenetwork.Unlikeperimetermonitoring,whereMSSPsleveragetheirknowledgeofexternalthreatsandtheprofileofattacksacrosstheircustomerbase,theidentificationofsuspiciousactivitiesinservers,applicationsanddatabasesinsidetheenterpriseisheavilyreliantontheknowledgeofusersandbusinessactivitiesuniquetotheenterprise.MSSPsareaddressingthisbyofferingmoreself-servicecapabilities,socustomerscandevelopthecorrelationrules,alertsandreportsthatarerelevanttothem.Inaddition,theMSSPsarebeginningtobuildcorrelations,alertsand reports into their services that are most commonly needed bycustomers,evenifthosemustbefurthercustomized.
• MSSPsmustaddressthedifferentneedsofsecuritymonitoringandIToperations.MSSPsthatmonitorservers,applicationsanddatabasestypicallydosotoidentifysecurity-relatedevents,asmallsubsetoftheloggingactivity.MSSPsmustbeabletoaccommodatethosecustomerswithacommonlogging architecture for security and operations, and focus on the events relevant to customer security and compliance teams.EnterprisesusingITinfrastructureoutsourcersforsecuritymonitoringmustgetsecurity-specificservice-levelagreements (SLAs) to ensure that the requirements of the securityoperationsandIToperationsteamsareaddressed,including access to relevant log data. Enterprises using MSSPs shouldinvestigatewhetherthelogcollectionandanalysiscapabilitiesmanagedbytheserviceprovidercanbeextendedorcustomizedtoprovidebettersupportforIToperations.
5In-the-Cloud MSS and Security as a ServiceGartnercontinuestoseedealsforin-the-cloud(ITC)-managedfirewallservicesandon-demanddistributeddenial-of-service(DDoS)offeringsfromISPsandtelcos.SeveralMSSPsareanticipatingbringingtomarketITCservicesforintrusionprevention.However,thereismuchmarketeducationtobedoneregardingtheavailability,benefitsandcostscomparedwithmoretraditionalcustomer-premisesequipmentoptionsforthesetechnologies.BecauseITCservicesarebundledwithbandwidthservices,itispossiblethatenterprisesecurityorganizationsarenotexposedtotheavailabilityoftheseservicestothesamedegreeastheyaretotheon-premiseshardwaresolutions.GartnerrecommendsrequestinginformationaboutITCsecurityservicesfrombandwidthprovidersifthesecuritygroupisconsidering outsourcing to an MSSP.
Increasedemployeemobilityandtrends,suchasteleworkingandtheconsumerizationofIT,havecausedenterprisestolookforwaystoextendtheirperimeterprotectionsoutintotheInternetcloud.WhenmobileemployeesareaccessingSaaSofferings,suchassalesforce.com, they are not traversing the perimeter and are at agreatlyincreasedriskofcompromisefromnewthreats,suchasbotnetclients.Similarly,employeesusingtheirhomePCstoaccessSaaSorcorporateapplicationsarealsoatrisk.SecureWebgatewayvendorsareseeingtheneedtoofferWebfilteringinthecloudproxyservices,andstartupssuchasPurewireandZscalerarebuildingsimilarcapabilities.Theseofferingswillreducetheaddressablemarketofperimetercustomer-premisesdevicesthatareavailableforMSSPmonitoringandmanagement.MSSPswillhavetoevolvetheirownsecurity-as-a-serviceofferingsby2010topreventmarketerosion.
ThetrendtowardcompetitionforMSSrenewaldealshascontinuedsince“MagicQuadrantforMSSPs,NorthAmerica,1H07,”andcostconcernshaveincreased.AlsoontheincreaseisconcernabouttheviabilityofspecificMSSPsasaresultoftheeconomicslowdown.EvenlargeMSSPsarenotimmune,withGartnercustomersexpressingconcernaboutthecommitmentofMSSPstothemarket,“braindrain”andtheabilitytomeetservicelevelsinthewakeofmergers.GartnerexpectsacontinuationofcustomersrenewingorrecompletingMSSdealstotrytokeepcostsfromgrowing,evenastheylookatpossiblyexpandingservices under contract.
MSSP Location as a Factor in the North American
MarketAsaremotelydeliveredservice,MSScanbedeliveredgloballyfrom security operations centers located far from the security devicesbeingmonitoredormanaged.BasedonfeedbackfromGartnercustomersofMSSPsbasedinNorthAmericanandinother regions, the location of the MSSP SOCs, support staff, managementandsalesforceisimportantinseveralcontexts:
• Outsourcingsecuritymonitoringormanagementinvolvesenterprisestaffrelinquishingcontrol,aswellastheabilitytomeetwithMSSPmanagementoroperationsstaff,andensuring that the SOC can increase security staff confidence. Gartner customers in North America have tended to favor MSS providerswithNorthAmericanSOCsandsupportpresence.
• Formanyenterprises,managedsecurityisarelationshipbuy.Thepresenceofaserviceprovider’slocalsalesteams,presalestechnicalsupportandconsultingcapabilityhelpestablishthatrelationshipearlierinthebuyingcycle.
• IncaseswhereSOCslocatedoutsideofNorthAmericahavelimitedresourcestosupportEnglishlanguageinteractionwithNorthAmericancustomersoutsideofnormalbusinesshours,Gartnercustomershaveexpressedfrustrationandrequestedlocalsupportbemadeavailable.
• WheretheMSSPisresponsiblefortheinstallationandintegrationofsecuritytechnology,orforbreak-fixofthetechnology,localpresence(oreffectivepartneringwithlocalserviceproviders)istypicallyneededtomeetSLAs.Customersalsoreportthatwhenusing the MSSP to deploy and configure technology across regions,thebiggestsourceofdelay(andfrustration)isrelatedtomovingthetechnologyacrossnationalborders.
Gartnerexpectsthatsomeofthepreferencetowardin-regionSOCpresencewillerodeascustomersbecomemorecomfortablewithsecurityoutsourcing,andasMSSPspushlowerpricingbasedonlaborcostsforSOCsinotherregions.However,MSSPsmustaddressotherpotentialconcernsbyprovidingmorevisible,documentedandauditableevidenceofservicedeliverytocustomers.
Service Provider LandscapeMSSPscontinuetobefoundinafewbasicflavors.Therearestillpure-playMSSPs,includingSecureWorks,Solutionary,TrustwaveandPerimeterInternetworkingontheMagicQuadrant,aswellasmany smaller, regional pure plays. System integrators/strategic outsourcersincludeIBMandEDS,anHPCompany),aswellastelcos,includingAT&T,BTGlobalServices,OrangeBusinessServicesandVerizonBusiness.
VeriSignisincludedinthisMagicQuadrant.AlthoughVeriSignannounced in late 2007 its intention to sell its enterprise security group(MSS,consultinganditssecurityintelligencebusinesses),nobuyerhasbeenannounced.BeinginacquisitionlimbohasseverelyaffectedVeriSign’sabilitytocompete;however,Gartnerstillviewsitasaviableprovider.
InthisMagicQuadrant,wereflecttheacquisitionofCybertrustbyVerizonBusiness,withthecombinedentitycalledVerizonBusiness.InAugust2008,KPNInternationalsolditsNorthAmericaGetronicsbusinesstoCompucom.DuringtheanalysisofthesurveydatarelatedtothisMagicQuadrant,HPannounceditwasacquiringEDS.AmbironTrustWavechangeditsnametoTrustwave.Inaddition,wehaveaddedTataCommunicationsandWiproTechnologiestothisMagicQuadrant,basedonencounteringthem in several MSS deals and on our verification that they are deliveringMSSintheNorthAmericanmarket.InFebruary2009,StillSecureacquiredMSSPProtectPoint.WewerenotabletoevaluateStillSecure’sMSScapabilitiespriortopublishingthisMagicQuadrant.CSCisnotincludedintheMagicQuadrant.CSCoffersmanagedsecurityasacomponentofabroadersecurityandriskmanagementportfolio,anddoesnotmeettheinclusioncriteriaforthisMagicQuadrant.
6Vendors that only have managed security offerings that are outsideofthefirewall/IDPmanagementandmonitoringfocusofthisdocument,suchasProlexicTechnologies(DDOSprotection),Qualys(scanning)orAlertLogic(scanning/IDS/logging)arenotincludedinthisMagicQuadrant.
Market Definition/DescriptionForthepurposesofthisresearch,Gartnerdefines“MSS”astheremotemanagementormonitoringofITsecurityinformation,assetsandprocesseswherethedeliveryofthoseservicesisviaremotesecurity operations centers, not through personnel on site. MSS does not, therefore, include any consulting or development and integrationservicesthatmaybeincludedinasecurityoutsourcingengagement.
MSSs include:
• MonitoredormanagedfirewallorIPSs
• MonitoringormanagedIDSs
• DDOSprotection
• Managede-mailantivirus/anti-spamservices
• Managedgatewayantivirusservices
• Securityinformationmanagement
• Securityeventmanagement
• Managedvulnerabilityscanningofnetworks,serversorapplications
• Securityvulnerabilityorthreat-notificationservices
• Managedloganalysis
• Reportingassociatedwithmonitored/manageddevicesandincident response
• AlloftheselistedservicesdeliveredviaCPEorISPcentralofficeequipment
ThisMagicQuadrantevaluatesvendorsthatoffermonitored/managedfirewallandintrusiondetection/preventionfunctions,ratherthanthosefocused on a single element of the services listed here.
Inclusion and Exclusion CriteriaTobeincludedinthisMagicQuadrant,anMSSPmusthave:
• TheabilitytoremotelymonitorormanagefirewallsandIDPdevices via discrete service offerings
• Morethan500firewall/IDPdevicesunderremotemanagementormonitoringforexternalcustomers,oratleast200externalcustomerswiththosedevicesundermanagementormonitoring
• ReferenceaccountsrelevanttoGartnercustomersinNorthAmerica
AddedWehaveaddedWiproTechnologiesandTataCommunicationstothisMagicQuadrant.Theseserviceprovidersnowhavesufficientpresence for MSS in North America to qualify for inclusion.
DroppedWehavedroppedCSCfromthisMagicQuadrant,becauseitsMSSofferingispresentedinalargerriskandsecurityservicecontext,and does not meet the inclusion criteria.
Evaluation Criteria
Product/Service
OverallViability(BusinessUnit,Financial,Strategy, Organization)
SalesExecution/Pricing
MarketResponsivenessandTrackRecord
MarketingExecution
CustomerExperience
Operations
Weighting
High
High
Standard
Standard
Low
High
Standard
Table 1. Ability to Execute Evaluation Criteria
Source: Gartner (April 2009)
Evaluation Criteria
MarketUnderstanding
MarketingStrategy
Sales Strategy
Offering (Product) Strategy
BusinessModel
Vertical/IndustryStrategy
Innovation
Geographic Strategy
Weighting
High
Standard
Standard
High
Standard
Standard
High
Low
Table 2. Completeness of Vision Evaluation Criteria
Source: Gartner (April 2009)
7Evaluation Criteria
Ability to ExecuteAbilitytoexecutecriteria(seeTable1)arediscussedin“UpdatedCriteriaforSelectinganMSSP.”
Completeness of VisionCriteriaweightsforcompletenessofvisionareshowninTable2.
LeadersEach of the service providers in the Leaders quadrant has significant “mindshare”amongenterpriseslookingtobuyanMSSasadiscreteoffering.Theseprovidersgenerallyreceivepositivereportsonserviceand performance from Gartner clients. MSSPs in the Leaders quadrant are typically appropriate options for enterprises requiring frequent interactionwiththeMSSPforanalystexpertiseandadvice,portal-basedcorrelationandworkflowsupport,andflexiblereportingoptions.
ChallengersGartnercustomersaremorelikelytoencounteranMSSofferedbyaservice provider in the Challengers quadrant as a component of that provider’s other telecom, outsourcing or consulting services. Although an MSS is not a leading service offering for this type of vendor, it offers a“pathofleastresistance”toenterprisesthatneedanMSSPandusethevendor’smainservices.Theseserviceprovidersalsorepresentthelargest portion of overall MSSP revenue.
VisionariesCompanies in the Visionaries quadrant have demonstrated the abilitytoturnastrongfocusonmanagedsecurityintohigh-qualityserviceofferingsfortheMSSmarket.VendorsintheVisionariesquadrant are often strong contenders for enterprises requiring frequentinteractionwithMSSanalysts,flexibleservicedeliveryoptions and strong customer service.
Niche PlayersNicheplayersarecharacterizedbyserviceofferingsthatareavailableprimarilyinspecificmarketsegmentsorprimarilyaspartof other service offerings.
Vendor Strengths and Cautions
AT&TAT&ThasbeenanearlyandaggressiveproponentofITCservices.AT&TcontinuestoleveragethegreaterthreatvisibilitygainedbymanaginglargeportionsoftheInternetbackbone.EnterprisesseekingtoaugmentbandwidthserviceswithITCprotection,requiringremote-office/branch-officeMSS,orrequiringamultinational,multiserviceMSSpartner,shouldconsiderAT&T.
Strengths
• AT&Thasabroadrangeofservices,flexiblepricinganddeliveryforms.
• ItsservicedevelopmentleveragesAT&Ttelcostrengths.
• AT&ThasastronginternalcommitmenttoMSSandprovidesITCdeliveryleadership.
• AT&Tisastablevendorwithamultinationalpresence.
Cautions
• AT&T’smanaging/monitoringservicesbasedonCPEarenotanemphasis.
• SecuritymarketingstrugglesforattentioninAT&T’soveralloutreach.
• ITCpricingneedsmoresimplicitytoenableeasycomparisonwithCPEalternatives.
Bell Inadditiontobroadernetworkandcommunicationsservices,BellprovidesablendoftraditionalstaffaugmentationandoutsourcingwithMSS.EnterprisesshouldconsiderBellforMSSwhensecurityrequirementsmustfitwithinexistingcontractorprocurementarrangementswithBell.
Strengths
• Itiswell-knownintheCanadianmarket.
• IthasarangeofMSSofferingsdesignedtomeettheneedsoflessdemandingcustomers,aswellthosewithmore-stringentMSS requirements.
• IthasastrongCanadagovernmentpresence,andtheabilitytopartnerwithothersecurityserviceproviderstoaddressservicegaps(suchasIBMandCGIGroup)fordeliveryonsomecontracts.
Cautions
• Bellhasarelativelysmallnumberoffirewalls,IDSsandIPSsundermanagement/monitoring,andthusalimitedabilitytogenerateeconomies of scale from monitoring and management activities.
• Theservicesofferlimitedassettrackingandcorrelationcomparedwithcompetitorofferings.
• Onereferencecustomerreportsdissatisfactionwithunevenservice delivery.
• Bell’sMSSfocusisprimarilyontheCanadianmarket,althoughitdoessupportcustomersintheU.S.market,andreliesonpartnershipstoaffectworldwideservicedelivery.
8BT Global ServicesBT’sacquisitionofCounterpanein2006gaveitincreasedpresenceintheNorthAmericanMSSmarket.Acquisitionofconsultingcapabilities(INS)andBT’smultinationalpresenceprovidethepotentialtoexpandmonitoringcapabilitiesandoverallMSSportfolio.BTcustomerslookingtoaugmentexistingtelecomserviceswithMSS,orthosewithrequirementsthatincludemultinationalpresenceandsupportshouldconsiderBTGlobal.
Strengths
• BTGlobalhasworldwidepresence,andafullportfolioofmanaged services and consulting services.
• TheCounterpaneacquisitionhasaddedextensivesecuritymonitoringexperience.
• BTGlobalhasinvestedinexpandingmonitoringcapabilitiesinNorth America and other regions.
Cautions
• BTGlobalhasreducedvisibilitytoenterpriseMSSbuyersanddoes not appear on shortlists as often as Counterpane does.
• BTGlobalmustsharpenitsMSSfocustoexpandvisibilitytoenterprisesthatarenotalreadyBTcustomers.
• ItmustalsoexpanditsITCservicedeliveryandserviceintegrationbetweenmonitoringanddelivery.
CGI GroupCGIGroupoffersabroadportfolioofmanagedsecurityservices,aswellasstrategicoutsourcingservicesforIT.PlansareforaslowexpansionbeyondCanada,includingtheadditionofaU.S.-basedSOC.EnterpriseslookingtoaddsecuritymonitoringandmanagementtoinfrastructureoutsourcingshouldconsiderCGI.
Strengths
• CGIiswell-knownintheCanadianmarketandhasapresenceintheCanadagovernmentmarket.
• IthassomevisibilityintheU.S.marketduetoacquisitions.
• CGIhasflexibledeliveryoptions,includingremoteservices,traditional outsourcing and staff augmentation.
Cautions
• GartnercustomershavelimitedvisibilityofCGIforsecuritymonitoringandmanagementduetodependenceonCGI’sotherlinesofbusinessandBelltosellMSS.
• Expansionplansmaybedelayedduetothebusinessclimate.
• CGIhasbeenslowtoaddsomeservicestoitsMSSportfolio.
• CGI’sportallacksfeaturesandcapabilitiescomparedwiththose of competitors.
CompuCom (Getronics NA)CompuCom’sMSScapabilitycomesfromacquisitionoftheNorthAmericanoperationofGetronics(whichincludedworldwideMSSdelivery) in August 2008. Prior to the acquisition, Getronic’s MSS businesssufferedreducedvisibilityduetochangingbusinessemphasis. CompuCom (Getronics NA) is incorporating its service delivery and customer support processes into the acquired managed security services. CompuCom customers or enterprises lookingforretail-orientedandcompliance-focusedsecurityoutsourcingshouldconsiderCompuCom(GetronicsNA)-managedsecurity services.
Strengths
• Ithasafullportfolioofmanagedsecurityservicesfordevicemonitoring and management.
• ItsMSSbusinessunithasmaintainedastablecoreofpersonnelthroughseveralownershipchanges.
• ItsMSSbusinesshasfocusedonentertainment,insurance,retail and security related to compliance requirements.
Cautions
• IthaslimitedvisibilityamongGartnercustomerslookingforMSSPs.
• ItwilltaketimeforCompuComtoimproveGetronicssupportandservicedeliverycapabilitiesanddemonstrateanincreasedfocus on MSS.
EDS, an HP CompanyEDShasrecentlybeguntoprovidemanagedsecurityservicesasaseparateserviceofferingfromitsIToutsourcingbusiness,althoughMSSisstillorientedtowardIToutsourcingcustomers.EnterpriseswithrequirementsforasingleproviderforITandsecurityoutsourcingshouldconsiderEDS.
Strengths
• Itoffersasingle-serviceprovideroptionforabroadrangeofIToutsourcing services and security management.
• ItsMSSofferingsaredevicemonitoringandmanagement,augmentedbyhostedandCPE-basedlogmanagement.
• EDSMSShasaStatementonAuditingStandardsNo.70(SAS70)TypeIIaudit,andthegovernmentoperationscenterhasISO27001certification.
9Cautions
• EDSmustexpanditsofferingstosupportgreaterenterpriseCPEdeploymentstobeconsideredforengagementsbeyondthescopeofanITOserviceportal,anditsreportingcapabilitiesneedimprovementtoachieveparitywiththoseofcompetitors.
• AsaresultoftheacquisitionbyHP,thereisthepotentialforchangesintheEDSportfolioofservices,areducedcommitment to MSS as a discrete service or a negative effectonEDS’sabilitytodeliverytotheexpectationsofMSScustomers.
IBM Internet Security Systems IBMISSisalong-establishedMSSproviderthroughIBMglobalservicesandstrategicoutsourcing,whichwasgivenrenewedfocusbytheacquisitionofInternetSecuritySystems(ISS)anditsMSScapabilities.Enterprisesrequiringstrongsecurityexpertise,multinationalsupportandtheavailabilityofextensiveconsultingresourcesshouldconsiderIBMISS.
Strengths
• IBMISShasworldwidepresenceanddeliverycapability.
• X-ForceresearchandIBMglobalservicesconsultingaugmentsits security monitoring and management portfolio.
• IBMISSwasearlytoofferlogmanagementservices.
• IthasSAS-70TypeIIauditandSysTrustcertification.
Cautions
• SeveralGartnercustomersreportoperationalserviceissuesandnewofferingdelaysastheISSMSSorganizationfindsitsfitinIBMGlobalServices,andcustomersofIBMGlobalServicesmanagedsecurityaremovedontotheISSMSSdeliverymodel.
• Gartnerhasreceivedsomereportsofpresalebiastowardmanaging/monitoringIBMISSproducts,andIBMwillneedtoestablishclearmessagingtothemarketplaceaboutitsproduct-neutral MSS offerings.
IntegralisIntegralisiswell-knowninEuropeasasystemintegrator,ITmanagement provider and MSSP, and has had a quiet presence inNorthAmericaforseveralyears.IntegralishasrecentlybegunexpandingitsNorthAmericapresence,openingasecondSOContheWestCoast,andhasplanstoexpandtoAsia/Pacific.EnterprisesseekinginternationaldeliverycapabilitiesandabroadrangeofMSSofferingsshouldconsiderIntegralis.
Strengths
• IntegralisrecentlyexpandeditsNorthAmericapresence,includingbetterregionalbusinesshourssupport.
• Ithasabroadportfolioofsecurityservicesofferings,includinglogmanagement,e-mailsecurityandauthenticationservices.
• ItisMSSSAS70TypeIIauditedandinternationalMSS27001certified.
Cautions
• UnevenimplementationandintegrationserviceshavebeenreportedbyIntegraliscustomers.
• IntegralishashadlimitedvisibilityintheNorthAmericaMSSmarket.
• Thebusinessclimatemayslowitsexpansionplans.
Orange Business ServicesOrangeBusinessServicesoffersglobalMSScoverage.Orangehas invested heavily in process and service improvement efforts across its services, including a full set of managed security services.OrangeisbetterknowninEuropethaninNorthAmerica,butcustomersgiveitgoodmarksforsolidservicedelivery.Telecommunicationscustomersofthecompanyshouldconsideritfor MSS.
Strengths
• Orangecustomersreporteffectiveservicedeliveryformanagedsecurity.
• OrangeundergoesSAS70TypeIIauditsandhasreceivedISO270001 certification for international customers of its Cairo SOC.
Cautions
• ThecorrelationinformationandlogmanagementreportingavailablethroughtheOrangeportallagsbehinditscompetitors.
• OrangehaslaggedinpromotingITCfirewallservicestoNorthAmerica customers.
• IthaslimitedvisibilityasanMSStocustomerslookingfordiscretemanagedsecuritycapabilities.
10Perimeter InternetworkingPerimeterInternetworkinghasfocusedontheSMBmarket,withaconcentrationofbanking,andisexpandingbeyondthatindustrytootherverticals,aswellasthelargerenterprisemarket.Perimeteroffersseveraldeliverymodes,includinghosted/ITC,aswellascustomer-premisesequipmentmonitoring/management.Itsdeploymentsaremosttypicallycompliance-focused,“low-touch”relationships,wherecustomershaveverylimitedinternalsecurityresources.SMBslookingforMSSwithcompliance-focus,easydeploymentoptionsandarelativelylow-touchrelationshipwiththeservice provider should consider Perimeter.
Strengths
• CustomersandreferencesreportstrongsatisfactionwithPerimeter’s services.
• Perimeterhasabroadportfolioofsecurityservicesbeyonddevicemonitoringandmanagement,includingITCdeliveryoptions.
• Perimeterrecentlyaddedtoitsmanagementteamtoexpanddeliveryandstrategyexperience.
Cautions
• Perimetermustensurethatitsofferingsprovideeasy-to-understandandeasy-to-buyoptionsforprospectivecustomers.Theseincludeflexiblecontractlengthtermstoaddresstherequirements of customers involved in mergers and acquisitions.
• Perimeter’sofferingsspansecuritybuyingcenters.AsPerimeterencounters enterprise prospects, it must address the issues ofdistinctdecisionmakers,requirementsandbudgetsacrossthesebuyingcenters.
• Perimeterhasbeguntoaddenterprisestoitscustomerbase,andmustproveitcandelivertheservicelevelsdemandedbyenterpriseswhilemaintainingitsSMBdeliverycapability.
SavvisSavvisoffersCPE-based,hostedandITC-managedsecurityofferings,andpartnerswithotherserviceprovidersfore-mailandvulnerabilityscanningservices.SavvisoffersMSSforcustomersofitsnetworkandhostingbusinesses,aswellastocustomersseekingstand-alonemanagedsecurityservices.EnterprisesshouldconsiderSavvisMSS,asCPEorITCdeploymentstoaugmentSavvishostingornetworkservices.
Strengths
• SavvishassteadilydevelopedMSScapabilitiesduringthepastfewyears,resultinginserviceswithseveraldeploymentoptionsforitsnetworkandhostingcustomers,aswellasenterprisesthatarelookingforstand-aloneservices.
• Savvis’ssecurityexpertiseisenhancedbyitsArcaCommonCriteriaTestingLaboratory.
• Ithason-premisesappliance-basedlogmanagementaswellashosted log management offerings.
• SavvisconductsanannualSAS-70typeIIauditofitsMSSoperations.
Cautions
• Savvismustimprovethecapabilitiesofitssecurityportaltomatch those of competitors.
• SavvissellsMSSthroughdirectsales,whichmaylimititsabilityto reach customers interested only in MSS deals, rather than in MSSplushostingornetworkservices.
• SavvismustraiseitssecurityservicesprofiletobeconsideredanMSSPbymoreenterprisesandSMBsthatarenotalreadySavvisnetworkorhostingcustomers.
SAICSAIC’sMSSbusinessisapartofalargerIToutsourcingandsecurityservicescapability,andisoftendeliveredasacomponentofalargeroutsourcingrelationship.EnterpriseswithMSSdeploymentsthatwillinvolvesignificantimplementationandintegrationworkshouldconsiderSAIC’sstrengthstodeliverthoseservices in addition to ongoing monitoring, log management and information-sharingcapabilities.
Strengths
• SAICdemonstratesstrongsecurityexpertiseandintegrationcapabilityinitsconsultingbusiness,governmentandcommercial,aswellasthroughitscertificationlab.
• SAICiswell-knownamongU.S.governmentcustomers,andoperatestheFederalComputerIncidentResponseCenterattheU.S.DepartmentofHomelandSecurity.
• SAIChassomevisibilitytocommercialenterprisesviaitsInformationSharingandAnalysisCenter(ISAC).
Cautions
• GartnercommercialenterprisecustomerslookingformanagedsecurityhaveverylimitedexposuretoSAIC’sofferings.
SecureWorksSecureWorkshastwodistinctmarkettargets:SMBsrequiringlow-costperimeterprotection,andenterprisecustomerswithmore-extensiveanddemandingmonitoringrequirements.SecureWorkshasmanagedtobringtogetheritshigh-volumedirectsalesefforts,
11targetingthefirstgroupandmorerelationship-drivensaleseffortstargetingthelatter.ConsiderSecureWorksifyourrequirementsincludecompliance-specificelements,andeasydeploymentoptions, or if your requirements include proactive and responsive servicedeliverywithstrongsecurityexpertiseandanalystinvolvement.
Strengths
• SecureWorksgetshighpraisefromcustomersforstrongservicedelivery,securityexpertiseandcommitmenttocustomersatisfaction.
• SecureWorkshasaugmenteditsmonitoringserviceswithlogmanagement services in several delivery options, including hostedserviceandsecurity-as-a-servicemodels.
• SecureWorkshasrecentlyaddedchannelpartnersinCanadaand outside North America.
• ItundergoesannualSAS70TypeIIauditsandperiodicFFIECexaminations.
Cautions
• SecureWorksmustupgradethecapacityofitsiSensortosupportgreaternetworkthroughputforenterprisecustomers.
• SecureWorkssellsprimarilythroughitsdirectsalesforce,andneeds to add to its channel partners.
• Thecurrentbusinessclimatemayslowplanstoexpandpartnerships in Canada and outside North America.
SolutionarySolutionary offers a range of security and compliance services underitsActiveGuardbranding,includingdevicemonitoringandmanagement,vulnerabilityscanning,andlogmonitoringandmanagement. Solutionary also offers security program assessments withitsSecurCompassSaaSofferingandconsultingservices.Solutionary’scustomersareprimarilymidsizeenterprises,butisaddingcustomersintheSMBandtheenterprisemarkets.ConsiderSolutionaryifyourrequirementsincludeflexibleservicepackaging,strong service delivery and North America deployment.
Strengths
• Solutionarycustomersgivethefirmgoodmarksforflexibilityindesigninganddeployingservicesaroundcustomer-specificrequirements.
• SolutionaryhasincreaseditschannelcapabilitiesandnowoffersitsMSSthroughseveralsystemintegrators,aswellasthrough direct sales.
• Solutionaryhashostandapplicationmonitoringcapabilities,includinghosted,on-demandservicesandavulnerabilityscanningofferingbasedonproprietarytechnology.
• SolutionaryservicehasbeenauditedunderSAS-70TypeII.
Cautions
• Solutionaryhashadunevendirectsalescoverageandhasnotengagedinapersistent,visiblemarketingeffort.
• Solutionaryhaslimitedvisibilityinthemarket,andmustraiseisprofile to prospective customers.
• Solutionarymustdoabetterjobexposingitsofferingsasdiscreteservices,sothatbuyerslookingforvulnerabilityscanningorforserverlogmonitoringwillbeabletodiscernthatSolutionary offers these services.
Sprint Sprint offers MSS to its government and commercial customers for bandwidthornetworkservices.SprintcustomerslookingforMSSofferingswithaknownprovidershouldconsiderSprintforCPEandITCdeployments.
Strengths
• Sprint’sbandwidthandnetworkservicescustomerscanextendtheirservicerelationshipstoincludearangeofMSScapabilities
• Sprint’sMSSincludeITCdeploymentoptionsforfirewallservices.
Cautions
• SprintMSScapabilitiesaretypicallynotknowntoGartnercustomersseekinganMSSP.
• Sprintmustimproveitslogmanagementcapabilities,andenabletighterintegrationbetweenitslogmanagementandothersecuritymonitoringcapabilitiestoachieveparitywithcompetitor offerings.
• Sprint’scompliancereportingcapabilitiesarelaggingthoseofcompetitors.
SymantecSymantechasbeenalong-termproviderofMSS,andhasmaintained a reputation as a premium provider to enterprises. Symantec’sserviceportfoliowasrecentlyaugmentedwithitspurchaseofMessageLabsfore-mailsecurity.Enterpriseslookingforenterprise-focusedsecurityexpertiseandworldwidedeliverycapabilitiesshouldconsiderSymantec.
12Strengths
• Symantec’sbroadMSSportfolioincludessecurityintelligenceresearch,aswellasremotelogmanagementsolutions.
• Symantec’sMSShasaSAS70TypeIIauditandISO27001(BS-7799:2005)certification.
• SymantecgetsgoodmarksfromcustomersforMSSdelivery.
Cautions
• CustomersreportsomedifficultyinnegotiationswithSymanteconservicerenewal,specificallyregardingserviceflexibilityorcustomization.
Tata CommunicationsTataCommunicationsintroduceditsMSSinNorthAmericainApril2008, and plans increasing operational presence and partnerships there.Tata’sMSSofferingsincludemonitoringandmanagementservicesformarket-leadingfirewalls,IDSandIPS.TataisalsodevelopingseveralITCserviceofferings.Logmonitoringservicesareplannedforfuturerelease.ExistingcustomersofTata’sservices,andenterpriseslookingforaggressivepricingforperimetermanagementandmonitoringshouldinvestigateTata’sofferings.
Strengths
• TataManagedSecurityhasdevelopedabroadsetofMSSofferings in a relatively short time frame.
• Tatagetsgoodmarksfromreferencesforefficientserviceimplementation,andforexceedingcontractualobligationsandcustomerexpectations.
Cautions
• Tata’slogmonitoringandmanagementservicesarelagging,comparedwithitscompetitors.
• Tatawillneedportalenhancementsforassetinformation,correlationandscanningtobringitsportalonaparwiththoseof competitors.
• Tatamustaddresspotentialconcernsofbuyerswhomaybewaryofoffshoremonitoringormanagementoftheirsecuritytechnology.
TrustwaveTrustwavewasformerlyknownasAmbironTrustwave.ItisknownbestforitsextensivePCIauditandassessmentbusiness.Trustwave’sMSScapabilitiesarefocusedonmonitoringsystemsinthescopeofPCIstandards.ConsiderTrustwavewhenyoursecuritymonitoringrequirementsareheavilyweightedformeetingthespecificrequirementsofthePCIstandards.
Strengths
• Trustwave’sbasicMSScapabilitiesareaugmentedbyPCI-specific log monitoring and management services, and reporting.
• Trustwave’sstrongpositioninthepaymentcardchannelprovides a steady stream of potential customers for its log monitoringcapabilities.
• Trustwavegetsgoodmarksfromreferenceaccounts.
• Trustwave’scertificationsincludeSAS70,FFIECexaminationandWebTrust.
Cautions
• Trustwave’sMSSportfolioisnotasbroadasmanycompetitors,andlacksalertingcapabilities.
• Trustwave’sportalcapabilitiesalsolagintheareasofassetinformation and correlation.
• Trustwave’sMSSvisibilityinthemarketislargelydrivenby,anddependenton,itspositionasaPCIassessor.TobeconsideredforMSSbusinessbeyondthescopeofPCIrequirements,TrustwavemustimproveitsabilitytoprovidecoreMSScapabilitiesandportalfeaturestoimproveitscompetitivepositioningagainstMSSPswithmorefocusonsupportingsecurity operations.
UnisysUnisys has a comprehensive MSS portfolio, outsourcing services, securityconsultingservicesandsystemintegrationcapabilities.
Strengths
• IthasafullsuiteofMSSofferings,includingon-premisesandhosted log management.
• UnisysMSSisdeployedacrossNorthAmerica,Europe,theMiddle East, Africa, Latin America and Asia/Pacific.
• UnisyshasSAS70TypeIIauditsandISO27001certificationsat multiple operations centers.
Cautions
• GartnercustomersandreferenceaccountshavereporteddissatisfactionwithUnisysexecutionandservicedeliveryinMSS.Unisyshasindicatedthatithasrenewedmanagementfocus on service delivery quality.
13VeriSignOn31January2008,VeriSignannouncedthatitwassellingitsMSS,consultingandiDefensebusinesses.GartnerconsidersVeriSignacredibleMSSprovider,aslongaspotentialcustomersestablishcontractualsafeguardstoensurecontinuityandqualityofserviceasthestatusofVeriSign’sownershipevolves.VeriSignhasbeenastrongMSSproviderforseveralyears,andhasexpandeditsmonitoringcapabilitiestoincludescanning,hostedSkybox,andlogmonitoringservices.ConsiderVeriSignwhenyourMSSrequirementsareweightedtowardNorthAmericadeploymentandincludestrongsecurityexpertise.
Strengths
• VeriSigngetsgoodgradesfromcustomersforservicedelivery.Gartner has not received reports of a falloff in service quality from VeriSign MSS customers.
• VeriSignwasamongthefirstMSSPstobringdiscretelogmanagementofferingstomarket,andhaslogmonitoringcapabilitiesthatincludeserver,application,directoryanddatabasesources.
• VeriSignhasagoodreputationforsecurityexpertiseinitsMSSgroupandinitsiDefensesecurityintelligencegroup.
• VeriSign’sMSShasaSAS70TypeIIauditandSafeHarborcertification.
Cautions
• VeriSignannounceditsintentiontosellitssecuritybusinessesmorethanayearago,buthasnotannouncedabuyer.VeriSign’sMSSportfolio,relationshipwithsecurityproductvendors,geographicdeliverycapabilitiesandahostofotherissueshingeontheidentityandplansofanewowner.
• Giventheuncertaintyofitsownershipanddirection,VeriSignneedsto continue to actively address concerns regarding its future.
Verizon BusinessVerizonBusinessgainedMSScapabilitiesfromitsacquisitionofMCI,thenaugmentedthosebyacquiringCybertrustinJuly2007.CybertrusthadMSSandprofessionalservicescapabilityinEurope,NorthAmericaandAsia/Pacific.ConsiderVerizonBusinesssecurityserviceswhenyouareusingotherVerizonBusinesstelecommunicationsservices,orwhenyourrequirementsincludestrongsecurityexpertiseandglobaldeliverycapability.
Strengths
• ThecoreoftheCybertrustMSSandconsultinggrouphasremainedlargelyintactinthetransitiontoVerizonBusiness,andVerizonBusinesshasbeenabletoquicklyintroducenewservice offerings.
• ItsserviceofferingincludesafullportfolioofMSS,includingDOSprotection.Logmanagement/monitoringcapabilitiesincludeserver,directory,applicationanddatabasesupport.
• VerizongetsgenerallystrongmarksfromGartnercustomersand from reference accounts.
• VerizonBusinessMSSSOCshaveSAS70TypeII,audit,andWebTrustandISO9000certifications.
Cautions
• VerizonmustensurethatitcontinuestofocusoncontinuityandqualityofserviceasitbringscustomersfrommultipleMSSbusinessesontoacommonservicedeliveryplatform.
Wipro TechnologiesWiproTechnologiesisanewentranttotheNorthAmericaMSSPMagicQuadrant.WiproMSSisdeliveredtocustomersofitsIToutsourcingandservices.WiproisplanningfurtherexpansioninNorthAmerica,whilemaintaininganIndia-powereddeliveryapproach. Consider Wipro for MSS if you are a customer of Wipro’sotherITservices,orifyouhaveglobalsecuritydeploymentand management and monitoring requirements.
Strengths
• WiprooffersabroadrangeofMSSandotherITmanagementservices,aswellasconsultingservices.
• Itslogmanagementcapabilitiesincludeserver,database,directory and applications.
• Wiprogetsgoodmarksfromreferencesforimplementationandintegrationcapabilitiesandforongoingsupport.
• WiprohasISO27001and9001certification,andundergoesSAS70auditsonacustomer-specificbasis.
Cautions
• Wipro’sNorthAmericanmarketingeffortsforMSShavenotyetresultedinvisibilitytoGartnerclientsinNorthAmerica.Asaresult,WiproisseldommentionedbyGartnercustomersindiscussionsaboutpotentialMSSproviders.
• ThecurrentbusinessclimatemaydelayWipro’sNorthAmericaexpansionefforts,aswellasplanstobettermarketitsMSSthere.
• WipromustaddressconcernsofpotentialMSScustomersregardingitsIndia-basedservicedelivery.
14Vendors Added or DroppedWereviewandadjustourinclusioncriteriaforMagicQuadrantsandMarketScopesasmarketschange.Asaresultoftheseadjustments,themixofvendorsinanyMagicQuadrantorMarketScopemaychangeovertime.AvendorappearinginaMagicQuadrantorMarketScopeoneyearandnotthenextdoesnotnecessarilyindicatethatwehavechangedouropinionofthatvendor.Thismaybeareflectionofachangeinthemarketand,therefore,changedevaluationcriteria,orachangeoffocusbyavendor.
Acronym Key and Glossary Terms
AV antivirus
CPE customer premises equipment
DDoS distributeddenial-of-service
FFIEC FederalFinancialInstitutionsExaminationCouncil
FISMA FederalInformationSecurityManagementAct
HIPAA HealthInsurancePortabilityandAccountabilityAct
IAM identity and access management
IDP intrusion detection/prevention
IDS intrusion detection system
IPS intrusion prevention system
ISS InternetSecuritySystems
ITC in the cloud
MSS managed security service
MSSP managed security service provider
PCI PaymentCardIndustry
SMB smallormidsizebusiness
SaaS softwareasaservice
SAS 70 Statement on Auditing Standards No. 70
SIEM security information/event management
SLA service-levelagreement
SOC security operations center
15
Evaluation Criteria Definitions
Ability to ExecuteProduct/Service:Coregoodsandservicesofferedbythevendorthatcompetein/servethedefinedmarket.Thisincludescurrentproduct/servicecapabilities,quality,featuresetsandskills,whetherofferednativelyorthroughOEMagreements/partnershipsasdefinedinthemarketdefinitionanddetailedinthesubcriteria.
Overall Viability (Business Unit, Financial, Strategy, Organization):Viabilityincludesanassessmentoftheoverallorganization’sfinancialhealth,thefinancialandpracticalsuccessofthebusinessunit,andthelikelihoodthattheindividualbusinessunitwillcontinueinvestingintheproduct,willcontinueofferingtheproductandwilladvancethestateoftheartwithintheorganization’sportfolio of products.
Sales Execution/Pricing:Thevendor’scapabilitiesinallpresalesactivitiesandthestructurethatsupportsthem.Thisincludesdeal management, pricing and negotiation, presales support, and the overall effectiveness of the sales channel.
Market Responsiveness and Track Record:Abilitytorespond,changedirection,beflexibleandachievecompetitivesuccessasopportunitiesdevelop,competitorsact,customerneedsevolveandmarketdynamicschange.Thiscriterionalsoconsidersthevendor’s history of responsiveness.
Marketing Execution:Theclarity,quality,creativityandefficacyofprogramsdesignedtodelivertheorganization’smessagetoinfluencethemarket,promotethebrandandbusiness,increaseawarenessoftheproducts,andestablishapositiveidentificationwiththeproduct/brandandorganizationinthemindsofbuyers.This“mindshare”canbedrivenbyacombinationofpublicity,promotionalinitiatives,thoughtleadership,word-of-mouthandsalesactivities.
Customer Experience:Relationships,productsandservices/programsthatenableclientstobesuccessfulwiththeproductsevaluated.Specifically,thisincludesthewayscustomersreceivetechnicalsupportoraccountsupport.Thiscanalsoincludeancillarytools,customersupportprograms(andthequalitythereof),availabilityofusergroups,service-levelagreementsandsoon.
Operations:Theabilityoftheorganizationtomeetitsgoalsandcommitments.Factorsincludethequalityoftheorganizationalstructure,includingskills,experiences,programs,systemsandothervehiclesthatenabletheorganizationtooperateeffectivelyandefficientlyonanongoingbasis.
Completeness of VisionMarket Understanding:Abilityofthevendortounderstandbuyers’wantsandneedsandtotranslatethoseintoproductsandservices.Vendorsthatshowthehighestdegreeofvisionlistentoandunderstandbuyers’wantsandneeds,andcanshapeorenhancethosewiththeiraddedvision.
Marketing Strategy: A clear, differentiated set of messages consistently communicated throughout the organization and externalizedthroughtheWebsite,advertising,customerprogramsandpositioningstatements.
Sales Strategy:Thestrategyforsellingproductsthatusestheappropriatenetworkofdirectandindirectsales,marketing,serviceandcommunicationaffiliatesthatextendthescopeanddepthofmarketreach,skills,expertise,technologies,services,andthecustomerbase.
Offering (Product) Strategy:Thevendor’sapproachtoproductdevelopmentanddeliverythatemphasizesdifferentiation,functionality, methodology and feature sets as they map to current and future requirements.
Business Model:Thesoundnessandlogicofthevendor’sunderlyingbusinessproposition.
Vertical/Industry Strategy: Thevendor’sstrategytodirectresources,skillsandofferingstomeetthespecificneedsofindividualmarketsegments,includingverticalmarkets.
Innovation:Direct,related,complementaryandsynergisticlayoutsofresources,expertiseorcapitalforinvestment,consolidation,defensiveorpre-emptivepurposes.
Geographic Strategy:Thevendor’sstrategytodirectresources,skillsandofferingstomeetthespecificneedsofgeographiesoutsidethe“home”ornativegeography,eitherdirectlyorthroughpartners,channelsandsubsidiariesasappropriateforthatgeographyandmarket.
