Magic Quadrant for Global MSSPs - IT Q&Astatic.itqa.nl/downloads/Magic_Quadrant_for_Global_MSSPs.pdf · 10/27/2014 Magic Quadrant for Global MSSPs ... MSSs are based on commercial

10/27/2014 Magic Quadrant for Global MSSPs

http://www.gartner.com/technology/reprints.do?id=1-1TEY8UZ&ct=140424&st=sb 1/19

Magic Quadrant for Global MSSPs

26 February 2014 ID:G00247003

Analyst(s): Kelly M. Kavanagh

VIEW SUMMARY

Managed security services is a mature market with offerings from established service providers.

This Magic Quadrant presents enterprise buyers with advice on selecting MSS providers to support

global service requirements.

Market Definition/Description

For the purposes of this research, Gartner defines managed security services (MSSs) as "the

remote monitoring or management of IT security functions delivered via shared services from

remote security operations centers (SOCs), not through personnel on-site." Therefore, MSSs do not

include staff augmentation, nor any consulting or development and integration services.

MSSs broadly include:

Monitored or managed firewalls or intrusion prevention systems (IPSs)

Monitored or managed intrusion detection systems (IDSs)

Distributed denial of service (DDoS) protection

Managed secure messaging gateways

Managed secure Web gateways

Security information and event management (SIEM)

Managed vulnerability scanning of networks, servers, databases or applications

Security vulnerability or threat notification services

Log management and analysis

Reporting associated with monitored/managed devices and incident response

This Magic Quadrant evaluates monitored/managed firewall and intrusion detection and prevention

(IDP) functions, as well as log management services, rather than other elements of the services we

have listed. Firewall, IDP and log collection form the core of most MSS engagements. The vendors in

the Magic Quadrant are evaluated on their ability to support customers with global service

requirements.

Magic Quadrant

Figure 1. Magic Quadrant for Global MSSPs

ADDITIONAL PERSPECTIVES

Geography: Asia-Pacific | Europe

EVIDENCE

Gartner customer inquiries and information

sharing related to MSSPs

Analyst interactions with Gartner customers via

inquiries and meetings

Survey of MSSPs

Survey of MSS reference customers

EVALUATION CRITERIA DEFINITIONS

Ability to Execute

Product/Service: Core goods and services

offered by the vendor for the defined market.

This includes current product/service capabilities,

quality, feature sets, skills and so on, whether

offered natively or through OEM

agreements/partnerships as defined in the

market definition and detailed in the subcriteria.

Overall Viability: Viability includes an assessment

of the overall organization's financial health, the

financial and practical success of the business

unit, and the likelihood that the individual

business unit will continue investing in the

product, will continue offering the product and will

advance the state of the art within the

organization's portfolio of products.

Sales Execution/Pricing: The vendor's capabilities

in all presales activities and the structure that

supports them. This includes deal management,

pricing and negotiation, presales support, and the

overall effectiveness of the sales channel.

Market Responsiveness/Record: Ability to

respond, change direction, be flexible and

achieve competitive success as opportunities

develop, competitors act, customer needs evolve

and market dynamics change. This criterion also

considers the vendor's history of responsiveness.

Marketing Execution: The clarity, quality,

creativity and efficacy of programs designed to

deliver the organization's message to influence

the market, promote the brand and business,

increase awareness of the products, and establish

a positive identification with the product/brand

and organization in the minds of buyers. This

"mind share" can be driven by a combination of

publicity, promotional initiatives, thought

leadership, word of mouth and sales activities.

Customer Experience: Relationships, products

and services/programs that enable clients to be

successful with the products evaluated.

Specifically, this includes the ways customers

receive technical support or account support. This

can also include ancillary tools, customer support

programs (and the quality thereof), availability of

user groups, service-level agreements and so on.

Operations: The ability of the organization to

meet its goals and commitments. Factors include

the quality of the organizational structure,

including skills, experiences, programs, systems

and other vehicles that enable the organization to

operate effectively and efficiently on an ongoing

basis.

Completeness of Vision

Market Understanding: Ability of the vendor to

understand buyers' wants and needs and to

translate those into products and services.

Vendors that show the highest degree of vision

listen to and understand buyers' wants and

needs, and can shape or enhance those with their

added vision.

Marketing Strategy: A clear, differentiated set of

messages consistently communicated throughout

http://www.gartner.com/technology/contact/bac/?cm_sp=bac-_-reprint-_-banner



Source: Gartner (February 2014)

Vendor Strengths and Cautions

AT&T

Headquartered in Dallas, and with regional offices in Hong Kong and London, AT&T offers security

monitoring and management services for customer-based and network-based security controls —

including wireless — in addition to a wide range of other IT and telecommunications services. AT&T

MSSs are based on commercial and self-developed technologies for alert and log collection, real-

time correlation, reporting, and device management. Workflow is supported by the AT&T

BusinessDirect portal. Query and browsing of log data are supported via commercial and self-

developed technologies. AT&T offers log management via on-premises solutions. Log management

and MSS functions must be accessed through separate portals. Integration of these functions into a

single portal remains planned. AT&T's advanced threat offering is the Security Event and Threat

Analysis (SETA) service, which includes correlation and analysis of data from customer devices and

the AT&T network, with customer-specific configuration and response templates. Three SOCs are

located in the U.S., two in Asia/Pacific and one in Europe, and multilingual support is available.

Enterprises should consider AT&T if they require a global service provider with a broad range of

service offerings and deployment capabilities that include premises-based and network-based

options. Customers of other AT&T services that seek MSSs from an incumbent provider should also

consider AT&T.

Strengths

AT&T has good visibility among Gartner customers, and is often included in competitive MSS

evaluations.

AT&T's network-based security controls are mature security management and monitoring

offerings that are attractive to MSS customers with remote and branch office coverage

requirements.

AT&T is an established and stable service provider, with delivery capabilities in multiple

geographic regions.

Cautions

The MSS portal continues to lack standardized asset reporting as well as the log browsing

capabilities that are available in several competitors' portals.

Log management functions must be accessed from a portal that is distinct from the MSS portal.

The customization features of the MSS portal are not as extensive or self-service-capable as

those in competitors' portals.

BT

BT is headquartered in London and has offices across the globe, including a regional presence in

Texas and Hong Kong. BT's MSS offerings include monitoring and management of customer

premises deployed devices and network-based security controls as part of its larger portfolio of

telecommunications and IT services. BT uses self-developed technology for log and event collection,

correlation, query, reporting, and device management. Commercial technology supports workflow.

In addition to its MSS, BT offers Assure Analytics, an extension that provides additional analysis and

visualization capabilities. BT has two European SOCs and three Asia/Pacific SOCs staffed 24/7, with

an additional nine SOCs worldwide. Capabilities to detect targeted attacks and provide advanced

analytics are focused on larger customers and delivered via add-on services, including a social

the organization and externalized through the

website, advertising, customer programs and

positioning statements.

Sales Strategy: The strategy for selling products

that uses the appropriate network of direct and

indirect sales, marketing, service, and

communication affiliates that extend the scope

and depth of market reach, skills, expertise,

technologies, services and the customer base.

Offering (Product) Strategy: The vendor's

approach to product development and delivery

that emphasizes differentiation, functionality,

methodology and feature sets as they map to

current and future requirements.

Business Model: The soundness and logic of the

vendor's underlying business proposition.

Vertical/Industry Strategy: The vendor's

strategy to direct resources, skills and offerings to

meet the specific needs of individual market

segments, including vertical markets.

Innovation: Direct, related, complementary and

synergistic layouts of resources, expertise or

capital for investment, consolidation, defensive or

pre-emptive purposes.

Geographic Strategy: The vendor's strategy to

direct resources, skills and offerings to meet the

specific needs of geographies outside the "home"

or native geography, either directly or through

partners, channels and subsidiaries as

appropriate for that geography and market.



media monitoring service, Assure Analytics and consulting engagements. Customers of other BT

services that are seeking MSS as well as additional analytics and visualization capabilities should

consider BT.

Strengths

BT has a broad range of security offerings for MSS globally, as well as for security consulting,

cybersecurity services, secure networking, business continuity, identity and access

management, technology deployment, and integration.

BT gets good marks from users for security expertise in support of its MSS delivery.

Cautions

BT continues to have much lower visibility among MSS buyers in North America and Asia/Pacific

than in Europe.

Customers use the BT Assure Threat Monitoring Web portal for searching, browsing and

reporting security-relevant raw log data, and a premises-based appliance user interface to

access non-security-relevant raw log data.

CenturyLink

CenturyLink is based in Monroe, Louisiana, and has offices in Singapore, Hong Kong, London and

throughout North America. It provides MSS as well as infrastructure as a service, software as a

service (SaaS), Web hosting, colocation and network services. MSS customers have primarily been

customers of CenturyLink's infrastructure services. MSS is delivered through a combination of

commercial and self-developed technology for data collection, correlation and analysis, reporting,

and log management. CenturyLink has three SOCs in North America, with an additional SOC in

Europe and one in Asia/Pacific. Advanced analytics to detect targeted attacks are embedded within

the MSS capabilities, and are based on monitoring third-party security technologies. CenturyLink's

infrastructure and network services customers should consider the company for managed security.

Strengths

CenturyLink's enterprise and small or midsize business customers for network services can

augment their relationships with CenturyLink via MSSs.

CenturyLink's rationalization of security services across its lines of business has enabled a

more focused and consistent delivery of MSSs.

Cautions

CenturyLink does not appear on Gartner customer shortlists for MSSs.

The CenturyLink MSS portal lags competitors' portals in several areas, including customization,

asset tracking, and correlation across data sources and user data.

CSC

CSC is headquartered in Falls Church, Virginia, with regional offices in Sydney, Singapore and the

U.K. CSC delivers its MSS as a stand-alone service, and as a complement to its IT outsourcing and

consulting services to enterprises and government agencies. CSC is in the process of standardizing

its MSS delivery capabilities across all regions using commercial SIEM technology for data collection

and correlation, real-time alert generation, and log management. The self-developed Pulse Portal

provides access to alerts, reporting, ticketing and workflow. CSC has four SOCs in the U.S., two in

Europe and three in Asia/Pacific. New offerings to address advanced targeted attacks are available

and include network and payload analysis. Preliminary endpoint analysis and forensics are available

via managed services, with more in-depth forensics available as a consulting engagement. CSC

outsourcing customers and enterprises, especially those in the defense industrial base and financial

services industries, should consider CSC for MSSs.

Strengths

CSC's efforts to standardize MSSs across regions now provide global event visibility to SOC

analysts, and should result in enhanced effectiveness for multiregional customers.

Customers give good marks for the security expertise of CSC's staff, as well as for their

understanding of the customer environment.

CSC's security expertise supports its strong presence in the U.S. federal government and the

U.K. government, in financial services and in critical infrastructure markets.

Cautions

CSC does not fully market its stand-alone MSS. Also, CSC is rarely included on Gartner

commercial customers' shortlists for stand-alone MSS deals.

Organizations considering CSC for MSSs should evaluate the current state and progress

toward the completion of global service standardization to ensure that the capabilities needed

in all regions are available to meet deployment requirements.

Dell SecureWorks

Dell is headquartered in Texas, and Dell SecureWorks is headquartered in Atlanta, with five regional

offices in the U.S. — plus Edinburgh, Scotland, London and Tokyo, with additional offices in

Asia/Pacific and Europe. Dell SecureWorks offers MSSs as well as security consulting, incident

response and threat intelligence services. MSS delivery is based on self-developed technology for

log and alert collection, for real-time correlation and analysis, and for presentation/reporting via

portal. Premises-based log retention and reporting are delivered via commercial SIEM technology.

The Dell SecureWorks Counter Threat Unit provides threat intelligence, malware analysis and

analytic support for MSS operations. Customers may buy threat intelligence services as part of an

MSS subscription. Five SOCs are located in the U.S., with additional SOCs in the U.K., India, Mexico

and Eastern Europe. Advanced attack detection is offered within existing MSSs and includes threat

feeds, correlation, and analysis of historical events to identify anomalies. Midsize organizations that

want to meet compliance requirements, and enterprises looking for full-featured MSSs, should

consider Dell SecureWorks.



Strengths

Dell SecureWorks is very visible to Gartner customers and is typically included in competitive

MSS deals.

Gartner customers offer strong praise for Dell SecureWorks' MSS delivery, security expertise

and relationship management. The security expertise available through the Counter Threat

Unit is often cited as a differentiator.

The MSS portal receives very good marks from customers.

Cautions

Dell's ownership changes offer less visibility into its business operations, including the

positioning and emphasis placed on security products and services.

Although reports of issues to Gartner have been minimal to date, customers should continue

to monitor Dell SecureWorks' service delivery to ensure that MSS geographic expansion and

any shift in Dell's business focus do not dilute its MSS delivery capabilities.

Dell SecureWorks' cautious expansion beyond the Japanese market may result in prospects

having limited references in the Asia/Pacific region, and not as much ready access to presales

interaction.

HP

HP is headquartered in Palo Alto, California, with MSS locations in Australia, London and Plano,

Texas. HP has a broad security portfolio of professional and managed services; technologies for

SIEM, application security and network security; and extensive offerings of additional IT products

and services. HP's MSS is based on several self-developed and commercial technologies for data

collection, correlation/alerting, query and reporting. Workflow and ticketing use HP technology, and

tools for customer deployment provide workflow support. HP has two SOCs in the U.S., one in Latin

America, three in Europe and two in Asia/Pacific. HP offers a portal for MSS and uses the HP ArcSight

console for log management. HP offers a separate governance, risk and compliance-oriented portal

for executive dashboards. The HP MSS portal provides role-based access, ticketing and security

reporting features. Log management is delivered via HP ArcSight ESM and ArcSight Logger in hosted

or on-premises deployments. Log management features are available via the HP ArcSight portal.

HP's targeted attack detection and advanced analytics capabilities are embedded in its MSS

offerings, and are supported with threat feeds, vulnerability information, the detection capabilities

of HP ArcSight, and expert analysis. Enterprises and midsize companies with HP IT services or

security technology services should consider HP for MSSs.

Strengths

HP is a large, stable provider of MSSs and other security services. It has a multiregional

presence and delivery capabilities.

HP's broad technology and service delivery options enable extensively customized MSS

engagements, including technology bundling and hybrid delivery options.

Cautions

The HP MSS portal lacks the user correlation and asset and vulnerability reporting capabilities

that are available in competitors' portals. Potential customers should validate that HP's current

capabilities and enhancement plans meet their deployment and operations requirements.

Gartner customers report challenges in differentiating and navigating among HP's security

monitoring capabilities, which are available, in differing forms, from HP's product, outsourcing

and discrete MSS delivery organizations.

Prospective MSS customers should validate HP's coverage and monitor ongoing support when

MSS engagement includes security technologies from HP's competitors.

IBM

IBM is headquartered in New York, with MSS offices in Atlanta and other geographies. MSSs and a

full range of security consulting and integration services are available as stand-alone services, and

as components of larger infrastructure outsourcing contracts. IBM uses self-developed technology

for data collection, correlation, log query and reporting, and ticketing/workflow. Log management is

offered as a hosted service, and with premises-based IBM QRadar and other SIEM technologies.

IBM has four North American SOCs, two in Europe, two in Asia/Pacific and two more in other

regions. IBM's advanced analytics and targeted attack detection capabilities are embedded in its

MSS and hosted SIEM offerings, and they are supported by IBM technology and third-party

technology deployed by customers. Enterprises with global service delivery requirements, and

those with strategic relationships with IBM, should consider IBM for MSSs.

Strengths

Gartner customers often include IBM in competitive MSS evaluations, and IBM has high visibility

in North American, Asia/Pacific and European markets.

IBM's MSS capabilities include support for customer-deployed SIEM (from IBM and other

vendors) that is integrated into its standard MSS offerings.

IBM is a large, stable provider of security and IT services and products, and it has global

delivery capabilities.

Cautions

Gartner customers report overall improvements and lingering challenges for IBM MSSs in sales,

deployment and customer care.

Although IBM's MSS supports multiple security technologies — including many from IBM's

competitors in the IPS and SIEM markets — MSS customers should monitor planned and actual

MSS support for the security technologies deployed in their environments.

NTT

NTT, which is based in Tokyo, and with London and New York offices, acquired Solutionary in 2013,

adding to prior acquisitions of MSS capabilities in the NTT companies (such as NTT Com Security —



formerly Integralis — and Dimension Data's earthwave). NTT is included in this Magic Quadrant on

the basis of the combined offerings and scale of the various MSS entities, which it is in the process

of rationalizing. NTT uses a variety of self-developed and commercial technologies to support MSS

delivery across the three organizations. There are multiple SOCs in Asia/Pacific, Europe and North

America. Targeted attack protection is embedded in the MSS offering of each delivery group, and it

differs among the groups, although cross-group data sharing for threat information is now being

done. NTT customers and enterprises seeking a large global service provider with specific regional

strengths should consider NTT for MSSs.

Strengths

Individual NTT MSS groups get good feedback from Gartner customers regarding MSS delivery.

Across the NTT MSS offerings, the capabilities of NTT Com Security, Solutionary, Dimension

Data's earthwave and NTT Data are well-known in Europe, North America, the Middle

East/Africa and Asia/Pacific, respectively, and they appear in MSS deals in those regions.

NTT has a global presence as well as a broad range of security service offerings and delivery

options, in addition to broader telecommunications and IT infrastructure service offerings.

Cautions

MSS operations across the regions are not yet fully integrated. Current MSS customers must

monitor NTT's plans to rationalize its MSS delivery capabilities to ensure that any changes

result in equal or better service delivery levels and options.

Potential MSS buyers should get binding assurances from NTT regarding the capabilities they

will receive globally and within regions to ensure that NTT's current and planned MSS

capabilities will meet customers' region-specific and global requirements.

Orange Business Services

Headquartered in Paris, with offices in Atlanta and Singapore, Orange offers a broad range of

telecommunications and cloud-based IT infrastructure services, security consulting and integration

services, and MSSs. Orange MSSs are based on commercial SIEM technology for data collection,

correlation and analysis, reporting, and log management, with self-developed technology for

workflow. Three MSS SOCs are located in Europe, two in Asia/Pacific, one in North America and two

in the Middle East/Africa regions. Advanced threat detection is provided by proprietary technologies

as well as by commercial SIEM and network security products, with additional capabilities planned

for 2014. Orange service customers and organizations seeking a large, global and stable Europe-

focused and Asia/Pacific-focused MSS provider (MSSP) should consider Orange.

Strengths

Orange offers a broad range of network and IT services that can be bundled with MSSs.

Orange is a large, stable service provider with long-standing MSS and security consulting

experience.

Cautions

Orange has lagged several MSS competitors in the introduction of advanced attack detection

and analytics offerings.

Orange rarely appears on Gartner customer shortlists for MSS procurement, and in North

America, Orange has very limited market visibility.

MSS customers in North America often express a preference for a SOC in-region. Although

Orange has a North American SOC, it is not staffed 24/7.

Symantec

Symantec is headquartered in Mountain View, California, with MSS offices in Virginia, Singapore and

Reading, U.K. Symantec offerings include security monitoring, security intelligence, messaging

security services and a range of security products. Symantec's MSS architecture is based on self-

developed technology for event and log collection, with a combination of self-developed and

commercial technology for correlation, analytics and reporting. Ticketing/workflow and device

management are based on commercial technology. Log query and browsing are enabled via self-

developed technology. Symantec has one SOC in the U.S., one in the U.K. and two in Asia/Pacific,

plus a new SOC in Japan. Log management services are delivered via Symantec log collection

platform, are stored in Symantec SOCs and are available to customers via the MSS portal. A distinct

service level offers advanced attack detection analytics. Enterprises seeking an established MSSP

should consider using Symantec.

Strengths

Symantec has strong visibility in the MSS market. Gartner customers very often consider

Symantec's MSS offerings in competitive evaluations.

Symantec's Gartner customers generally offer positive reviews of Symantec's MSS delivery, and

of the quality of their interactions with Symantec's SOC analysts.

MSS customers indicate that the DeepSight threat feeds and intelligence reports are

differentiators of Symantec's services.

Cautions

Prospective buyers should evaluate Symantec's optional enterprisewide pricing with realistic

assumptions of the number of monitoring/log sources they can expect to incorporate into the

scope of MSSs. Customer delays in bringing event sources into coverage will result in buyers

paying for coverage that they are unable to receive.

Symantec is rebuilding its security consulting capability. Prospective MSS customers should

carefully evaluate whether Symantec's security consulting services will meet their needs, and

whether they must engage with partner-led security services for service initiation and for

ongoing project work throughout the course of the MSS relationship.

Trustwave

Trustwave is based in Chicago, with offices in London and Sydney. Trustwave has several security



technologies — including SIEM, unified threat management (UTM), network access control,

application security, Web application firewall (WAF) and Web security — and builds MSSs around

those as well as third-party products. MSSs are based on Trustwave's SIEM technology for data

collection, correlation, alerting and workflow. Security intelligence capabilities are provided by the

Trustwave SpiderLabs group. Trustwave has three U.S.-based SOCs, one in Europe and one in

Asia/Pacific. Targeted attack detection and advanced analytics capabilities are standard

components of Trustwave MSSs, and they are delivered via three Trustwave activities: network

monitoring, endpoint monitoring and managed WAF. Companies in the retail, healthcare and

banking vertical industries — and others that are subject to PCI compliance — should consider

Trustwave for MSSs.

Strengths

Trustwave has an extensive portfolio of security products and associated managed services

that can be packaged as subscription-based solutions for customers with limited capital

budgets and security resources.

Trustwave remains a well-recognized provider of services and technologies to support PCI

Data Security Standard (DSS) compliance.

The Trustwave MSS portal provides extensive language support.

Cautions

Current customers and potential MSS buyers should continue to monitor Trustwave's ability to

meet delivery and road map commitments as it navigates a possible initial public offering.

Potential MSS customers should evaluate whether the split of compliance reporting capabilities

between the MSS portal and the log management portal meets their operational

requirements.

The Trustwave MSS portal lags several competitors' portals in providing correlation of user

activities with infrastructure events.

Except for PCI monitoring engagements, Trustwave very rarely appears in MSS deals among

Gartner customers.

Verizon

Verizon is headquartered in Basking Ridge, New Jersey, with offices throughout the U.S., Europe,

Latin America and Asia. Verizon offers MSSs and security consulting, as well as a broad range of

telecommunications and infrastructure services. Verizon's MSS architecture is based on self-

developed technologies for event collection, correlation and alerting, with commercial technologies

for reporting and workflow. Log management services are based on a combination of self-

developed and commercial technologies. Two SOCs are located in the U.S., two in Europe and two

in Asia/Pacific. Verizon's Research, Investigations, Solutions, Knowledge (RISK) Team provides

threat intelligence and malware detection signatures that support MSSs, and Verizon's breach

response services inform MSS monitoring efforts. Targeted threat detection services are

incorporated into the standard MSS delivery. They are based on commercial technologies, on

Verizon's self-developed correlation and threat intelligence capabilities, and on network monitoring.

A distinct advanced analytics service is available in the U.S. to governments and enterprises facing

specific targeted threats. Enterprises should consider Verizon if they are looking for an established

service provider that is capable of delivering a broad range of security services in multiple regions.

Strengths

Verizon's network-based capabilities enable MSS configuration that includes network-based

and premises-based controls.

Gartner customers often include Verizon in competitive MSS evaluations.

Verizon's MSS receives generally positive reviews from Gartner customers for meeting their

expectations for security expertise, and for effective security monitoring and alerting.

Customers also indicate that Verizon's security expertise is a differentiator for MSSs.

Cautions

Verizon's MSS portal lacks the user activity correlation capabilities that are available from

several competitors.

Verizon's log management services currently lag those of its competitors. New capabilities are

planned for 1Q14.

Vendors Added and Dropped

We review and adjust our inclusion criteria for Magic Quadrants and MarketScopes as markets

change. As a result of these adjustments, the mix of vendors in any Magic Quadrant or

MarketScope may change over time. A vendor's appearance in a Magic Quadrant or MarketScope

one year and not the next does not necessarily indicate that we have changed our opinion of that

vendor. It may be a reflection of a change in the market and, therefore, changed evaluation criteria,

or of a change of focus by that vendor.

Added

NTT was added to this Magic Quadrant based on its acquisition of Solutionary, and on the prior

acquisitions of Integralis (now NTT Com Security) and Dimension Data's earthwave. NTT's

capabilities across these organizations meet the criteria for inclusion in the Magic Quadrant.

Orange Business Systems was added because it also meets the inclusion criteria.

Dropped

Allstream, Bell Canada, CGI, Clone Systems, Nuspire Networks and Perimeter E-Security (now

named SilverSky) were dropped from this Magic Quadrant because they do not meet the inclusion

criteria for network devices and customers monitored/managed in Europe and Asia/Pacific.

Wipro was dropped because it does not meet the inclusion criteria for customers in Asia/Pacific or

North America.



HCL Technologies was dropped because it is in the process of realigning its MSS capabilities and

currently does not meet the inclusion criteria for this research.

SAIC was dropped because of its split into two companies, SAIC and Leidos, and because the MSS

business of Leidos does not meet the inclusion criteria for customers in Asia/Pacific and Europe.

Inclusion and Exclusion Criteria

This Magic Quadrant expands the coverage from MSSPs in North America to include delivery

capabilities in North America, Europe and Asia/Pacific. As a remote service, MSSs can be delivered

via network connectivity to and from any locations with sufficient connectivity, and certainly MSSPs

that have operations in one geographic region can support customers in other regions. Gartner

sees a distinct preference among customers seeking MSSs to first consider MSSPs with a presence

in their region. Among global enterprises, that includes a presence in multiple regions where the

enterprises operate, in order to provide more "local" support — and also includes the MSSP's ability

to keep some data in specific regions, provide local business hours, provide access to advanced

support, and provide local language support, among other concerns. In addition, compliance with

data residency and privacy regulations can be addressed in many cases with local operations

centers.

This Magic Quadrant includes MSSPs that have met thresholds for scale (expressed as devices

supported and customers) and presence (SOCs) in multiple regions, as well as a threshold for MSS

revenue.

The criteria include a threshold for the number of firewalls or IDP devices under monitoring or

management, and a threshold for the number of MSS customers — both distributed across multiple

regions. MSSs refer to remote management and monitoring of security technologies. Several large

infrastructure outsourcing vendors offer other service delivery options (such as staff augmentation)

in addition to MSSs, but we don't evaluate these other delivery options. Also excluded from this

analysis are service providers that offer MSSs only as a component of another service offering (such

as bandwidth or hosting), and vendors that provide MSSs only for their own technologies, not for

third-party technologies.

2013-2014 Global MSSP Magic Quadrant Inclusion Criteria

Vendors must have:

The ability to remotely monitor and/or manage firewalls, IDP devices from multiple vendors via

discrete service offerings, and shared service delivery resources

Firewalls/IDP devices under remote management or monitoring for external customers

External customers with those devices under management or monitoring

Reference accounts that are relevant to Gartner customers in the appropriate geographic

regions

A threshold of the number of customers as well as the number of firewalls and IDS/IPS devices

in multiple geographies

A threshold for MSS revenue of $20 million in 2012

A SOC presence in multiple geographic regions

Inclusion thresholds for firewalls/IDP devices under MSSs are 225 in Asia/Pacific, 1,500 in Europe,

2,250 in North America and 25 in the rest of the world (ROW), in the following possible

combinations:

Asia/Pacific + Europe

North America + ROW

Asia/Pacific + North America

Europe + North America

Inclusion thresholds for MSS clients are 45 in Asia/Pacific, 75 in Europe, 225 in North America and 10

in ROW, in the following possible combinations:

Asia/Pacific + Europe

North America + ROW

Asia/Pacific + North America

Europe + North America

2013-2014 Global MSSP Magic Quadrant Exclusion Criteria

Vendors have:

Service offerings that are available only to end users that buy other non-MSS services

Services that monitor or manage only their own technology

Services delivered by their own resources and dedicated to a single customer

Evaluation Criteria

Ability to Execute

Product or service refers to the service capabilities in areas such as event management and

alerting, information and log management, incident management, workflow, reporting, and service

levels.

Overall viability includes the organization's financial health, the financial and practical success of

the overall company, and the likelihood that the business unit will continue to invest in the MSS

offering.



Sales execution/pricing includes the service provider's success in the MSSP market and its

capabilities in presales activities. This also includes MSS revenue, pricing and the overall

effectiveness of the sales channel. The level of interest from Gartner clients is also considered.

Market responsiveness/record evaluates the match of the MSS offering to the functional

requirements stated by buyers at acquisition time. It also evaluates the MSSP's track record in

delivering new functions when the market needs them.

Marketing execution is an evaluation of the service provider's ability to effectively communicate the

value and competitive differentiation of its MSS offering to its target buyer.

Customer experience is an evaluation of the service delivery to customers. The evaluation includes

ease of deployment, the quality and effectiveness of monitoring and alerting, and reporting and

problem resolution. This criterion is assessed by conducting qualitative interviews of vendor-

provided reference customers, as well as by feedback from Gartner customers that are using the

MSSP's services, or have completed competitive evaluations of the MSSP's offerings.

Operations includes the MSSP's service delivery resources, such as infrastructure, staffing and

operations reviews or certifications.

Table 1. Ability to Execute Evaluation

Criteria

Evaluation Criteria Weighting

Product or Service High

Overall Viability High

Sales Execution/Pricing Medium

Market Responsiveness/Record Medium

Marketing Execution Medium

Customer Experience High

Operations Medium


Completeness of Vision

Market understanding involves the MSSP's ability to understand buyers' needs and to translate

them into services. MSSPs that show the highest degree of market understanding are adapting to

customer requirements for specific functional areas and service delivery options.

Marketing strategy refers to a clear, differentiated set of messages that is consistently

communicated throughout the organization; is externalized through the website, advertising,

customer programs and positioning statements; and is tailored to the specific client drivers and

market conditions in the MSS market.

Sales strategy relates to the vendor's use of direct and indirect sales, marketing, service, and

communications affiliates to extend the scope and depth of market reach.

Offering (product) strategy is the vendor's approach to product development and delivery that

emphasizes functionality and delivery options as they map to current and emerging requirements

for MSSs. Development plans are also evaluated.

Business model includes the process and success rate for developing features, innovations and

service delivery capabilities.

Vertical/industry strategy and geographic strategy include the ability and commitment to service

geographies and vertical markets.

Innovation refers to the service provider's strategy and ability to develop new MSS capabilities and

delivery models to uniquely meet critical customer requirements.

Table 2. Completeness of Vision

Evaluation Criteria

Evaluation Criteria Weighting

Market Understanding High

Marketing Strategy Medium

Sales Strategy Medium

Offering (Product) Strategy High

Business Model Low

Vertical/Industry Strategy Medium

Innovation High

Geographic Strategy Medium


Quadrant Descriptions



Leaders

Each of the service providers in the Leaders quadrant has significant mind share among enterprises

looking to buy an MSS as a discrete offering. These providers typically receive very positive reports

on service and performance from Gartner clients. MSSPs in the Leaders quadrant are typically

appropriate options for enterprises requiring frequent interaction with the MSSP for analyst

expertise and advice, for portal-based correlation and workflow support, and for flexible reporting

options.

Challengers

In the Challengers quadrant, Gartner customers are more likely to encounter MSSs that are offered

as components of an IT or network service provider's other telecommunications, outsourcing or

consulting services. Although an MSS is not a leading service offering for this type of vendor, it

offers a "path of least resistance" to enterprises that need an MSSP and use the vendor's main

services.

Visionaries

Companies in the Visionaries quadrant have demonstrated the ability to turn a strong focus on

managed security into high-quality service offerings for the MSS market. These service providers are

often strong contenders for enterprises that require frequent interaction with MSS analysts, flexible

service delivery options and strong customer service. MSSPs in the Visionaries quadrant have less

market coverage and fewer resources or service options compared with vendors in the Leaders

quadrant.

Niche Players

Niche Players are characterized by service offerings that are available primarily in specific market

segments, or primarily as part of other service offerings. These service providers often tailor MSS

offerings to specific requirements of the markets they serve.

Context

Prospective MSS buyers with threat management use cases should highly weight MSSPs' threat

research and security intelligence capabilities.

Current and prospective MSS users should require a proof of concept, or a demonstration of MSS

offerings for advanced analytics and big data, to validate effectiveness and value.

Current and prospective MSS users should validate MSSPs' services that are related to monitoring

or management of third-party technologies or their own technologies to address advanced attacks.

Market Overview

The MSS market is mature, and prospective customers have numerous options among MSSPs and

the types of services offered. The primary drivers for MSSs have been consistent for several years:

24/7 threat management and meeting compliance requirements. These may be complemented by

related drivers, such as the desire to redirect existing resources to other security areas, or the

need to engage deeper or broader expertise than is available in-house. An emerging driver is

support for the protection from and detection of targeted attacks through MSSP knowledge of the

external threat environment, through insight gained from monitoring events from a broad and

global customer base, through MSSP-based advanced analytics, or through MSSP monitoring of

customer-deployed next-generation protection and detection capabilities.

The 2013-2014 Magic Quadrant for Global MSSPs reflects multiregional delivery requirements, and

the MSSPs included in the evaluation meet the minimum thresholds for MSS business in two or more

regions. MSSPs with multiregional business typically have a sufficient understanding of region-

specific customer requirements, as well as sufficient service delivery capabilities that can scale to

support global service delivery. Customers with a mix of global delivery requirements and local

regulatory requirements related to, for example, data privacy, may require customized services.

MSSPs that do not meet the customer or device thresholds for inclusion in this Magic Quadrant may

still deliver high-quality services within a region, and can typically deliver in multiple regions. When

considering MSSs, Gartner customers should develop evaluation criteria that meet their specific

requirements.

Gartner expects that growing enterprise experience with cloud-based infrastructure and

applications delivered as a service, as well as accommodating the access of consumer technology to

corporate systems, will result in greater acceptance of, and reliance on, cloud-based security-as-a-

service offerings.

In 2013, the global market for security outsourcing was $12 billion, with a forecast compound

annual growth rate of 15.4% through 2017.

Growth in enterprise demand for MSSs is driven primarily by four factors:

Security staffing and budget constraints: Gartner sees continued expectations to reduce

operational costs and capital expenditures, and to avoid staffing increases related to the

monitoring and management of mature security technologies, such as IDSs and firewalls. At

the same time, increased monitoring of infrastructure logs, as well as privileged and

application user activity and next-generation technologies, requires tool and analytical

expertise that will be difficult for many organizations to supply in-house.

Evolving compliance reporting requirements: This involves the evolution of existing

compliance requirements, and of corporate governance policies that create a secondary effect

of stronger requirements for incident monitoring, identification, and response internally and

among business partners. As formal compliance regimes evolve or audit/enforcement activity

increases, organizations consider external service providers to reduce the costs of meeting

compliance requirements. PCI DSS remains an important driver; also, Gartner is starting to see

the U.S. Federal Information Security Management Act's (FISMA's) continuous monitoring

requirements become an increasing factor for U.S. government agencies, for commercial firms

that sell to the U.S. government, and for organizations funded by government grants, such as



universities.

Adoption of security technologies and analytic tools focused on advanced attacks: As

enterprises gain experience with technologies to analyze networks, payloads and endpoints

for advanced attacks, they will look for opportunities to focus internal resources on prevention

and response activities, and to augment those activities with external expertise to monitor

and manage the technologies.

Increased availability and adoption of cloud-based IT services: Increasing use of cloud-

based IT services will drive security controls into those services, and will also lead to greater

acceptance and adoption of cloud-based security services for controls that are best suited for

cloud-based delivery. Gartner expects significant security outsourcing growth in areas

adjacent to MSSs, such as secure Web gateways, email security, and identity and access

management.

MSS growth can also be constrained by a few factors:

Enterprise deployment of SIEM technology to provide in-house alerting and log analysis:

MSSPs typically lack deep insight into the customer IT and business environment; thus, they

are less able to determine whether events involving users, administrators, internal

applications and data are inappropriate or unacceptable. Wherever enterprises want close

monitoring of internal activities, they may opt to do it themselves. Some organizations monitor

internal activities and also use an MSSP for external/perimeter monitoring. Such an

arrangement still constrains the growth of MSSs in those organizations.

Core competency: Organizations that provide security technology or services, or position their

technology or services as secure, are likely to forgo outsourced security monitoring. Where

security is a value proposition and a core competence, outsourcing security may not be an

effective option.

Change in strategy to reduce outsourcing: At the enterprise level or within the security

organization, a change in strategy regarding the use of external services can mean that MSSs

are not considered effective options.

MSS Portfolio

The services that are core to MSS offerings involve the monitoring of perimeter network security

technologies:

Firewalls

IDSs/IPSs

Multifunction firewalls/UTM services

Next-generation firewalls

WAFs

In addition to monitoring, many MSSPs have management services for those technologies. It is

increasingly common for MSSPs to also provide monitoring and log collection from IT infrastructure

such as servers, user directories and applications.

Among organizations that have deployed SIEM technology, Gartner sees increasing interest for

services to monitor or run the SIEM. Several MSSPs have offerings to support customer-deployed

SIEM.

MSSPs may also provide cloud or SaaS-based services, including:

DDoS protection

Email security

Web filtering

Vulnerability scanning

Network-based firewall/IDP

MSSPs offer cloud services directly or via partnerships with other service providers. The degree of

integration of partner-delivered services with MSSP services varies from little more than purchasing

convenience to integration of partner data and management functionality into the MSSP's portal.

Deeper integration can provide operational and vendor management advantages, but may reduce

the ability to "swap out" one cloud-based service for another.

Buyers should take into consideration the degree of integration of any partner-delivered services

with the MSSP's offering, as well as the potential for affecting training, operational efficiency and

end-of-contract switching costs.

Threat Intelligence and Advanced Analytics

Several MSSPs have created research groups to improve their understanding of the threat

landscape — that is, the identities, motives, targets and techniques of attackers. MSSPs use their

findings to support their security operations analysts; they may also provide customers with

subscription-based access to this research, or offer customers project-based access to the group

for analysis/reverse engineering of malware. Potential customers of threat intelligence feeds from

MSSPs should require proof-of-concept access to evaluate the relevance of the information, as well

as their ability to consume and act on it.

Many MSSPs claim capabilities to assist their customers in addressing advanced targeted attacks.

These capabilities may be visible as discrete service offerings or options, or as features embedded

in existing offerings. They may include, for example:

Correlation of alerts with IP reputation or known bad addresses

Comparison of alerts, activity patterns or state (such as device configuration, registry and so

on) to those of known attacks

Analysis of activity patterns (across an MSS customer base as well as within the customer



environment) to identify outliers, exceptions or deviations from baselines

These offerings are now primarily based on the security events monitored by the MSSPs; however,

we expect that several MSSPs will introduce distinct service offerings to acquire, retain and analyze

large volumes of customer data — so called "security big data" — from IT infrastructure and other

sources. Gartner recommends that customers require a limited pilot or proof of concept to identify

specific areas where relevant, actionable intelligence results from the collection and analysis of the

data, and to identify the service levels required. Based on feedback from Gartner customers, early

adopters should plan for the inclusion of relevant domain experts who are typically outside the

security group, such as line-of-business owners and application owners.

Most MSSPs also offer incident response capabilities to assist customers with investigation and

remediation activities in the event of a breach. These services are typically available on a consulting

basis. Prospective customers should confirm with MSS candidates how much response support is

available within the context of the standard monitoring services, and when a consulting

engagement is required. If the MSSP offers packaged or prepaid hours for incident response

activities, then customers should ensure that those hours are available for other security services if

they are not needed for incident response.

Pricing Models

The typical pricing model for MSSs is based on the type and size of the security technology to be

monitored for customer-premises-equipment-based devices, or on the bandwidth or number of

users/endpoints for network-based controls. Log collection is typically priced by the number and

types of sources, or on events per time period (device count pricing includes implicit expectations of

event volumes). There is typically a clear distinction between technology that is monitored in real

time, and subject to alerting service-level agreements (SLAs), and technology that is not — that is,

where logs are collected and subject to reporting or querying, but not to real-time correlation and

analyst review. Device management pricing is typically based on the number of configuration

changes to be performed within a period of time.

During 2014, Gartner expects the trend for common services, such as firewall and IDP monitoring

and management, to decline slightly. Price pressure is coming from new sources for these services,

such as from the technology providers themselves, from other MSSPs and from continued corporate

efforts to reduce IT budgets. In response, MSSPs have introduced new services to monitor and

manage advanced threat detection technologies. MSSPs will continue trying to expand the number

of devices and data sources to monitor, and will differentiate monitoring based on the availability of

additional external intelligence feeds and analysis (such as reputation data, blacklists, behavioral

data and cross-customer activity) that can be correlated with data from customers' monitored

devices.

MSSP Landscape

The basic makeup of the MSSP vendor space has not changed fundamentally. There are three major

types of MSSPs:

Pure plays: These are generally smaller, privately held MSSPs that are completely focused on

security services. As seen in 2013, pure-play MSSPs will continue to be acquired by larger

service or IT infrastructure firms that seek to provide MSSs. New pure-play security service

providers often focus on specific vertical markets or regulatory requirements, or on specific

analytic services (such as user activity) or advanced threat detection technologies.

System integrators/business process outsourcers: These are broad IT service providers that

typically manage security devices as part of larger outsourcing deals. Where the integrator or

outsourcer acquired a pure-play MSSP and maintained a discrete MSS delivery capability, these

providers often compete for MSS-only deals.

Carriers and network service providers: These are bandwidth and connectivity providers

that manage network security products. They often provide remote monitoring, premises-

based technologies and cloud-based services through their Internet connections.

This Magic Quadrant reflects the requirements of customers that seek MSSPs with a global

presence and global delivery capabilities. The vendors that meet those requirements fall into the

latter two types of MSSPs.

In general, the MSS portfolios of these providers look broadly similar. Customer satisfaction with

services can be strongly related to customer expectations. Customers occasionally report

dissatisfaction related to objectively poor performance, including missed SLAs. However, it is more

common for dissatisfied customers to express disappointment related to subjective criteria that may

never have been made explicit to prospective providers, or to the MSSP selected.

Gartner customers using MSSPs express differing expectations regarding their type of relationship

with MSSPs. Expectations may range from frequent interactions and knowledge sharing among the

customer security staff and MSSP staff, to almost no interactions beyond the provision of periodic

reports of monitoring activity. Gartner recommends that prospective MSS buyers develop explicit

requirements for service delivery. MSSPs' responses to these requirements (including via

demonstrations, proofs of concept and the like) will enable customers to discern distinct differences

among the MSSPs.

Buyers should define expectations for the degree and quality of interaction with the MSSP's SOC

analysts, the features of the MSSP's portal that will support the customer's use cases, reporting for

operational and management reporting, the depth of threat and security intelligence offerings,

support for specific compliance requirements, and the MSSP's professional services capabilities.

Prospective buyers that evaluate MSSPs within the context of specific requirements will find that the

providers that best fit those requirements may come from any segment of the Magic Quadrant.

Not included in this Magic Quadrant analysis are smaller, regional or subregional providers, which

can include small pure plays and larger providers that do not have enough MSS business in multiple

regions to meet the inclusion criteria. Also excluded from this analysis are service providers that

provide MSSs only for their own technology, and that do not deliver services for commercial

technology.



Asia-Pacific Context

02 July 2014

Analyst(s): Craig Lawson, Andrew Walls

The adoption of managed security services in Asia/Pacific continues to grow, with most global

vendors in the 2014 MSSP Magic Quadrant facing strong competition from regional MSSPs. Depth

and breadth of services and language support vary widely, giving clients choice from many services

and prices.

Market Differentiators

This document was revised on 2 September 2014. The document you are viewing is the

corrected version. For more information, see the Corrections page on gartner.com.

The managed security service (MSS) market is estimated to be $13.8 billion globally and $3.6 billion

for Asia/Pacific in 2014, which is 26% of the global market. As a result, this particular service offering

is one of the more heavily contested IT services in the market today. Depth and breadth of services,

along with country and language support, vary widely within the large Asia/Pacific (APAC) region,

giving clients a range of services and prices from which to choose.

The APAC region is highly diverse in terms of geography, culture and economics. This diversity has

led to considerable opportunities for regional MSS providers (MSSPs) that have invested in

coverage and offerings leveraging these variables to differentiate their services. Global MSSPs

based outside of APAC are using their scale and brand awareness to compete in this market off the

backs of existing global clients that have an APAC presence. As a result, an increasing number of

both regional and global providers are continuing to develop and invest in the MSSP market in

APAC.

Due to the increasing importance of enterprise information security to businesses, Gartner

anticipates a steady growth and continuing maturity of the MSS market in APAC.

At a high level, there are two "classes" of MSSPs in the context of this report:

MSSPs with a primarily APAC-focused staff and client base

Global MSSPs targeting the APAC market, but with a small base of existing local customers

Considerations for Technology and Service Selection

Clients in Asia/Pacific continue to express a preference for providers with a security operations

center (SOC) and "feet on the street" in the region. This preference has aided the growth of local

providers with a more tailored approach that takes into account regional nuances. In response,

multinational providers have invested in the region — building SOCs and acquiring personnel —

which is diluting geography as a competitive differentiator. Migrating from internal management of

security infrastructure to an MSSP model is a complex process. The hurdles encountered often have

nothing to do with technology, but much to do with industry vertical considerations (for example,

data sovereignty perceptions and legislative mandates), IT organization preferences, and internal

social or political issues.

Gartner clients indicate that they choose MSSP providers, based on a combination of general

requirements, and are influenced by local presence. In particular, APAC clients are focusing on the

following:

SOC location within APAC

SOC staffing levels with in-region availability

Vendor market perception and sales visibility in APAC

Existing relationship with the vendor

Customer service within local time zones

Ability to deliver ancillary services with qualified local personnel

Notable Vendors

Vendors included in this Magic Quadrant Perspective have customers that are successfully using

their products and services. Selections are based on analyst opinion and references that validate IT

provider claims; however, this is not an exhaustive list or analysis of vendors in this market. Use

this perspective as a resource for evaluations, but explore the market further to gauge the ability of

each vendor to address your unique business problems and technical concerns. Consider this

research as part of your due diligence and in conjunction with discussions with Gartner analysts

and other resources.

AT&T

AT&T has a smaller MSSP presence in APAC, compared with its market share in Europe and the U.S.

The majority of AT&T's devices under management are with multinational corporations

headquartered outside of the region and needing consistent MSSP delivery and a single-vendor

relationship. AT&T also leverages its overall range of telecommunications services, such as voice,

video, data, ISP and distributed denial of service (DDoS), where MSSP is but one option in its

portfolio for a client to consider.

AT&T can be considered by clients that are already using its carrier and other services, or have a

large distributed office network globally or in APAC.

AT&T has eight SOCs: three in the U.S., one in Malaysia, two in India, one in South America, and

one in Eastern Europe. In total, AT&T has 2,000 employees in SOC engineering, sales and other

roles globally.

http://www.gartner.com/technology/about/policies/current_corrections.jsp



BT Assure

BT takes its MSS to market with the name "BT Assure." It has an APAC footprint via its two

dedicated SOCs, two customer-specific SOCs and its regionally focused specialist sales staff. BT's

local offerings include monitoring and management of on-premises devices, as well as network

controls as part of larger telecommunications and service offerings. BT is increasing its security

business unit sales and presales teams to provide better coverage in the region. BT's APAC

footprint lags behind that of EMEA and the U.S.

It has also invested in a heavily customized back-end "data pond" that is based on Hadoop. This

allows for its attractive client portal to be an effective tool for end users. Additionally, it enables BT

security analysts to develop sophisticated correlation rules that can operate over significant

datasets.

BT Assure can be considered by large and smaller organizations alike due to its experience as an

MSSP and the ease of use of its client portal.

BT Assure has four SOCs: one in Australia, one in Singapore and two in India. In total, BT has 235

employees in SOC engineering, sales and other roles in APAC.

Dell SecureWorks

Dell SecureWorks has continued to show growth in its global MSSP business and services offered

since its acquisition in 2011. Dell's acquisitions of SecureWorks and SonicWALL clearly show its

intention to compete and win share in the security market. SecureWorks offers a large range of

MSSP and complementary specialist security services centered around intelligence, consulting,

compliance and incident response.

A majority of its back end is based on internally developed technology for log and alert collection,

correlation and analysis. On-premises-based log retention and reporting are delivered via

commercial technology. SecureWorks has not had the same levels of market penetration in the

APAC geography that it has seen with its U.S. and European operations, to date. This is likely due

to less brand recognition, lack of a specific APAC focus, and strong competition from other global

and regional MSSPs.

Dell SecureWorks should be considered by global organizations with a footprint in APAC and by

organizations that value expertise in threat research and intelligence.

Dell SecureWorks has nine SOCs in the U.S., Scotland, Romania, India and Mexico. In total, Dell

SecureWorks has 240 employees in SOC engineering, sales and other roles in APAC.

e-Cop

e-Cop is headquartered in Singapore with other regional offices. It has a leading amount of SOCs

and other processing facilities in the APAC, dwarfing the footprint of the majority of global MSSPs

that operate in the APAC geography. e-Cop's ability to deliver SOCs in multiple countries has made

it an attractive alternative for clients such as regional governments and finance and health verticals,

where local staff and data sovereignty are both perceived and legislative imperatives for clients. Its

clients have historically been loyal and consistently rate e-Cop's services as good to excellent (see

"MarketScope for Managed Security Services in Asia/Pacific, 2012").

Due to its extensive geographical coverage, range of security services and competitive pricing, e-

Cop should be considered for any APAC-centered midsize enterprise.

e-Cop has eight SOCs in Singapore, Malaysia, Hong Kong, Thailand and India. In total, e-Cop has

more than 200 employees in SOC engineering, sales and other roles in APAC.

HCL

Headquartered in India, HCL offers a large range of MSS offerings and a broad range of IT

consulting, system integration and outsourcing services. HCL has expanded its customer portfolio

outside of its historical client base in India. However, based on a recent inquiry, few end-user

organizations in Southeast Asia or Australia indicate they include HCL on their shortlists for MSS.

The company has sales personnel throughout APAC and is now in 31 countries with over 90,000

employees. Previous client reviews of HCL are generally good.

HCL should be considered by APAC-centric businesses, large and small, with a broad range of

consulting and infrastructure management requirements, including risk and security management.

HCL did not provide details on SOC locations and staffing for this research.

HP

HP is a large provider of a broad range of security consulting and traditional and on-premises-based

MSS offerings. HP continues to build out a pure-play MSS as well as a large enterprise outsourcing

business that can both manage and monitor security technology. The HP MSS is growing but should

not be confused with its outsourcing business. HP MSS is part of the HP Enterprise Security practice

and leverages specialized security personnel for regional go-to-market execution.

HP has good APAC coverage, in addition to a new SOC opening in Sydney, Australia, and an

attractive client portal. HP should be considered by large organizations that seek a mix of

infrastructure, outsourcing and software, and need a sizable strategic IT partner.

HP has eight SOCs globally, and is in three APAC locations in Australia, Malaysia and India. HP did

not disclose its MSS APAC staffing levels.

IBM

IBM acquired, via Internet Security Systems (ISS), a market-leading APAC MSSP business. It offers a

full range of MSSP services, along with extensive consulting and integration services that can be

consumed as stand-alone or as part of a larger outsourcing arrangement. IBM uses internally



developed technology for data collection, correlation, log query and reporting. The Q1 Labs

acquisition further extends IBM's ability to provide on-premises security information and event

management (SIEM), as well as its traditional hosted log management solution.

IBM should be considered for its MSSP services where the enterprise has global service delivery

requirements; large outsourcing deals; strategic relationships with IBM; and finally, a preference for

APAC-located SOC delivery capabilities.

IBM has three SOCs in Australia, Japan and India. IBM did not disclose its MSS APAC staffing levels.

Network Box

Network Box is a Hong Kong-headquartered MSSP that operates a franchise business model. The

company licenses independently owned and operated SOCs that are primarily based in APAC, and

has a significant number of customers and devices under management. Network Box takes a

vertically integrated approach featuring patented push technology. It provides a standardized

hardware or virtual appliance, and develops and controls software and services to deliver its MSS

offering without using third-party security technology, with the exception being an OEM

arrangement with Kaspersky Lab for malware detection. This is a relatively unique approach in the

MSSP market — a franchise model that implements a vertically integrated offering. It does not offer

a broad range of managed security services, however — for example, no log management and

limited vulnerability assessment are available. Network Box is primarily focused on managing its

own technology at this time. In addition, customers that need unified monitoring across franchised

SOCs will receive that service via event forwarding to and problem management from the Hong

Kong SOC.

Network Box can be considered by small to midsize enterprises throughout APAC where having

branded security appliances is not a primary buying factor, and where the enterprise is looking to

address gateway network security as the MSS use case.

Network Box owns and operates the primary SOCs in Hong Kong, and franchise licensees own and

operate 16 SOCs in the U.S., the U.K., Germany, Dubai, Thailand, Taiwan, China, Singapore, South

Korea, Japan, Malaysia, Indonesia, Australia and New Zealand. There are also unstaffed processing

locations in the same geographies. In total, Network Box directly employs 60 people in SOC

engineering, sales and other roles in Hong Kong. Franchisees staff their own SOCs.

NTT

NTT has, through acquisitions, three MSSP businesses servicing APAC: Integralis (now called NTT

Com Security), Solutionary and earthwave (via Dimension Data, itself an acquisition of NTT). All

three of these MSSP acquisitions were well-regarded and competitive in their own right in different

geographies. NTT now has three MSSP "brands" all offering the same "service" in the APAC market.

Individually, all three are credible MSSPs with sizable numbers of clients and devices under

management. At this time, they are separate MSS offerings that will be merged partially (MSS back-

end processing, for example) or fully at some point in the future.

Clients with a majority of offices in the U.S. looking for APAC MSS coverage should consider NTT's

U.S. offering (Solutionary). Meanwhile, clients that are based primarily in Europe with APAC

branches or have a Japan-specific footprint should consider NTT Com Security (formerly Integralis).

All other APAC-centric clients should focus on Dimension Data, as this is the largest of NTT's security

practices in the region. Dimension Data's client portal is currently a leader in the APAC market. It

also has a significant system integration business covering consulting, cloud, integration,

outsourcing and maintenance that is leveraged to cross-sell its well-regarded MSSP service.

NTT has nine SOCs in Australia, New Zealand, Singapore, Malaysia, India and Japan — and seven

unstaffed processing locations in Japan, Hong Kong, Singapore, Thailand, Malaysia and Australia. In

total, NTT has 420 employees in SOC engineering, sales and other roles in APAC.

Paladion

Paladion is a pure-play service provider in the APAC region, headquartered from India, with

footprints in the U.S., Europe and the Middle East. Paladion offers a wide range of IT governance,

analytics, fraud management, security and compliance assessment, data protection, identity and

access management (IAM), and cloud and mobile security services, in addition to its MSSP offering.

With three SOCs in the region, it also offers the ability to build SOCs for clients, as well as deliver

traditional MSSP offerings. Historically, Paladion customers have rated its services as good to

excellent, and it is a steadily growing business unit within Paladion, growing at double digits.

For organizations that have a large footprint in India and stretch out into APAC, Paladion can offer a

range of services at very competitive price points.

Paladion has four SOCs: two in India, one in Malaysia and one in Vietnam. It also has two unstaffed

processing locations in the U.S. and United Arab Emirates. In total, Paladion has 295 employees in

SOC engineering, sales and other roles in APAC.

Symantec

Symantec has local APAC language availability, a visually attractive client portal, mature staffing and

training models, and a global reach.

Some APAC clients may find this offering suboptimal, because all data resides in the U.S., and some

technology management capabilities like firewalls are being depreciated in favor of analytics. While

its APAC business is growing, there is a delta in the size of Symantec's devices under management

in North America versus APAC that is behind the market average.

Symantec appears regularly on shortlists and can be considered by large APAC organizations or

global organizations with a footprint in APAC. Symantec has three SOCs in India, Australia and

Japan. In total, Symantec has 395 employees in SOC engineering, sales and other roles in APAC.



Tata Communications

Tata Communications is a large telecommunications provider that is headquartered out of India,

has a global presence and offers a good range of services in the market. These include on-premises

DDoS, proxy, clean pipe, secure extranet, authentication, SIEM, next-generation firewall (NGFW),

unified threat management (UTM), intrusion prevention system (IPS), Web application firewall (WAF)

and data loss prevention (DLP). While its MSS is a direct offering, it is also taken to market as an

adjunct to its primary offerings around hosting, data and voice products.

Tata Communications is rarely seen on Gartner shortlists outside of India, and competitors also

infrequently list Tata Communications as a competitor. At this time, its primary client base is APAC

only. It offers a competitive range of services that includes some cloud coverage for virtual firewalls

or UTM, and a competitive and useful client access portal. Its MSS is also supplemented by

professional security services.

Tata Communications can be considered by clients who have an existing relationship with Tata

Communications, are headquartered in India with an APAC focus, or have price sensitivity as a

primary driver in their MSS requirements.

Tata Communications has two staffed SOCs: India and Singapore. It also has four unstaffed

processing locations in India, Hong Kong and Singapore. In total, Tata Communications has 40

employees in SOC engineering, sales and other roles in APAC.

Telstra

Telstra is Australia's largest telecommunications provider that offers a large number of adjacent

services to its core offerings, including MSS. It previously had a partnership with IBM to deliver some

MSS and is now slowly transitioning these clients over to its own internal business unit. It also

offers consulting services to complement its offerings.

Being the largest telecommunications provider in Australia, it also has a strong DDoS offering, which

complements its strength as an ISP. Compared with other APAC-centric MSSPs, Telstra has a

credible number of clients and devices under management — however, its clients are almost

exclusively within the Australian market. Telstra has also announced its intention to expand

throughout the region, including its security practice, of which MSS is a part.

Telstra should primarily be considered for Australia-centric businesses that are using Telstra's

services already, or for businesses that are primarily based in Australia.

Telstra does not regularly appear on shortlists of Gartner's APAC clients. Telstra has two SOCs in

Australia. In total, Telstra has 395 employees in SOC engineering, sales and other roles in APAC.

Verizon

Verizon's APAC business does not have the same level of penetration as its U.S. and EMEA

operations have achieved. It offers the capability to support management of on-premises SIEM, as

well as traditional MSSP "off-premises" management via a very functional client Web portal. Verizon

has a respected research and investigation team that complements its MSSP operation. Clients

benefit from this by receiving Verizon threat intelligence data. Additionally, Verizon can offer DDoS

services to its ISP clients.

Organizations that require global coverage, a range of MSS offerings and strong specialist security

services like incident response should consider Verizon. In addition to four security processing

locations in North America and Europe, Verizon has one SOC in APAC located in Canberra, Australia.

In total, Verizon has more than 500 employees in SOC engineering, sales and other roles in APAC.

Wipro

Wipro delivers a broad range of IT services around the globe. Its APAC MSSP client base and

number of devices under management, while substantial, are smaller than its client bases in the

U.S. and EMEA, respectively. Customers have rated Wipro's services as very good. Wipro regularly

appears on shortlists throughout the region, especially in the Indian subcontinent. Wipro's strength

in system integration and consulting has produced a sound project-managed onboarding process.

An ideal client for Wipro is an organization that requires a broad range of consulting, system

integration and project management services either in a single country or throughout larger

geographies.

Wipro has eight SOCs: two in the U.S., one in Europe, four in India and one in Malaysia. It also has

five unstaffed processing locations in Germany, and two each in the U.S. and India. In total, Wipro

has 500 employees in SOC engineering, sales and other roles in APAC.

Note: This perspective was added to this Magic Quadrant on 25 July 2014 as a planned enhancement to

the reading experience. The perspective was originally published on 2 July 2014 as a separate document.

This content contains no new information from when it was originally published.

Europe Context

22 July 2014

Analyst(s): Carsten Casper, Oliver Rochford

National champions, niche players and regional operations of global providers characterize the

European market. The ability to fulfill local data residency requirements is the main factor that

differentiates them.

Market Differentiators

The managed security service (MSS) market in Europe is stable, but complex. Different types of



providers compete, and are often compared against one another on customer shortlists:

Global providers emphasize their broad geographic reach, which sometimes encompasses

merely several countries rather than the globe, and their footprint in Europe varies.

In the largest countries — Germany, France, the U.K. and Spain — providers that dominate the

telecommunications market also push their security service offerings. This is most successful

for network-based services.

Some markets — in particular, Germany — consist of a large number of midsize companies in

sectors like manufacturing. Although many of them are world leaders in their particular

markets, they are still often run as private or even family businesses where trust, long-term

commitment and established relationships are important. This nourishes an ecosystem of IT

vendors and providers, including providers of MSS.

A few providers have carved out a niche with a particular type of security service — mostly

around vulnerability scanning, penetration testing, threat intelligence and forensics — and

offer this service across multiple European countries.

Recent and ongoing headlines about the U.S. National Security Agency and the potential use of

governmental investigational powers under the USA Patriot Act have reinforced the data protection

concerns of European MSS clients. These concerns tend to inhibit adoption among customers

considering MSS offerings from U.S. companies. Even if the security information does not directly

include confidential corporate information, it is considered sensitive enough to trigger an additional

risk analysis — thus playing in favor of providers from Europe, with a detailed understanding of

European data residency requirements and with European data centers.

Considerations for Technology and Service Selection

The market for MSS in Europe is mature — in 2014, Gartner predicts a revenue growth of about

14%. However, this revenue growth comes largely from an existing client base. Most vendors in the

European market for MSS experienced only a small growth in the number of customers in 2013,

while some reported a net loss of customers.

The motivation to use an MSS provider (MSSP) and the specific functional requirements of large

European customers are not much different from those of North American customers. It's usually a

lack of internal resources, a gap in security skills, or simply the company's strategy to focus on core

business functions that drive European companies to engage an MSSP. In recent years, companies

are also concerned about their inability to address external attacks and undetected corporate

espionage, manage an ever-larger amount of security log information, and show the value of costly

security services to business management. This is reflected in the choice of security services — such

as external security monitoring, vulnerability scanning, penetration testing and threat intelligence —

in addition to the classic network security services.

Concerns about not being able to defend against corporate espionage are common in Europe but

so also is the fear that engaging a foreign provider creates additional potential for information

leakage. This has somewhat inhibited growth in Europe and driven potential customers to carefully

evaluate capabilities of providers that focus on Europe in terms of data residency, meeting privacy

requirements and complying with local government standards (see also "The Snowden Effect: Data

Location Matters").

Three major elements differentiate the market in Europe from the market in the U.S. (and to some

extent, the Asia/Pacific market):

Trust — Above and beyond functional capabilities, support for new and innovative technology,

efficient operations of currently deployed technology, and a competitive price, the relationship

with the provider is what determines the outcome of a prospective deal. This plays in favor of

providers with a local presence, small providers with an existing relationship, or established

vendors that also offer telecommunications or outsourcing services, in conjunction with

reputation and brand name.

Language — Most IT departments will be satisfied with English language portals and

operational support in English. However, creating and maintaining a trust relationship with

business stakeholders and decision makers is most effective if the provider staff can

communicate in the local language, understand regulatory concerns and address relationship

issues directly. Some European customers, especially governments or local authorities, may

even stipulate localized language support as a requirement.

Residency — Requirements vary by country and industry, and concerns raised during an RFP

do not always translate into extra spending for local storage. European customers are aware

that global threat visibility requires global data sharing. The solution is often to filter or

aggregate sensitive data in-country or on-premises. Details are explained in the descriptions

of many providers in the section below.

For additional considerations on technology and service selection, see the corresponding sections in

"Magic Quadrant for Global MSSPs."

Notable Vendors

Vendors included in this Magic Quadrant Perspective have customers that are successfully using

their products and services. Selections are based on analyst opinion and references that validate IT

provider claims; however, this is not an exhaustive list or analysis of vendors in this market. Use

this perspective as a resource for evaluations, but explore the market further to gauge the ability of

each vendor to address your unique business problems and technical concerns. Consider this

research as part of your due diligence and in conjunction with discussions with Gartner analysts

and other resources.

Gartner is aware of more than 70 providers of security services in Europe. Many of them thrive in a

particular niche, such as an industry segment, country or region, or they offer a subset of security

services:

Atos is a global provider of MSS with a strong presence in Europe, being born out of a merger

with Siemens IT Solutions and Services. It operates three global security operations centers



(SOCs) in North America, Europe and Asia/Pacific, supported by more than 10 regional SOCs in

Europe. Atos offers strong security consulting and system integration services as well.

Telefónica, headquartered in Spain, offers an almost complete portfolio of security services in

Europe, with a focus on network security services and log management. It has SOCs in Spain

and in the U.K., and additional security capabilities in Germany.

T-Systems is the IT services subsidiary of Deutsche Telekom. It offers a full range of MSS from

seven shared or dedicated SOCs in Germany, Hungary and Slovakia, as well as identity and

access management (IAM), often integrated with IT services and communications services.

HCL Technologies and Wipro are India-headquartered global IT services companies that

serve the European market in multiple countries with a mix of on-site staff and offshore SOCs,

providing security services integrated with IT outsourcing.

Open Systems AG is based in Switzerland, but has international SOCs and offerings. It

provides a variety of managed services, including network device management and

monitoring, and managed IAM.

Mnemonic from Norway offers standard MSS and security monitoring, combined with threat

intelligence delivered from its own platform.

Above Security, headquartered in Canada, acquired SecureIT, a security firm based in

Switzerland. Services include incident response management, intrusion prevention, log and

event monitoring and correlation, and vulnerability assessments. Its emphasis on risk

management resonates with a business-level audience.

Unisys is a provider with customers and SOCs in all regions, including Europe, offering MSS as

well as stealth VPNs.

Accumuli Security in the U.K., formerly known as Boxing Orange, offers network security, log

management and security analytics. Other U.K. MSSPs are Caretower, ITC Secure

Networking, SecureData, BAE Systems Applied Intelligence and Khipu Networks.

MSS GmbH is an MSSP from Germany with customers in Europe and beyond. Computacenter

is active in Germany as well as in the U.K., providing IT infrastructure and security

management. Other providers from Germany are Electronic Service Center (ESC) and SSP

Europe.

Kahuna and Onsight are two providers that serve the Dutch market with managed security

services and solutions.

There are many more providers in Europe, usually with a geographic or topical focus, such as the

following groups:

MSSPs with a national focus are Sentor (Sweden), United Security Providers (Switzerland),

S2 Grupo (Spain) and the French telecommunications operator SFR Business Team.

European providers that offer MSS in conjunction with IT or communications services are Level

3 Communications, Network Box, Getronics and Steria.

Several providers offer a range of security services, often including MSS, with an industry

sector expertise that differentiates them from the rest of the market — for example, QinetiQ,

Cassidian, Thales (all defense security), Sogeti (a Capgemini subsidiary — process control

network security) and Kudelski Security (media and broadcasting security, expanding into

other industries).

The following European providers offer a specific subset of security services: Fox-IT

(Netherlands — threat detection and intelligence, and forensic response), Outpost24 (Sweden

— vulnerability management), Integrity (Portugal — persistent penetration testing called

Keep-It-Secure-24), Spamina (Spain — email security), Secucloud (Germany — cloud security

systems), Retarus (Germany — email security) and Nixu Software (Finland — vulnerability

management).

The following providers were all rated in the global MSSP Magic Quadrant. This means they also

have a substantial client base in Europe, which was part of the Magic Quadrant's inclusion criteria.

AT&T

AT&T deploys a globally consistent delivery model in North America, Europe and elsewhere,

regardless of which country the services are provided in or from. There are no regional differences

outside of legal requirements for delivery in certain countries (where AT&T subcontracts with a local

integrator to implement changes if necessary). AT&T delivers security services that are mostly

network-based, such as firewall management, intrusion detection and Web application firewalls,

although AT&T supports premises-based business as well.

BT

BT has a strong business in Europe, where two-thirds of its customers are based — typically,

enterprises. It operates eight SOCs in Europe alone, including satellite SOCs in major European

cities, staffed to varying degrees. BT covers the whole range of security services as defined in the

Magic Quadrant. The U.K. and France BT Assure Threat Monitoring instances are separate from the

U.S. or global instances for servicing customers who are subject to EMEA data protection

regulations. BT has security showcase and demonstration facilities at the BT Centre in London and

is looking for new local talent with its U.K. Cyber Security Challenge. BT provides comprehensive

MSS to U.K. government entities up to and including Business Impact Level 6 (IL6).

CSC

CSC has dozens of customers across Europe, predominantly in the U.K., Ireland and Scandinavia.

Services in Europe focus on monitoring firewalls and operating log management solutions. Its two

European SOCs are in the U.K., and one of them supports government clients.

CSC's strategy is to have a global logical SOC with multiple connected SOCs in most world regions.

Security incidents discovered anywhere in the world are immediately made available to all SOCs.

However, global threat information is carefully examined to ensure it is in compliance with

regulatory and legislative mandates before it is shared with other SOCs. This may create a local

instance that is kept only in a geography where intelligence sharing outside of that boundary is



prohibited by law. For instance, IP addresses in Germany are kept in that locale.

Dell SecureWorks

Dell SecureWorks is active in all regions of Europe, including the U.K., Ireland, France, Germany,

Nordics, Benelux and the Middle East, offering a nearly complete portfolio of security services. One

of seven global SOCs is located in the U.K. Dell SecureWorks maintains a separate MSS delivery

platform in Europe for customers requiring local data storage. However, according to Dell

SecureWorks, a majority of its European customers find it acceptable to use the U.S. delivery

platform, which means its infrastructure is remotely managed with data storage in the U.S. Also, a

Hadoop cluster that stores all log results and enables fast correlation and full search is a global

capability, although it does support variations in event collection policies to support local data

privacy mandates, removing sensitive data from the log streams.

Dell SecureWorks uses a direct sales model for its primary markets; however, Dell SecureWorks

leverages its Dell counterparts and its channel partners to provide additional coverage in Europe.

HP

HP is a global provider of IT and security services with significant growth in Europe, supported by its

enterprisewide (rather than infrastructure-focused) approach to risk management. It offers a whole

range of security services, with a focus on endpoint protection, data loss prevention, vulnerability

scanning, network security devices, and security information and event management (SIEM).

HP is able to monitor and manage security infrastructure across all world regions, with global

visibility and yet a localized response. This is implemented with a two-tier SOC strategy, where

regional or sector-specific SOCs (which are operational in the U.K., Spain and Bulgaria and planned

for Germany) address areas with high regulation or compliance requirements, heavily concentrated

user demand, and high-threat areas requiring a rapid response.

IBM

IBM is a global MSSP that has strengthened its European delivery teams to meet local market

requirements. IBM has its SOC in Belgium and has now added an SOC in Poland and a partnership

in Riyadh, Saudi Arabia. It focuses on IT transformation projects, data center transformation,

mobility, data residency concerns and cloud as general acceptance for outsourcing continues to

grow. European staff members work as liaisons with the worldwide delivery and SOC teams.

In several industries such as financial services, retail and healthcare, IBM focuses on France,

Germany, Italy and the U.K. The MSS customer portal is fully localized in French, German, Italian,

Portuguese and Spanish. In Europe, IBM has long-standing partnerships with BT and Sita. In terms

of number of customers, EMEA is the third-most-important region for IBM.

NTT

As part of NTT, which also includes Dimension Data and Solutionary, NTT Com Security is a global

provider of MSS under its WideAngle brand and is the largest of NTT's security practices in the

European region. NTT Com Security was formed from a number of Europe-based acquisitions in

recent years, including Integralis and Secode, and operates SOCs in Norway, Sweden, the U.K. and

Germany, with a specific European customer focus on the U.K., Ireland, German-speaking countries,

Nordics and France.

The portfolio in Europe includes managed and professional services for firewalls, unified threat

management (UTM) and network intrusion prevention — as well as endpoint protection, SIEM and

log management, Web and message gateways, and vulnerability scanning. Data is stored in

regional data centers, which are multitenanted. Data is captured on-site and is then centralized for

customer and engineer reporting and management.

Orange Business Services

Orange Business Services (OBS) is a large MSSP in Europe, based on the number of customers and

revenue. In France, the number of midsize and small business customers is slightly higher than in

the rest of Europe. It delivers security services on firewalls, intrusion prevention systems,

multifunction security devices and secure Web gateways, as well as SIEM and log management.

The customer portal is available in English and French. In France, OBS pioneered a new type of

security and privacy service. Anonymization as a service (called Flux Vision) enables the use and

analysis of large amounts of sensitive telecommunications data in compliance with strict local

privacy regulations.

OBS emphasizes its CyberSOC and analytics capacity in Western Europe. Many customers request

to store data (logs and events) in one of the three European data centers, even for non-European

clients. This helps win business against U.S.-based providers. As an incumbent telecommunications

company, OBS is also well-positioned to deliver services in compliance with local regulations on

critical infrastructure protection.

Symantec

Symantec is a global MSSP that combines global visibility with attention to regional differences.

Device, application and log data is aggregated, analyzed and stored within the North American data

center. The SOC in India serves as a global resource, supporting all regional SOCs outside regional

business hours. The European SOC is located in the U.K., providing services to Europe, the Middle

East and Africa. Analysts provide personalized care to review customer security event information.

The European SOC maintains attestation to industry security standards by external third parties. In

addition, assets can be tagged with various compliance policy restrictions, including those that

contain personal data, enabling faster filtering of the related assets to a required report. Sales

teams use local-language fluency wherever possible, to communicate with the greatest clarity in

order to establish Symantec as a trusted security advisor.

Trustwave



Trustwave is a global provider of MSS, with a globally consistent strategy. Ninety percent of

Trustwave's customers are in North America. Half of Trustwave's European customers are in the

U.K. and Ireland, while the other half are more or less equally distributed across all other major

European countries. The European SOC is located in Poland. Trustwave works with local partners

throughout EMEA, including the U.K. and Germany. Trustwave's security service focus is on threat

management and event monitoring, network protection and access control, application security,

content security, and anti-malware. The portal is also available in Spanish, while scanning and

compliance sections are also available in German, French and many other European languages.

Trustwave's hybrid on-premises and cloud SIEM architecture was created to support in-country or

on-premises data storage requirements, especially for EMEA countries with data privacy and

location sensitivity (for example, Germany). Trustwave also offers data-location-sensitive customers

a full on-premises technology stack to meet local data privacy requirements.

Verizon

Verizon has a substantial customer base in Europe — largely, enterprise customers. Demand is

driven by managed WAN deals with security services tied to them, as well as by industrial control

system security requirements in the manufacturing sector. Moreover, Verizon operates an SOC in

Luxembourg to address country requirements in the financial sector and clients with European data

sovereignty requirements. For additional charges, Verizon can provide systems and storage that

are not multitenant (using commercial SIEM instead of Verizon's MSS platform). Verizon also

operates regional denial of service (DoS) mitigation centers and maintains Hadoop nodes per

region as part of large-scale security analytics launched in 2014. Verizon also has a partnership

with Swisscom.

Note: This perspective was added to this Magic Quadrant on 25 July 2014 as a planned enhancement to

the reading experience. The perspective was originally published on 22 July 2014 as a separate

document. This content contains no new information from when it was originally published.

© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be

reproduced or distributed in any form without Gartner’s prior written permission. If you are authorized to access this publication, your use of it is subject to the

Usage Guidelines for Gartner Services posted on gartner.com. The information contained in this publication has been obtained from sources believed to be reliable.

Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies

in such information. This publication consists of the opinions of Gartner’s research organization and should not be construed as statements of fact. The opinions

expressed herein are subject to change without notice. Although Gartner research may include a discussion of related legal issues, Gartner does not provide legal

advice or services and its research should not be construed or used as such. Gartner is a public company, and its shareholders may include firms and funds that

have financial interests in entities covered in Gartner research. Gartner’s Board of Directors may include senior managers of these firms or funds. Gartner research

is produced independently by its research organization without input or influence from these firms, funds or their managers. For further information on the

independence and integrity of Gartner research, see “Guiding Principles on Independence and Objectivity.”

About Gartner | Careers | Newsroom | Policies | Site Index | IT Glossary | Contact Gartner

http://www.gartner.com/technology/about/policies/usage_guidelines.jsp

http://www.gartner.com/technology/about/ombudsman/omb_guide2.jsp

http://www.gartner.com/technology/about.jsp

http://www.gartner.com/technology/careers

http://www.gartner.com/it/products/newsroom

http://www.gartner.com/technology/about/policies/guidelines_ov.jsp

http://www.gartner.com/technology/site-index.jsp

http://www.gartner.com/technology/it-glossary

http://www.gartner.com/technology/contact/contact_gartner.jsp

Documents

Magic Quadrant for Global MSSPs - IT Q&Astatic.itqa.nl/downloads/Magic_Quadrant_for_Global_MSSPs.pdf · 10/27/2014 Magic Quadrant for Global MSSPs ... MSSs are based on commercial