Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
10/27/2014 Magic Quadrant for Global MSSPs
http://www.gartner.com/technology/reprints.do?id=1-1TEY8UZ&ct=140424&st=sb 1/19
Magic Quadrant for Global MSSPs
26 February 2014 ID:G00247003
Analyst(s): Kelly M. Kavanagh
VIEW SUMMARY
Managed security services is a mature market with offerings from established service providers.
This Magic Quadrant presents enterprise buyers with advice on selecting MSS providers to support
global service requirements.
Market Definition/Description
For the purposes of this research, Gartner defines managed security services (MSSs) as "the
remote monitoring or management of IT security functions delivered via shared services from
remote security operations centers (SOCs), not through personnel on-site." Therefore, MSSs do not
include staff augmentation, nor any consulting or development and integration services.
MSSs broadly include:
Monitored or managed firewalls or intrusion prevention systems (IPSs)
Monitored or managed intrusion detection systems (IDSs)
Distributed denial of service (DDoS) protection
Managed secure messaging gateways
Managed secure Web gateways
Security information and event management (SIEM)
Managed vulnerability scanning of networks, servers, databases or applications
Security vulnerability or threat notification services
Log management and analysis
Reporting associated with monitored/managed devices and incident response
This Magic Quadrant evaluates monitored/managed firewall and intrusion detection and prevention
(IDP) functions, as well as log management services, rather than other elements of the services we
have listed. Firewall, IDP and log collection form the core of most MSS engagements. The vendors in
the Magic Quadrant are evaluated on their ability to support customers with global service
requirements.
Magic Quadrant
Figure 1. Magic Quadrant for Global MSSPs
ADDITIONAL PERSPECTIVES
Geography: Asia-Pacific | Europe
EVIDENCE
Gartner customer inquiries and information
sharing related to MSSPs
Analyst interactions with Gartner customers via
inquiries and meetings
Survey of MSSPs
Survey of MSS reference customers
EVALUATION CRITERIA DEFINITIONS
Ability to Execute
Product/Service: Core goods and services
offered by the vendor for the defined market.
This includes current product/service capabilities,
quality, feature sets, skills and so on, whether
offered natively or through OEM
agreements/partnerships as defined in the
market definition and detailed in the subcriteria.
Overall Viability: Viability includes an assessment
of the overall organization's financial health, the
financial and practical success of the business
unit, and the likelihood that the individual
business unit will continue investing in the
product, will continue offering the product and will
advance the state of the art within the
organization's portfolio of products.
Sales Execution/Pricing: The vendor's capabilities
in all presales activities and the structure that
supports them. This includes deal management,
pricing and negotiation, presales support, and the
overall effectiveness of the sales channel.
Market Responsiveness/Record: Ability to
respond, change direction, be flexible and
achieve competitive success as opportunities
develop, competitors act, customer needs evolve
and market dynamics change. This criterion also
considers the vendor's history of responsiveness.
Marketing Execution: The clarity, quality,
creativity and efficacy of programs designed to
deliver the organization's message to influence
the market, promote the brand and business,
increase awareness of the products, and establish
a positive identification with the product/brand
and organization in the minds of buyers. This
"mind share" can be driven by a combination of
publicity, promotional initiatives, thought
leadership, word of mouth and sales activities.
Customer Experience: Relationships, products
and services/programs that enable clients to be
successful with the products evaluated.
Specifically, this includes the ways customers
receive technical support or account support. This
can also include ancillary tools, customer support
programs (and the quality thereof), availability of
user groups, service-level agreements and so on.
Operations: The ability of the organization to
meet its goals and commitments. Factors include
the quality of the organizational structure,
including skills, experiences, programs, systems
and other vehicles that enable the organization to
operate effectively and efficiently on an ongoing
basis.
Completeness of Vision
Market Understanding: Ability of the vendor to
understand buyers' wants and needs and to
translate those into products and services.
Vendors that show the highest degree of vision
listen to and understand buyers' wants and
needs, and can shape or enhance those with their
added vision.
Marketing Strategy: A clear, differentiated set of
messages consistently communicated throughout
10/27/2014 Magic Quadrant for Global MSSPs
http://www.gartner.com/technology/reprints.do?id=1-1TEY8UZ&ct=140424&st=sb 2/19
Source: Gartner (February 2014)
Vendor Strengths and Cautions
AT&T
Headquartered in Dallas, and with regional offices in Hong Kong and London, AT&T offers security
monitoring and management services for customer-based and network-based security controls —
including wireless — in addition to a wide range of other IT and telecommunications services. AT&T
MSSs are based on commercial and self-developed technologies for alert and log collection, real-
time correlation, reporting, and device management. Workflow is supported by the AT&T
BusinessDirect portal. Query and browsing of log data are supported via commercial and self-
developed technologies. AT&T offers log management via on-premises solutions. Log management
and MSS functions must be accessed through separate portals. Integration of these functions into a
single portal remains planned. AT&T's advanced threat offering is the Security Event and Threat
Analysis (SETA) service, which includes correlation and analysis of data from customer devices and
the AT&T network, with customer-specific configuration and response templates. Three SOCs are
located in the U.S., two in Asia/Pacific and one in Europe, and multilingual support is available.
Enterprises should consider AT&T if they require a global service provider with a broad range of
service offerings and deployment capabilities that include premises-based and network-based
options. Customers of other AT&T services that seek MSSs from an incumbent provider should also
consider AT&T.
Strengths
AT&T has good visibility among Gartner customers, and is often included in competitive MSS
evaluations.
AT&T's network-based security controls are mature security management and monitoring
offerings that are attractive to MSS customers with remote and branch office coverage
requirements.
AT&T is an established and stable service provider, with delivery capabilities in multiple
geographic regions.
Cautions
The MSS portal continues to lack standardized asset reporting as well as the log browsing
capabilities that are available in several competitors' portals.
Log management functions must be accessed from a portal that is distinct from the MSS portal.
The customization features of the MSS portal are not as extensive or self-service-capable as
those in competitors' portals.
BT
BT is headquartered in London and has offices across the globe, including a regional presence in
Texas and Hong Kong. BT's MSS offerings include monitoring and management of customer
premises deployed devices and network-based security controls as part of its larger portfolio of
telecommunications and IT services. BT uses self-developed technology for log and event collection,
correlation, query, reporting, and device management. Commercial technology supports workflow.
In addition to its MSS, BT offers Assure Analytics, an extension that provides additional analysis and
visualization capabilities. BT has two European SOCs and three Asia/Pacific SOCs staffed 24/7, with
an additional nine SOCs worldwide. Capabilities to detect targeted attacks and provide advanced
analytics are focused on larger customers and delivered via add-on services, including a social
the organization and externalized through the
website, advertising, customer programs and
positioning statements.
Sales Strategy: The strategy for selling products
that uses the appropriate network of direct and
indirect sales, marketing, service, and
communication affiliates that extend the scope
and depth of market reach, skills, expertise,
technologies, services and the customer base.
Offering (Product) Strategy: The vendor's
approach to product development and delivery
that emphasizes differentiation, functionality,
methodology and feature sets as they map to
current and future requirements.
Business Model: The soundness and logic of the
vendor's underlying business proposition.
Vertical/Industry Strategy: The vendor's
strategy to direct resources, skills and offerings to
meet the specific needs of individual market
segments, including vertical markets.
Innovation: Direct, related, complementary and
synergistic layouts of resources, expertise or
capital for investment, consolidation, defensive or
pre-emptive purposes.
Geographic Strategy: The vendor's strategy to
direct resources, skills and offerings to meet the
specific needs of geographies outside the "home"
or native geography, either directly or through
partners, channels and subsidiaries as
appropriate for that geography and market.
10/27/2014 Magic Quadrant for Global MSSPs
http://www.gartner.com/technology/reprints.do?id=1-1TEY8UZ&ct=140424&st=sb 3/19
media monitoring service, Assure Analytics and consulting engagements. Customers of other BT
services that are seeking MSS as well as additional analytics and visualization capabilities should
consider BT.
Strengths
BT has a broad range of security offerings for MSS globally, as well as for security consulting,
cybersecurity services, secure networking, business continuity, identity and access
management, technology deployment, and integration.
BT gets good marks from users for security expertise in support of its MSS delivery.
Cautions
BT continues to have much lower visibility among MSS buyers in North America and Asia/Pacific
than in Europe.
Customers use the BT Assure Threat Monitoring Web portal for searching, browsing and
reporting security-relevant raw log data, and a premises-based appliance user interface to
access non-security-relevant raw log data.
CenturyLink
CenturyLink is based in Monroe, Louisiana, and has offices in Singapore, Hong Kong, London and
throughout North America. It provides MSS as well as infrastructure as a service, software as a
service (SaaS), Web hosting, colocation and network services. MSS customers have primarily been
customers of CenturyLink's infrastructure services. MSS is delivered through a combination of
commercial and self-developed technology for data collection, correlation and analysis, reporting,
and log management. CenturyLink has three SOCs in North America, with an additional SOC in
Europe and one in Asia/Pacific. Advanced analytics to detect targeted attacks are embedded within
the MSS capabilities, and are based on monitoring third-party security technologies. CenturyLink's
infrastructure and network services customers should consider the company for managed security.
Strengths
CenturyLink's enterprise and small or midsize business customers for network services can
augment their relationships with CenturyLink via MSSs.
CenturyLink's rationalization of security services across its lines of business has enabled a
more focused and consistent delivery of MSSs.
Cautions
CenturyLink does not appear on Gartner customer shortlists for MSSs.
The CenturyLink MSS portal lags competitors' portals in several areas, including customization,
asset tracking, and correlation across data sources and user data.
CSC
CSC is headquartered in Falls Church, Virginia, with regional offices in Sydney, Singapore and the
U.K. CSC delivers its MSS as a stand-alone service, and as a complement to its IT outsourcing and
consulting services to enterprises and government agencies. CSC is in the process of standardizing
its MSS delivery capabilities across all regions using commercial SIEM technology for data collection
and correlation, real-time alert generation, and log management. The self-developed Pulse Portal
provides access to alerts, reporting, ticketing and workflow. CSC has four SOCs in the U.S., two in
Europe and three in Asia/Pacific. New offerings to address advanced targeted attacks are available
and include network and payload analysis. Preliminary endpoint analysis and forensics are available
via managed services, with more in-depth forensics available as a consulting engagement. CSC
outsourcing customers and enterprises, especially those in the defense industrial base and financial
services industries, should consider CSC for MSSs.
Strengths
CSC's efforts to standardize MSSs across regions now provide global event visibility to SOC
analysts, and should result in enhanced effectiveness for multiregional customers.
Customers give good marks for the security expertise of CSC's staff, as well as for their
understanding of the customer environment.
CSC's security expertise supports its strong presence in the U.S. federal government and the
U.K. government, in financial services and in critical infrastructure markets.
Cautions
CSC does not fully market its stand-alone MSS. Also, CSC is rarely included on Gartner
commercial customers' shortlists for stand-alone MSS deals.
Organizations considering CSC for MSSs should evaluate the current state and progress
toward the completion of global service standardization to ensure that the capabilities needed
in all regions are available to meet deployment requirements.
Dell SecureWorks
Dell is headquartered in Texas, and Dell SecureWorks is headquartered in Atlanta, with five regional
offices in the U.S. — plus Edinburgh, Scotland, London and Tokyo, with additional offices in
Asia/Pacific and Europe. Dell SecureWorks offers MSSs as well as security consulting, incident
response and threat intelligence services. MSS delivery is based on self-developed technology for
log and alert collection, for real-time correlation and analysis, and for presentation/reporting via
portal. Premises-based log retention and reporting are delivered via commercial SIEM technology.
The Dell SecureWorks Counter Threat Unit provides threat intelligence, malware analysis and
analytic support for MSS operations. Customers may buy threat intelligence services as part of an
MSS subscription. Five SOCs are located in the U.S., with additional SOCs in the U.K., India, Mexico
and Eastern Europe. Advanced attack detection is offered within existing MSSs and includes threat
feeds, correlation, and analysis of historical events to identify anomalies. Midsize organizations that
want to meet compliance requirements, and enterprises looking for full-featured MSSs, should
consider Dell SecureWorks.
10/27/2014 Magic Quadrant for Global MSSPs
http://www.gartner.com/technology/reprints.do?id=1-1TEY8UZ&ct=140424&st=sb 4/19
Strengths
Dell SecureWorks is very visible to Gartner customers and is typically included in competitive
MSS deals.
Gartner customers offer strong praise for Dell SecureWorks' MSS delivery, security expertise
and relationship management. The security expertise available through the Counter Threat
Unit is often cited as a differentiator.
The MSS portal receives very good marks from customers.
Cautions
Dell's ownership changes offer less visibility into its business operations, including the
positioning and emphasis placed on security products and services.
Although reports of issues to Gartner have been minimal to date, customers should continue
to monitor Dell SecureWorks' service delivery to ensure that MSS geographic expansion and
any shift in Dell's business focus do not dilute its MSS delivery capabilities.
Dell SecureWorks' cautious expansion beyond the Japanese market may result in prospects
having limited references in the Asia/Pacific region, and not as much ready access to presales
interaction.
HP
HP is headquartered in Palo Alto, California, with MSS locations in Australia, London and Plano,
Texas. HP has a broad security portfolio of professional and managed services; technologies for
SIEM, application security and network security; and extensive offerings of additional IT products
and services. HP's MSS is based on several self-developed and commercial technologies for data
collection, correlation/alerting, query and reporting. Workflow and ticketing use HP technology, and
tools for customer deployment provide workflow support. HP has two SOCs in the U.S., one in Latin
America, three in Europe and two in Asia/Pacific. HP offers a portal for MSS and uses the HP ArcSight
console for log management. HP offers a separate governance, risk and compliance-oriented portal
for executive dashboards. The HP MSS portal provides role-based access, ticketing and security
reporting features. Log management is delivered via HP ArcSight ESM and ArcSight Logger in hosted
or on-premises deployments. Log management features are available via the HP ArcSight portal.
HP's targeted attack detection and advanced analytics capabilities are embedded in its MSS
offerings, and are supported with threat feeds, vulnerability information, the detection capabilities
of HP ArcSight, and expert analysis. Enterprises and midsize companies with HP IT services or
security technology services should consider HP for MSSs.
Strengths
HP is a large, stable provider of MSSs and other security services. It has a multiregional
presence and delivery capabilities.
HP's broad technology and service delivery options enable extensively customized MSS
engagements, including technology bundling and hybrid delivery options.
Cautions
The HP MSS portal lacks the user correlation and asset and vulnerability reporting capabilities
that are available in competitors' portals. Potential customers should validate that HP's current
capabilities and enhancement plans meet their deployment and operations requirements.
Gartner customers report challenges in differentiating and navigating among HP's security
monitoring capabilities, which are available, in differing forms, from HP's product, outsourcing
and discrete MSS delivery organizations.
Prospective MSS customers should validate HP's coverage and monitor ongoing support when
MSS engagement includes security technologies from HP's competitors.
IBM
IBM is headquartered in New York, with MSS offices in Atlanta and other geographies. MSSs and a
full range of security consulting and integration services are available as stand-alone services, and
as components of larger infrastructure outsourcing contracts. IBM uses self-developed technology
for data collection, correlation, log query and reporting, and ticketing/workflow. Log management is
offered as a hosted service, and with premises-based IBM QRadar and other SIEM technologies.
IBM has four North American SOCs, two in Europe, two in Asia/Pacific and two more in other
regions. IBM's advanced analytics and targeted attack detection capabilities are embedded in its
MSS and hosted SIEM offerings, and they are supported by IBM technology and third-party
technology deployed by customers. Enterprises with global service delivery requirements, and
those with strategic relationships with IBM, should consider IBM for MSSs.
Strengths
Gartner customers often include IBM in competitive MSS evaluations, and IBM has high visibility
in North American, Asia/Pacific and European markets.
IBM's MSS capabilities include support for customer-deployed SIEM (from IBM and other
vendors) that is integrated into its standard MSS offerings.
IBM is a large, stable provider of security and IT services and products, and it has global
delivery capabilities.
Cautions
Gartner customers report overall improvements and lingering challenges for IBM MSSs in sales,
deployment and customer care.
Although IBM's MSS supports multiple security technologies — including many from IBM's
competitors in the IPS and SIEM markets — MSS customers should monitor planned and actual
MSS support for the security technologies deployed in their environments.
NTT
NTT, which is based in Tokyo, and with London and New York offices, acquired Solutionary in 2013,
adding to prior acquisitions of MSS capabilities in the NTT companies (such as NTT Com Security —
10/27/2014 Magic Quadrant for Global MSSPs
http://www.gartner.com/technology/reprints.do?id=1-1TEY8UZ&ct=140424&st=sb 5/19
formerly Integralis — and Dimension Data's earthwave). NTT is included in this Magic Quadrant on
the basis of the combined offerings and scale of the various MSS entities, which it is in the process
of rationalizing. NTT uses a variety of self-developed and commercial technologies to support MSS
delivery across the three organizations. There are multiple SOCs in Asia/Pacific, Europe and North
America. Targeted attack protection is embedded in the MSS offering of each delivery group, and it
differs among the groups, although cross-group data sharing for threat information is now being
done. NTT customers and enterprises seeking a large global service provider with specific regional
strengths should consider NTT for MSSs.
Strengths
Individual NTT MSS groups get good feedback from Gartner customers regarding MSS delivery.
Across the NTT MSS offerings, the capabilities of NTT Com Security, Solutionary, Dimension
Data's earthwave and NTT Data are well-known in Europe, North America, the Middle
East/Africa and Asia/Pacific, respectively, and they appear in MSS deals in those regions.
NTT has a global presence as well as a broad range of security service offerings and delivery
options, in addition to broader telecommunications and IT infrastructure service offerings.
Cautions
MSS operations across the regions are not yet fully integrated. Current MSS customers must
monitor NTT's plans to rationalize its MSS delivery capabilities to ensure that any changes
result in equal or better service delivery levels and options.
Potential MSS buyers should get binding assurances from NTT regarding the capabilities they
will receive globally and within regions to ensure that NTT's current and planned MSS
capabilities will meet customers' region-specific and global requirements.
Orange Business Services
Headquartered in Paris, with offices in Atlanta and Singapore, Orange offers a broad range of
telecommunications and cloud-based IT infrastructure services, security consulting and integration
services, and MSSs. Orange MSSs are based on commercial SIEM technology for data collection,
correlation and analysis, reporting, and log management, with self-developed technology for
workflow. Three MSS SOCs are located in Europe, two in Asia/Pacific, one in North America and two
in the Middle East/Africa regions. Advanced threat detection is provided by proprietary technologies
as well as by commercial SIEM and network security products, with additional capabilities planned
for 2014. Orange service customers and organizations seeking a large, global and stable Europe-
focused and Asia/Pacific-focused MSS provider (MSSP) should consider Orange.
Strengths
Orange offers a broad range of network and IT services that can be bundled with MSSs.
Orange is a large, stable service provider with long-standing MSS and security consulting
experience.
Cautions
Orange has lagged several MSS competitors in the introduction of advanced attack detection
and analytics offerings.
Orange rarely appears on Gartner customer shortlists for MSS procurement, and in North
America, Orange has very limited market visibility.
MSS customers in North America often express a preference for a SOC in-region. Although
Orange has a North American SOC, it is not staffed 24/7.
Symantec
Symantec is headquartered in Mountain View, California, with MSS offices in Virginia, Singapore and
Reading, U.K. Symantec offerings include security monitoring, security intelligence, messaging
security services and a range of security products. Symantec's MSS architecture is based on self-
developed technology for event and log collection, with a combination of self-developed and
commercial technology for correlation, analytics and reporting. Ticketing/workflow and device
management are based on commercial technology. Log query and browsing are enabled via self-
developed technology. Symantec has one SOC in the U.S., one in the U.K. and two in Asia/Pacific,
plus a new SOC in Japan. Log management services are delivered via Symantec log collection
platform, are stored in Symantec SOCs and are available to customers via the MSS portal. A distinct
service level offers advanced attack detection analytics. Enterprises seeking an established MSSP
should consider using Symantec.
Strengths
Symantec has strong visibility in the MSS market. Gartner customers very often consider
Symantec's MSS offerings in competitive evaluations.
Symantec's Gartner customers generally offer positive reviews of Symantec's MSS delivery, and
of the quality of their interactions with Symantec's SOC analysts.
MSS customers indicate that the DeepSight threat feeds and intelligence reports are
differentiators of Symantec's services.
Cautions
Prospective buyers should evaluate Symantec's optional enterprisewide pricing with realistic
assumptions of the number of monitoring/log sources they can expect to incorporate into the
scope of MSSs. Customer delays in bringing event sources into coverage will result in buyers
paying for coverage that they are unable to receive.
Symantec is rebuilding its security consulting capability. Prospective MSS customers should
carefully evaluate whether Symantec's security consulting services will meet their needs, and
whether they must engage with partner-led security services for service initiation and for
ongoing project work throughout the course of the MSS relationship.
Trustwave
Trustwave is based in Chicago, with offices in London and Sydney. Trustwave has several security
10/27/2014 Magic Quadrant for Global MSSPs
http://www.gartner.com/technology/reprints.do?id=1-1TEY8UZ&ct=140424&st=sb 6/19
technologies — including SIEM, unified threat management (UTM), network access control,
application security, Web application firewall (WAF) and Web security — and builds MSSs around
those as well as third-party products. MSSs are based on Trustwave's SIEM technology for data
collection, correlation, alerting and workflow. Security intelligence capabilities are provided by the
Trustwave SpiderLabs group. Trustwave has three U.S.-based SOCs, one in Europe and one in
Asia/Pacific. Targeted attack detection and advanced analytics capabilities are standard
components of Trustwave MSSs, and they are delivered via three Trustwave activities: network
monitoring, endpoint monitoring and managed WAF. Companies in the retail, healthcare and
banking vertical industries — and others that are subject to PCI compliance — should consider
Trustwave for MSSs.
Strengths
Trustwave has an extensive portfolio of security products and associated managed services
that can be packaged as subscription-based solutions for customers with limited capital
budgets and security resources.
Trustwave remains a well-recognized provider of services and technologies to support PCI
Data Security Standard (DSS) compliance.
The Trustwave MSS portal provides extensive language support.
Cautions
Current customers and potential MSS buyers should continue to monitor Trustwave's ability to
meet delivery and road map commitments as it navigates a possible initial public offering.
Potential MSS customers should evaluate whether the split of compliance reporting capabilities
between the MSS portal and the log management portal meets their operational
requirements.
The Trustwave MSS portal lags several competitors' portals in providing correlation of user
activities with infrastructure events.
Except for PCI monitoring engagements, Trustwave very rarely appears in MSS deals among
Gartner customers.
Verizon
Verizon is headquartered in Basking Ridge, New Jersey, with offices throughout the U.S., Europe,
Latin America and Asia. Verizon offers MSSs and security consulting, as well as a broad range of
telecommunications and infrastructure services. Verizon's MSS architecture is based on self-
developed technologies for event collection, correlation and alerting, with commercial technologies
for reporting and workflow. Log management services are based on a combination of self-
developed and commercial technologies. Two SOCs are located in the U.S., two in Europe and two
in Asia/Pacific. Verizon's Research, Investigations, Solutions, Knowledge (RISK) Team provides
threat intelligence and malware detection signatures that support MSSs, and Verizon's breach
response services inform MSS monitoring efforts. Targeted threat detection services are
incorporated into the standard MSS delivery. They are based on commercial technologies, on
Verizon's self-developed correlation and threat intelligence capabilities, and on network monitoring.
A distinct advanced analytics service is available in the U.S. to governments and enterprises facing
specific targeted threats. Enterprises should consider Verizon if they are looking for an established
service provider that is capable of delivering a broad range of security services in multiple regions.
Strengths
Verizon's network-based capabilities enable MSS configuration that includes network-based
and premises-based controls.
Gartner customers often include Verizon in competitive MSS evaluations.
Verizon's MSS receives generally positive reviews from Gartner customers for meeting their
expectations for security expertise, and for effective security monitoring and alerting.
Customers also indicate that Verizon's security expertise is a differentiator for MSSs.
Cautions
Verizon's MSS portal lacks the user activity correlation capabilities that are available from
several competitors.
Verizon's log management services currently lag those of its competitors. New capabilities are
planned for 1Q14.
Vendors Added and Dropped
We review and adjust our inclusion criteria for Magic Quadrants and MarketScopes as markets
change. As a result of these adjustments, the mix of vendors in any Magic Quadrant or
MarketScope may change over time. A vendor's appearance in a Magic Quadrant or MarketScope
one year and not the next does not necessarily indicate that we have changed our opinion of that
vendor. It may be a reflection of a change in the market and, therefore, changed evaluation criteria,
or of a change of focus by that vendor.
Added
NTT was added to this Magic Quadrant based on its acquisition of Solutionary, and on the prior
acquisitions of Integralis (now NTT Com Security) and Dimension Data's earthwave. NTT's
capabilities across these organizations meet the criteria for inclusion in the Magic Quadrant.
Orange Business Systems was added because it also meets the inclusion criteria.
Dropped
Allstream, Bell Canada, CGI, Clone Systems, Nuspire Networks and Perimeter E-Security (now
named SilverSky) were dropped from this Magic Quadrant because they do not meet the inclusion
criteria for network devices and customers monitored/managed in Europe and Asia/Pacific.
Wipro was dropped because it does not meet the inclusion criteria for customers in Asia/Pacific or
North America.
10/27/2014 Magic Quadrant for Global MSSPs
http://www.gartner.com/technology/reprints.do?id=1-1TEY8UZ&ct=140424&st=sb 7/19
HCL Technologies was dropped because it is in the process of realigning its MSS capabilities and
currently does not meet the inclusion criteria for this research.
SAIC was dropped because of its split into two companies, SAIC and Leidos, and because the MSS
business of Leidos does not meet the inclusion criteria for customers in Asia/Pacific and Europe.
Inclusion and Exclusion Criteria
This Magic Quadrant expands the coverage from MSSPs in North America to include delivery
capabilities in North America, Europe and Asia/Pacific. As a remote service, MSSs can be delivered
via network connectivity to and from any locations with sufficient connectivity, and certainly MSSPs
that have operations in one geographic region can support customers in other regions. Gartner
sees a distinct preference among customers seeking MSSs to first consider MSSPs with a presence
in their region. Among global enterprises, that includes a presence in multiple regions where the
enterprises operate, in order to provide more "local" support — and also includes the MSSP's ability
to keep some data in specific regions, provide local business hours, provide access to advanced
support, and provide local language support, among other concerns. In addition, compliance with
data residency and privacy regulations can be addressed in many cases with local operations
centers.
This Magic Quadrant includes MSSPs that have met thresholds for scale (expressed as devices
supported and customers) and presence (SOCs) in multiple regions, as well as a threshold for MSS
revenue.
The criteria include a threshold for the number of firewalls or IDP devices under monitoring or
management, and a threshold for the number of MSS customers — both distributed across multiple
regions. MSSs refer to remote management and monitoring of security technologies. Several large
infrastructure outsourcing vendors offer other service delivery options (such as staff augmentation)
in addition to MSSs, but we don't evaluate these other delivery options. Also excluded from this
analysis are service providers that offer MSSs only as a component of another service offering (such
as bandwidth or hosting), and vendors that provide MSSs only for their own technologies, not for
third-party technologies.
2013-2014 Global MSSP Magic Quadrant Inclusion Criteria
Vendors must have:
The ability to remotely monitor and/or manage firewalls, IDP devices from multiple vendors via
discrete service offerings, and shared service delivery resources
Firewalls/IDP devices under remote management or monitoring for external customers
External customers with those devices under management or monitoring
Reference accounts that are relevant to Gartner customers in the appropriate geographic
regions
A threshold of the number of customers as well as the number of firewalls and IDS/IPS devices
in multiple geographies
A threshold for MSS revenue of $20 million in 2012
A SOC presence in multiple geographic regions
Inclusion thresholds for firewalls/IDP devices under MSSs are 225 in Asia/Pacific, 1,500 in Europe,
2,250 in North America and 25 in the rest of the world (ROW), in the following possible
combinations:
Asia/Pacific + Europe
North America + ROW
Asia/Pacific + North America
Europe + North America
Inclusion thresholds for MSS clients are 45 in Asia/Pacific, 75 in Europe, 225 in North America and 10
in ROW, in the following possible combinations:
Asia/Pacific + Europe
North America + ROW
Asia/Pacific + North America
Europe + North America
2013-2014 Global MSSP Magic Quadrant Exclusion Criteria
Vendors have:
Service offerings that are available only to end users that buy other non-MSS services
Services that monitor or manage only their own technology
Services delivered by their own resources and dedicated to a single customer
Evaluation Criteria
Ability to Execute
Product or service refers to the service capabilities in areas such as event management and
alerting, information and log management, incident management, workflow, reporting, and service
levels.
Overall viability includes the organization's financial health, the financial and practical success of
the overall company, and the likelihood that the business unit will continue to invest in the MSS
offering.
10/27/2014 Magic Quadrant for Global MSSPs
http://www.gartner.com/technology/reprints.do?id=1-1TEY8UZ&ct=140424&st=sb 8/19
Sales execution/pricing includes the service provider's success in the MSSP market and its
capabilities in presales activities. This also includes MSS revenue, pricing and the overall
effectiveness of the sales channel. The level of interest from Gartner clients is also considered.
Market responsiveness/record evaluates the match of the MSS offering to the functional
requirements stated by buyers at acquisition time. It also evaluates the MSSP's track record in
delivering new functions when the market needs them.
Marketing execution is an evaluation of the service provider's ability to effectively communicate the
value and competitive differentiation of its MSS offering to its target buyer.
Customer experience is an evaluation of the service delivery to customers. The evaluation includes
ease of deployment, the quality and effectiveness of monitoring and alerting, and reporting and
problem resolution. This criterion is assessed by conducting qualitative interviews of vendor-
provided reference customers, as well as by feedback from Gartner customers that are using the
MSSP's services, or have completed competitive evaluations of the MSSP's offerings.
Operations includes the MSSP's service delivery resources, such as infrastructure, staffing and
operations reviews or certifications.
Table 1. Ability to Execute Evaluation
Criteria
Evaluation Criteria Weighting
Product or Service High
Overall Viability High
Sales Execution/Pricing Medium
Market Responsiveness/Record Medium
Marketing Execution Medium
Customer Experience High
Operations Medium
Source: Gartner (February 2014)
Completeness of Vision
Market understanding involves the MSSP's ability to understand buyers' needs and to translate
them into services. MSSPs that show the highest degree of market understanding are adapting to
customer requirements for specific functional areas and service delivery options.
Marketing strategy refers to a clear, differentiated set of messages that is consistently
communicated throughout the organization; is externalized through the website, advertising,
customer programs and positioning statements; and is tailored to the specific client drivers and
market conditions in the MSS market.
Sales strategy relates to the vendor's use of direct and indirect sales, marketing, service, and
communications affiliates to extend the scope and depth of market reach.
Offering (product) strategy is the vendor's approach to product development and delivery that
emphasizes functionality and delivery options as they map to current and emerging requirements
for MSSs. Development plans are also evaluated.
Business model includes the process and success rate for developing features, innovations and
service delivery capabilities.
Vertical/industry strategy and geographic strategy include the ability and commitment to service
geographies and vertical markets.
Innovation refers to the service provider's strategy and ability to develop new MSS capabilities and
delivery models to uniquely meet critical customer requirements.
Table 2. Completeness of Vision
Evaluation Criteria
Evaluation Criteria Weighting
Market Understanding High
Marketing Strategy Medium
Sales Strategy Medium
Offering (Product) Strategy High
Business Model Low
Vertical/Industry Strategy Medium
Innovation High
Geographic Strategy Medium
Source: Gartner (February 2014)
Quadrant Descriptions
10/27/2014 Magic Quadrant for Global MSSPs
http://www.gartner.com/technology/reprints.do?id=1-1TEY8UZ&ct=140424&st=sb 9/19
Leaders
Each of the service providers in the Leaders quadrant has significant mind share among enterprises
looking to buy an MSS as a discrete offering. These providers typically receive very positive reports
on service and performance from Gartner clients. MSSPs in the Leaders quadrant are typically
appropriate options for enterprises requiring frequent interaction with the MSSP for analyst
expertise and advice, for portal-based correlation and workflow support, and for flexible reporting
options.
Challengers
In the Challengers quadrant, Gartner customers are more likely to encounter MSSs that are offered
as components of an IT or network service provider's other telecommunications, outsourcing or
consulting services. Although an MSS is not a leading service offering for this type of vendor, it
offers a "path of least resistance" to enterprises that need an MSSP and use the vendor's main
services.
Visionaries
Companies in the Visionaries quadrant have demonstrated the ability to turn a strong focus on
managed security into high-quality service offerings for the MSS market. These service providers are
often strong contenders for enterprises that require frequent interaction with MSS analysts, flexible
service delivery options and strong customer service. MSSPs in the Visionaries quadrant have less
market coverage and fewer resources or service options compared with vendors in the Leaders
quadrant.
Niche Players
Niche Players are characterized by service offerings that are available primarily in specific market
segments, or primarily as part of other service offerings. These service providers often tailor MSS
offerings to specific requirements of the markets they serve.
Context
Prospective MSS buyers with threat management use cases should highly weight MSSPs' threat
research and security intelligence capabilities.
Current and prospective MSS users should require a proof of concept, or a demonstration of MSS
offerings for advanced analytics and big data, to validate effectiveness and value.
Current and prospective MSS users should validate MSSPs' services that are related to monitoring
or management of third-party technologies or their own technologies to address advanced attacks.
Market Overview
The MSS market is mature, and prospective customers have numerous options among MSSPs and
the types of services offered. The primary drivers for MSSs have been consistent for several years:
24/7 threat management and meeting compliance requirements. These may be complemented by
related drivers, such as the desire to redirect existing resources to other security areas, or the
need to engage deeper or broader expertise than is available in-house. An emerging driver is
support for the protection from and detection of targeted attacks through MSSP knowledge of the
external threat environment, through insight gained from monitoring events from a broad and
global customer base, through MSSP-based advanced analytics, or through MSSP monitoring of
customer-deployed next-generation protection and detection capabilities.
The 2013-2014 Magic Quadrant for Global MSSPs reflects multiregional delivery requirements, and
the MSSPs included in the evaluation meet the minimum thresholds for MSS business in two or more
regions. MSSPs with multiregional business typically have a sufficient understanding of region-
specific customer requirements, as well as sufficient service delivery capabilities that can scale to
support global service delivery. Customers with a mix of global delivery requirements and local
regulatory requirements related to, for example, data privacy, may require customized services.
MSSPs that do not meet the customer or device thresholds for inclusion in this Magic Quadrant may
still deliver high-quality services within a region, and can typically deliver in multiple regions. When
considering MSSs, Gartner customers should develop evaluation criteria that meet their specific
requirements.
Gartner expects that growing enterprise experience with cloud-based infrastructure and
applications delivered as a service, as well as accommodating the access of consumer technology to
corporate systems, will result in greater acceptance of, and reliance on, cloud-based security-as-a-
service offerings.
In 2013, the global market for security outsourcing was $12 billion, with a forecast compound
annual growth rate of 15.4% through 2017.
Growth in enterprise demand for MSSs is driven primarily by four factors:
Security staffing and budget constraints: Gartner sees continued expectations to reduce
operational costs and capital expenditures, and to avoid staffing increases related to the
monitoring and management of mature security technologies, such as IDSs and firewalls. At
the same time, increased monitoring of infrastructure logs, as well as privileged and
application user activity and next-generation technologies, requires tool and analytical
expertise that will be difficult for many organizations to supply in-house.
Evolving compliance reporting requirements: This involves the evolution of existing
compliance requirements, and of corporate governance policies that create a secondary effect
of stronger requirements for incident monitoring, identification, and response internally and
among business partners. As formal compliance regimes evolve or audit/enforcement activity
increases, organizations consider external service providers to reduce the costs of meeting
compliance requirements. PCI DSS remains an important driver; also, Gartner is starting to see
the U.S. Federal Information Security Management Act's (FISMA's) continuous monitoring
requirements become an increasing factor for U.S. government agencies, for commercial firms
that sell to the U.S. government, and for organizations funded by government grants, such as
10/27/2014 Magic Quadrant for Global MSSPs
http://www.gartner.com/technology/reprints.do?id=1-1TEY8UZ&ct=140424&st=sb 10/19
universities.
Adoption of security technologies and analytic tools focused on advanced attacks: As
enterprises gain experience with technologies to analyze networks, payloads and endpoints
for advanced attacks, they will look for opportunities to focus internal resources on prevention
and response activities, and to augment those activities with external expertise to monitor
and manage the technologies.
Increased availability and adoption of cloud-based IT services: Increasing use of cloud-
based IT services will drive security controls into those services, and will also lead to greater
acceptance and adoption of cloud-based security services for controls that are best suited for
cloud-based delivery. Gartner expects significant security outsourcing growth in areas
adjacent to MSSs, such as secure Web gateways, email security, and identity and access
management.
MSS growth can also be constrained by a few factors:
Enterprise deployment of SIEM technology to provide in-house alerting and log analysis:
MSSPs typically lack deep insight into the customer IT and business environment; thus, they
are less able to determine whether events involving users, administrators, internal
applications and data are inappropriate or unacceptable. Wherever enterprises want close
monitoring of internal activities, they may opt to do it themselves. Some organizations monitor
internal activities and also use an MSSP for external/perimeter monitoring. Such an
arrangement still constrains the growth of MSSs in those organizations.
Core competency: Organizations that provide security technology or services, or position their
technology or services as secure, are likely to forgo outsourced security monitoring. Where
security is a value proposition and a core competence, outsourcing security may not be an
effective option.
Change in strategy to reduce outsourcing: At the enterprise level or within the security
organization, a change in strategy regarding the use of external services can mean that MSSs
are not considered effective options.
MSS Portfolio
The services that are core to MSS offerings involve the monitoring of perimeter network security
technologies:
Firewalls
IDSs/IPSs
Multifunction firewalls/UTM services
Next-generation firewalls
WAFs
In addition to monitoring, many MSSPs have management services for those technologies. It is
increasingly common for MSSPs to also provide monitoring and log collection from IT infrastructure
such as servers, user directories and applications.
Among organizations that have deployed SIEM technology, Gartner sees increasing interest for
services to monitor or run the SIEM. Several MSSPs have offerings to support customer-deployed
SIEM.
MSSPs may also provide cloud or SaaS-based services, including:
DDoS protection
Email security
Web filtering
Vulnerability scanning
Network-based firewall/IDP
MSSPs offer cloud services directly or via partnerships with other service providers. The degree of
integration of partner-delivered services with MSSP services varies from little more than purchasing
convenience to integration of partner data and management functionality into the MSSP's portal.
Deeper integration can provide operational and vendor management advantages, but may reduce
the ability to "swap out" one cloud-based service for another.
Buyers should take into consideration the degree of integration of any partner-delivered services
with the MSSP's offering, as well as the potential for affecting training, operational efficiency and
end-of-contract switching costs.
Threat Intelligence and Advanced Analytics
Several MSSPs have created research groups to improve their understanding of the threat
landscape — that is, the identities, motives, targets and techniques of attackers. MSSPs use their
findings to support their security operations analysts; they may also provide customers with
subscription-based access to this research, or offer customers project-based access to the group
for analysis/reverse engineering of malware. Potential customers of threat intelligence feeds from
MSSPs should require proof-of-concept access to evaluate the relevance of the information, as well
as their ability to consume and act on it.
Many MSSPs claim capabilities to assist their customers in addressing advanced targeted attacks.
These capabilities may be visible as discrete service offerings or options, or as features embedded
in existing offerings. They may include, for example:
Correlation of alerts with IP reputation or known bad addresses
Comparison of alerts, activity patterns or state (such as device configuration, registry and so
on) to those of known attacks
Analysis of activity patterns (across an MSS customer base as well as within the customer
10/27/2014 Magic Quadrant for Global MSSPs
http://www.gartner.com/technology/reprints.do?id=1-1TEY8UZ&ct=140424&st=sb 11/19
environment) to identify outliers, exceptions or deviations from baselines
These offerings are now primarily based on the security events monitored by the MSSPs; however,
we expect that several MSSPs will introduce distinct service offerings to acquire, retain and analyze
large volumes of customer data — so called "security big data" — from IT infrastructure and other
sources. Gartner recommends that customers require a limited pilot or proof of concept to identify
specific areas where relevant, actionable intelligence results from the collection and analysis of the
data, and to identify the service levels required. Based on feedback from Gartner customers, early
adopters should plan for the inclusion of relevant domain experts who are typically outside the
security group, such as line-of-business owners and application owners.
Most MSSPs also offer incident response capabilities to assist customers with investigation and
remediation activities in the event of a breach. These services are typically available on a consulting
basis. Prospective customers should confirm with MSS candidates how much response support is
available within the context of the standard monitoring services, and when a consulting
engagement is required. If the MSSP offers packaged or prepaid hours for incident response
activities, then customers should ensure that those hours are available for other security services if
they are not needed for incident response.
Pricing Models
The typical pricing model for MSSs is based on the type and size of the security technology to be
monitored for customer-premises-equipment-based devices, or on the bandwidth or number of
users/endpoints for network-based controls. Log collection is typically priced by the number and
types of sources, or on events per time period (device count pricing includes implicit expectations of
event volumes). There is typically a clear distinction between technology that is monitored in real
time, and subject to alerting service-level agreements (SLAs), and technology that is not — that is,
where logs are collected and subject to reporting or querying, but not to real-time correlation and
analyst review. Device management pricing is typically based on the number of configuration
changes to be performed within a period of time.
During 2014, Gartner expects the trend for common services, such as firewall and IDP monitoring
and management, to decline slightly. Price pressure is coming from new sources for these services,
such as from the technology providers themselves, from other MSSPs and from continued corporate
efforts to reduce IT budgets. In response, MSSPs have introduced new services to monitor and
manage advanced threat detection technologies. MSSPs will continue trying to expand the number
of devices and data sources to monitor, and will differentiate monitoring based on the availability of
additional external intelligence feeds and analysis (such as reputation data, blacklists, behavioral
data and cross-customer activity) that can be correlated with data from customers' monitored
devices.
MSSP Landscape
The basic makeup of the MSSP vendor space has not changed fundamentally. There are three major
types of MSSPs:
Pure plays: These are generally smaller, privately held MSSPs that are completely focused on
security services. As seen in 2013, pure-play MSSPs will continue to be acquired by larger
service or IT infrastructure firms that seek to provide MSSs. New pure-play security service
providers often focus on specific vertical markets or regulatory requirements, or on specific
analytic services (such as user activity) or advanced threat detection technologies.
System integrators/business process outsourcers: These are broad IT service providers that
typically manage security devices as part of larger outsourcing deals. Where the integrator or
outsourcer acquired a pure-play MSSP and maintained a discrete MSS delivery capability, these
providers often compete for MSS-only deals.
Carriers and network service providers: These are bandwidth and connectivity providers
that manage network security products. They often provide remote monitoring, premises-
based technologies and cloud-based services through their Internet connections.
This Magic Quadrant reflects the requirements of customers that seek MSSPs with a global
presence and global delivery capabilities. The vendors that meet those requirements fall into the
latter two types of MSSPs.
In general, the MSS portfolios of these providers look broadly similar. Customer satisfaction with
services can be strongly related to customer expectations. Customers occasionally report
dissatisfaction related to objectively poor performance, including missed SLAs. However, it is more
common for dissatisfied customers to express disappointment related to subjective criteria that may
never have been made explicit to prospective providers, or to the MSSP selected.
Gartner customers using MSSPs express differing expectations regarding their type of relationship
with MSSPs. Expectations may range from frequent interactions and knowledge sharing among the
customer security staff and MSSP staff, to almost no interactions beyond the provision of periodic
reports of monitoring activity. Gartner recommends that prospective MSS buyers develop explicit
requirements for service delivery. MSSPs' responses to these requirements (including via
demonstrations, proofs of concept and the like) will enable customers to discern distinct differences
among the MSSPs.
Buyers should define expectations for the degree and quality of interaction with the MSSP's SOC
analysts, the features of the MSSP's portal that will support the customer's use cases, reporting for
operational and management reporting, the depth of threat and security intelligence offerings,
support for specific compliance requirements, and the MSSP's professional services capabilities.
Prospective buyers that evaluate MSSPs within the context of specific requirements will find that the
providers that best fit those requirements may come from any segment of the Magic Quadrant.
Not included in this Magic Quadrant analysis are smaller, regional or subregional providers, which
can include small pure plays and larger providers that do not have enough MSS business in multiple
regions to meet the inclusion criteria. Also excluded from this analysis are service providers that
provide MSSs only for their own technology, and that do not deliver services for commercial
technology.
10/27/2014 Magic Quadrant for Global MSSPs
http://www.gartner.com/technology/reprints.do?id=1-1TEY8UZ&ct=140424&st=sb 12/19
Asia-Pacific Context
02 July 2014
Analyst(s): Craig Lawson, Andrew Walls
The adoption of managed security services in Asia/Pacific continues to grow, with most global
vendors in the 2014 MSSP Magic Quadrant facing strong competition from regional MSSPs. Depth
and breadth of services and language support vary widely, giving clients choice from many services
and prices.
Market Differentiators
This document was revised on 2 September 2014. The document you are viewing is the
corrected version. For more information, see the Corrections page on gartner.com.
The managed security service (MSS) market is estimated to be $13.8 billion globally and $3.6 billion
for Asia/Pacific in 2014, which is 26% of the global market. As a result, this particular service offering
is one of the more heavily contested IT services in the market today. Depth and breadth of services,
along with country and language support, vary widely within the large Asia/Pacific (APAC) region,
giving clients a range of services and prices from which to choose.
The APAC region is highly diverse in terms of geography, culture and economics. This diversity has
led to considerable opportunities for regional MSS providers (MSSPs) that have invested in
coverage and offerings leveraging these variables to differentiate their services. Global MSSPs
based outside of APAC are using their scale and brand awareness to compete in this market off the
backs of existing global clients that have an APAC presence. As a result, an increasing number of
both regional and global providers are continuing to develop and invest in the MSSP market in
APAC.
Due to the increasing importance of enterprise information security to businesses, Gartner
anticipates a steady growth and continuing maturity of the MSS market in APAC.
At a high level, there are two "classes" of MSSPs in the context of this report:
MSSPs with a primarily APAC-focused staff and client base
Global MSSPs targeting the APAC market, but with a small base of existing local customers
Considerations for Technology and Service Selection
Clients in Asia/Pacific continue to express a preference for providers with a security operations
center (SOC) and "feet on the street" in the region. This preference has aided the growth of local
providers with a more tailored approach that takes into account regional nuances. In response,
multinational providers have invested in the region — building SOCs and acquiring personnel —
which is diluting geography as a competitive differentiator. Migrating from internal management of
security infrastructure to an MSSP model is a complex process. The hurdles encountered often have
nothing to do with technology, but much to do with industry vertical considerations (for example,
data sovereignty perceptions and legislative mandates), IT organization preferences, and internal
social or political issues.
Gartner clients indicate that they choose MSSP providers, based on a combination of general
requirements, and are influenced by local presence. In particular, APAC clients are focusing on the
following:
SOC location within APAC
SOC staffing levels with in-region availability
Vendor market perception and sales visibility in APAC
Existing relationship with the vendor
Customer service within local time zones
Ability to deliver ancillary services with qualified local personnel
Notable Vendors
Vendors included in this Magic Quadrant Perspective have customers that are successfully using
their products and services. Selections are based on analyst opinion and references that validate IT
provider claims; however, this is not an exhaustive list or analysis of vendors in this market. Use
this perspective as a resource for evaluations, but explore the market further to gauge the ability of
each vendor to address your unique business problems and technical concerns. Consider this
research as part of your due diligence and in conjunction with discussions with Gartner analysts
and other resources.
AT&T
AT&T has a smaller MSSP presence in APAC, compared with its market share in Europe and the U.S.
The majority of AT&T's devices under management are with multinational corporations
headquartered outside of the region and needing consistent MSSP delivery and a single-vendor
relationship. AT&T also leverages its overall range of telecommunications services, such as voice,
video, data, ISP and distributed denial of service (DDoS), where MSSP is but one option in its
portfolio for a client to consider.
AT&T can be considered by clients that are already using its carrier and other services, or have a
large distributed office network globally or in APAC.
AT&T has eight SOCs: three in the U.S., one in Malaysia, two in India, one in South America, and
one in Eastern Europe. In total, AT&T has 2,000 employees in SOC engineering, sales and other
roles globally.
10/27/2014 Magic Quadrant for Global MSSPs
http://www.gartner.com/technology/reprints.do?id=1-1TEY8UZ&ct=140424&st=sb 13/19
BT Assure
BT takes its MSS to market with the name "BT Assure." It has an APAC footprint via its two
dedicated SOCs, two customer-specific SOCs and its regionally focused specialist sales staff. BT's
local offerings include monitoring and management of on-premises devices, as well as network
controls as part of larger telecommunications and service offerings. BT is increasing its security
business unit sales and presales teams to provide better coverage in the region. BT's APAC
footprint lags behind that of EMEA and the U.S.
It has also invested in a heavily customized back-end "data pond" that is based on Hadoop. This
allows for its attractive client portal to be an effective tool for end users. Additionally, it enables BT
security analysts to develop sophisticated correlation rules that can operate over significant
datasets.
BT Assure can be considered by large and smaller organizations alike due to its experience as an
MSSP and the ease of use of its client portal.
BT Assure has four SOCs: one in Australia, one in Singapore and two in India. In total, BT has 235
employees in SOC engineering, sales and other roles in APAC.
Dell SecureWorks
Dell SecureWorks has continued to show growth in its global MSSP business and services offered
since its acquisition in 2011. Dell's acquisitions of SecureWorks and SonicWALL clearly show its
intention to compete and win share in the security market. SecureWorks offers a large range of
MSSP and complementary specialist security services centered around intelligence, consulting,
compliance and incident response.
A majority of its back end is based on internally developed technology for log and alert collection,
correlation and analysis. On-premises-based log retention and reporting are delivered via
commercial technology. SecureWorks has not had the same levels of market penetration in the
APAC geography that it has seen with its U.S. and European operations, to date. This is likely due
to less brand recognition, lack of a specific APAC focus, and strong competition from other global
and regional MSSPs.
Dell SecureWorks should be considered by global organizations with a footprint in APAC and by
organizations that value expertise in threat research and intelligence.
Dell SecureWorks has nine SOCs in the U.S., Scotland, Romania, India and Mexico. In total, Dell
SecureWorks has 240 employees in SOC engineering, sales and other roles in APAC.
e-Cop
e-Cop is headquartered in Singapore with other regional offices. It has a leading amount of SOCs
and other processing facilities in the APAC, dwarfing the footprint of the majority of global MSSPs
that operate in the APAC geography. e-Cop's ability to deliver SOCs in multiple countries has made
it an attractive alternative for clients such as regional governments and finance and health verticals,
where local staff and data sovereignty are both perceived and legislative imperatives for clients. Its
clients have historically been loyal and consistently rate e-Cop's services as good to excellent (see
"MarketScope for Managed Security Services in Asia/Pacific, 2012").
Due to its extensive geographical coverage, range of security services and competitive pricing, e-
Cop should be considered for any APAC-centered midsize enterprise.
e-Cop has eight SOCs in Singapore, Malaysia, Hong Kong, Thailand and India. In total, e-Cop has
more than 200 employees in SOC engineering, sales and other roles in APAC.
HCL
Headquartered in India, HCL offers a large range of MSS offerings and a broad range of IT
consulting, system integration and outsourcing services. HCL has expanded its customer portfolio
outside of its historical client base in India. However, based on a recent inquiry, few end-user
organizations in Southeast Asia or Australia indicate they include HCL on their shortlists for MSS.
The company has sales personnel throughout APAC and is now in 31 countries with over 90,000
employees. Previous client reviews of HCL are generally good.
HCL should be considered by APAC-centric businesses, large and small, with a broad range of
consulting and infrastructure management requirements, including risk and security management.
HCL did not provide details on SOC locations and staffing for this research.
HP
HP is a large provider of a broad range of security consulting and traditional and on-premises-based
MSS offerings. HP continues to build out a pure-play MSS as well as a large enterprise outsourcing
business that can both manage and monitor security technology. The HP MSS is growing but should
not be confused with its outsourcing business. HP MSS is part of the HP Enterprise Security practice
and leverages specialized security personnel for regional go-to-market execution.
HP has good APAC coverage, in addition to a new SOC opening in Sydney, Australia, and an
attractive client portal. HP should be considered by large organizations that seek a mix of
infrastructure, outsourcing and software, and need a sizable strategic IT partner.
HP has eight SOCs globally, and is in three APAC locations in Australia, Malaysia and India. HP did
not disclose its MSS APAC staffing levels.
IBM
IBM acquired, via Internet Security Systems (ISS), a market-leading APAC MSSP business. It offers a
full range of MSSP services, along with extensive consulting and integration services that can be
consumed as stand-alone or as part of a larger outsourcing arrangement. IBM uses internally
10/27/2014 Magic Quadrant for Global MSSPs
http://www.gartner.com/technology/reprints.do?id=1-1TEY8UZ&ct=140424&st=sb 14/19
developed technology for data collection, correlation, log query and reporting. The Q1 Labs
acquisition further extends IBM's ability to provide on-premises security information and event
management (SIEM), as well as its traditional hosted log management solution.
IBM should be considered for its MSSP services where the enterprise has global service delivery
requirements; large outsourcing deals; strategic relationships with IBM; and finally, a preference for
APAC-located SOC delivery capabilities.
IBM has three SOCs in Australia, Japan and India. IBM did not disclose its MSS APAC staffing levels.
Network Box
Network Box is a Hong Kong-headquartered MSSP that operates a franchise business model. The
company licenses independently owned and operated SOCs that are primarily based in APAC, and
has a significant number of customers and devices under management. Network Box takes a
vertically integrated approach featuring patented push technology. It provides a standardized
hardware or virtual appliance, and develops and controls software and services to deliver its MSS
offering without using third-party security technology, with the exception being an OEM
arrangement with Kaspersky Lab for malware detection. This is a relatively unique approach in the
MSSP market — a franchise model that implements a vertically integrated offering. It does not offer
a broad range of managed security services, however — for example, no log management and
limited vulnerability assessment are available. Network Box is primarily focused on managing its
own technology at this time. In addition, customers that need unified monitoring across franchised
SOCs will receive that service via event forwarding to and problem management from the Hong
Kong SOC.
Network Box can be considered by small to midsize enterprises throughout APAC where having
branded security appliances is not a primary buying factor, and where the enterprise is looking to
address gateway network security as the MSS use case.
Network Box owns and operates the primary SOCs in Hong Kong, and franchise licensees own and
operate 16 SOCs in the U.S., the U.K., Germany, Dubai, Thailand, Taiwan, China, Singapore, South
Korea, Japan, Malaysia, Indonesia, Australia and New Zealand. There are also unstaffed processing
locations in the same geographies. In total, Network Box directly employs 60 people in SOC
engineering, sales and other roles in Hong Kong. Franchisees staff their own SOCs.
NTT
NTT has, through acquisitions, three MSSP businesses servicing APAC: Integralis (now called NTT
Com Security), Solutionary and earthwave (via Dimension Data, itself an acquisition of NTT). All
three of these MSSP acquisitions were well-regarded and competitive in their own right in different
geographies. NTT now has three MSSP "brands" all offering the same "service" in the APAC market.
Individually, all three are credible MSSPs with sizable numbers of clients and devices under
management. At this time, they are separate MSS offerings that will be merged partially (MSS back-
end processing, for example) or fully at some point in the future.
Clients with a majority of offices in the U.S. looking for APAC MSS coverage should consider NTT's
U.S. offering (Solutionary). Meanwhile, clients that are based primarily in Europe with APAC
branches or have a Japan-specific footprint should consider NTT Com Security (formerly Integralis).
All other APAC-centric clients should focus on Dimension Data, as this is the largest of NTT's security
practices in the region. Dimension Data's client portal is currently a leader in the APAC market. It
also has a significant system integration business covering consulting, cloud, integration,
outsourcing and maintenance that is leveraged to cross-sell its well-regarded MSSP service.
NTT has nine SOCs in Australia, New Zealand, Singapore, Malaysia, India and Japan — and seven
unstaffed processing locations in Japan, Hong Kong, Singapore, Thailand, Malaysia and Australia. In
total, NTT has 420 employees in SOC engineering, sales and other roles in APAC.
Paladion
Paladion is a pure-play service provider in the APAC region, headquartered from India, with
footprints in the U.S., Europe and the Middle East. Paladion offers a wide range of IT governance,
analytics, fraud management, security and compliance assessment, data protection, identity and
access management (IAM), and cloud and mobile security services, in addition to its MSSP offering.
With three SOCs in the region, it also offers the ability to build SOCs for clients, as well as deliver
traditional MSSP offerings. Historically, Paladion customers have rated its services as good to
excellent, and it is a steadily growing business unit within Paladion, growing at double digits.
For organizations that have a large footprint in India and stretch out into APAC, Paladion can offer a
range of services at very competitive price points.
Paladion has four SOCs: two in India, one in Malaysia and one in Vietnam. It also has two unstaffed
processing locations in the U.S. and United Arab Emirates. In total, Paladion has 295 employees in
SOC engineering, sales and other roles in APAC.
Symantec
Symantec has local APAC language availability, a visually attractive client portal, mature staffing and
training models, and a global reach.
Some APAC clients may find this offering suboptimal, because all data resides in the U.S., and some
technology management capabilities like firewalls are being depreciated in favor of analytics. While
its APAC business is growing, there is a delta in the size of Symantec's devices under management
in North America versus APAC that is behind the market average.
Symantec appears regularly on shortlists and can be considered by large APAC organizations or
global organizations with a footprint in APAC. Symantec has three SOCs in India, Australia and
Japan. In total, Symantec has 395 employees in SOC engineering, sales and other roles in APAC.
10/27/2014 Magic Quadrant for Global MSSPs
http://www.gartner.com/technology/reprints.do?id=1-1TEY8UZ&ct=140424&st=sb 15/19
Tata Communications
Tata Communications is a large telecommunications provider that is headquartered out of India,
has a global presence and offers a good range of services in the market. These include on-premises
DDoS, proxy, clean pipe, secure extranet, authentication, SIEM, next-generation firewall (NGFW),
unified threat management (UTM), intrusion prevention system (IPS), Web application firewall (WAF)
and data loss prevention (DLP). While its MSS is a direct offering, it is also taken to market as an
adjunct to its primary offerings around hosting, data and voice products.
Tata Communications is rarely seen on Gartner shortlists outside of India, and competitors also
infrequently list Tata Communications as a competitor. At this time, its primary client base is APAC
only. It offers a competitive range of services that includes some cloud coverage for virtual firewalls
or UTM, and a competitive and useful client access portal. Its MSS is also supplemented by
professional security services.
Tata Communications can be considered by clients who have an existing relationship with Tata
Communications, are headquartered in India with an APAC focus, or have price sensitivity as a
primary driver in their MSS requirements.
Tata Communications has two staffed SOCs: India and Singapore. It also has four unstaffed
processing locations in India, Hong Kong and Singapore. In total, Tata Communications has 40
employees in SOC engineering, sales and other roles in APAC.
Telstra
Telstra is Australia's largest telecommunications provider that offers a large number of adjacent
services to its core offerings, including MSS. It previously had a partnership with IBM to deliver some
MSS and is now slowly transitioning these clients over to its own internal business unit. It also
offers consulting services to complement its offerings.
Being the largest telecommunications provider in Australia, it also has a strong DDoS offering, which
complements its strength as an ISP. Compared with other APAC-centric MSSPs, Telstra has a
credible number of clients and devices under management — however, its clients are almost
exclusively within the Australian market. Telstra has also announced its intention to expand
throughout the region, including its security practice, of which MSS is a part.
Telstra should primarily be considered for Australia-centric businesses that are using Telstra's
services already, or for businesses that are primarily based in Australia.
Telstra does not regularly appear on shortlists of Gartner's APAC clients. Telstra has two SOCs in
Australia. In total, Telstra has 395 employees in SOC engineering, sales and other roles in APAC.
Verizon
Verizon's APAC business does not have the same level of penetration as its U.S. and EMEA
operations have achieved. It offers the capability to support management of on-premises SIEM, as
well as traditional MSSP "off-premises" management via a very functional client Web portal. Verizon
has a respected research and investigation team that complements its MSSP operation. Clients
benefit from this by receiving Verizon threat intelligence data. Additionally, Verizon can offer DDoS
services to its ISP clients.
Organizations that require global coverage, a range of MSS offerings and strong specialist security
services like incident response should consider Verizon. In addition to four security processing
locations in North America and Europe, Verizon has one SOC in APAC located in Canberra, Australia.
In total, Verizon has more than 500 employees in SOC engineering, sales and other roles in APAC.
Wipro
Wipro delivers a broad range of IT services around the globe. Its APAC MSSP client base and
number of devices under management, while substantial, are smaller than its client bases in the
U.S. and EMEA, respectively. Customers have rated Wipro's services as very good. Wipro regularly
appears on shortlists throughout the region, especially in the Indian subcontinent. Wipro's strength
in system integration and consulting has produced a sound project-managed onboarding process.
An ideal client for Wipro is an organization that requires a broad range of consulting, system
integration and project management services either in a single country or throughout larger
geographies.
Wipro has eight SOCs: two in the U.S., one in Europe, four in India and one in Malaysia. It also has
five unstaffed processing locations in Germany, and two each in the U.S. and India. In total, Wipro
has 500 employees in SOC engineering, sales and other roles in APAC.
Note: This perspective was added to this Magic Quadrant on 25 July 2014 as a planned enhancement to
the reading experience. The perspective was originally published on 2 July 2014 as a separate document.
This content contains no new information from when it was originally published.
Europe Context
22 July 2014
Analyst(s): Carsten Casper, Oliver Rochford
National champions, niche players and regional operations of global providers characterize the
European market. The ability to fulfill local data residency requirements is the main factor that
differentiates them.
Market Differentiators
The managed security service (MSS) market in Europe is stable, but complex. Different types of
10/27/2014 Magic Quadrant for Global MSSPs
http://www.gartner.com/technology/reprints.do?id=1-1TEY8UZ&ct=140424&st=sb 16/19
providers compete, and are often compared against one another on customer shortlists:
Global providers emphasize their broad geographic reach, which sometimes encompasses
merely several countries rather than the globe, and their footprint in Europe varies.
In the largest countries — Germany, France, the U.K. and Spain — providers that dominate the
telecommunications market also push their security service offerings. This is most successful
for network-based services.
Some markets — in particular, Germany — consist of a large number of midsize companies in
sectors like manufacturing. Although many of them are world leaders in their particular
markets, they are still often run as private or even family businesses where trust, long-term
commitment and established relationships are important. This nourishes an ecosystem of IT
vendors and providers, including providers of MSS.
A few providers have carved out a niche with a particular type of security service — mostly
around vulnerability scanning, penetration testing, threat intelligence and forensics — and
offer this service across multiple European countries.
Recent and ongoing headlines about the U.S. National Security Agency and the potential use of
governmental investigational powers under the USA Patriot Act have reinforced the data protection
concerns of European MSS clients. These concerns tend to inhibit adoption among customers
considering MSS offerings from U.S. companies. Even if the security information does not directly
include confidential corporate information, it is considered sensitive enough to trigger an additional
risk analysis — thus playing in favor of providers from Europe, with a detailed understanding of
European data residency requirements and with European data centers.
Considerations for Technology and Service Selection
The market for MSS in Europe is mature — in 2014, Gartner predicts a revenue growth of about
14%. However, this revenue growth comes largely from an existing client base. Most vendors in the
European market for MSS experienced only a small growth in the number of customers in 2013,
while some reported a net loss of customers.
The motivation to use an MSS provider (MSSP) and the specific functional requirements of large
European customers are not much different from those of North American customers. It's usually a
lack of internal resources, a gap in security skills, or simply the company's strategy to focus on core
business functions that drive European companies to engage an MSSP. In recent years, companies
are also concerned about their inability to address external attacks and undetected corporate
espionage, manage an ever-larger amount of security log information, and show the value of costly
security services to business management. This is reflected in the choice of security services — such
as external security monitoring, vulnerability scanning, penetration testing and threat intelligence —
in addition to the classic network security services.
Concerns about not being able to defend against corporate espionage are common in Europe but
so also is the fear that engaging a foreign provider creates additional potential for information
leakage. This has somewhat inhibited growth in Europe and driven potential customers to carefully
evaluate capabilities of providers that focus on Europe in terms of data residency, meeting privacy
requirements and complying with local government standards (see also "The Snowden Effect: Data
Location Matters").
Three major elements differentiate the market in Europe from the market in the U.S. (and to some
extent, the Asia/Pacific market):
Trust — Above and beyond functional capabilities, support for new and innovative technology,
efficient operations of currently deployed technology, and a competitive price, the relationship
with the provider is what determines the outcome of a prospective deal. This plays in favor of
providers with a local presence, small providers with an existing relationship, or established
vendors that also offer telecommunications or outsourcing services, in conjunction with
reputation and brand name.
Language — Most IT departments will be satisfied with English language portals and
operational support in English. However, creating and maintaining a trust relationship with
business stakeholders and decision makers is most effective if the provider staff can
communicate in the local language, understand regulatory concerns and address relationship
issues directly. Some European customers, especially governments or local authorities, may
even stipulate localized language support as a requirement.
Residency — Requirements vary by country and industry, and concerns raised during an RFP
do not always translate into extra spending for local storage. European customers are aware
that global threat visibility requires global data sharing. The solution is often to filter or
aggregate sensitive data in-country or on-premises. Details are explained in the descriptions
of many providers in the section below.
For additional considerations on technology and service selection, see the corresponding sections in
"Magic Quadrant for Global MSSPs."
Notable Vendors
Vendors included in this Magic Quadrant Perspective have customers that are successfully using
their products and services. Selections are based on analyst opinion and references that validate IT
provider claims; however, this is not an exhaustive list or analysis of vendors in this market. Use
this perspective as a resource for evaluations, but explore the market further to gauge the ability of
each vendor to address your unique business problems and technical concerns. Consider this
research as part of your due diligence and in conjunction with discussions with Gartner analysts
and other resources.
Gartner is aware of more than 70 providers of security services in Europe. Many of them thrive in a
particular niche, such as an industry segment, country or region, or they offer a subset of security
services:
Atos is a global provider of MSS with a strong presence in Europe, being born out of a merger
with Siemens IT Solutions and Services. It operates three global security operations centers
10/27/2014 Magic Quadrant for Global MSSPs
http://www.gartner.com/technology/reprints.do?id=1-1TEY8UZ&ct=140424&st=sb 17/19
(SOCs) in North America, Europe and Asia/Pacific, supported by more than 10 regional SOCs in
Europe. Atos offers strong security consulting and system integration services as well.
Telefónica, headquartered in Spain, offers an almost complete portfolio of security services in
Europe, with a focus on network security services and log management. It has SOCs in Spain
and in the U.K., and additional security capabilities in Germany.
T-Systems is the IT services subsidiary of Deutsche Telekom. It offers a full range of MSS from
seven shared or dedicated SOCs in Germany, Hungary and Slovakia, as well as identity and
access management (IAM), often integrated with IT services and communications services.
HCL Technologies and Wipro are India-headquartered global IT services companies that
serve the European market in multiple countries with a mix of on-site staff and offshore SOCs,
providing security services integrated with IT outsourcing.
Open Systems AG is based in Switzerland, but has international SOCs and offerings. It
provides a variety of managed services, including network device management and
monitoring, and managed IAM.
Mnemonic from Norway offers standard MSS and security monitoring, combined with threat
intelligence delivered from its own platform.
Above Security, headquartered in Canada, acquired SecureIT, a security firm based in
Switzerland. Services include incident response management, intrusion prevention, log and
event monitoring and correlation, and vulnerability assessments. Its emphasis on risk
management resonates with a business-level audience.
Unisys is a provider with customers and SOCs in all regions, including Europe, offering MSS as
well as stealth VPNs.
Accumuli Security in the U.K., formerly known as Boxing Orange, offers network security, log
management and security analytics. Other U.K. MSSPs are Caretower, ITC Secure
Networking, SecureData, BAE Systems Applied Intelligence and Khipu Networks.
MSS GmbH is an MSSP from Germany with customers in Europe and beyond. Computacenter
is active in Germany as well as in the U.K., providing IT infrastructure and security
management. Other providers from Germany are Electronic Service Center (ESC) and SSP
Europe.
Kahuna and Onsight are two providers that serve the Dutch market with managed security
services and solutions.
There are many more providers in Europe, usually with a geographic or topical focus, such as the
following groups:
MSSPs with a national focus are Sentor (Sweden), United Security Providers (Switzerland),
S2 Grupo (Spain) and the French telecommunications operator SFR Business Team.
European providers that offer MSS in conjunction with IT or communications services are Level
3 Communications, Network Box, Getronics and Steria.
Several providers offer a range of security services, often including MSS, with an industry
sector expertise that differentiates them from the rest of the market — for example, QinetiQ,
Cassidian, Thales (all defense security), Sogeti (a Capgemini subsidiary — process control
network security) and Kudelski Security (media and broadcasting security, expanding into
other industries).
The following European providers offer a specific subset of security services: Fox-IT
(Netherlands — threat detection and intelligence, and forensic response), Outpost24 (Sweden
— vulnerability management), Integrity (Portugal — persistent penetration testing called
Keep-It-Secure-24), Spamina (Spain — email security), Secucloud (Germany — cloud security
systems), Retarus (Germany — email security) and Nixu Software (Finland — vulnerability
management).
The following providers were all rated in the global MSSP Magic Quadrant. This means they also
have a substantial client base in Europe, which was part of the Magic Quadrant's inclusion criteria.
AT&T
AT&T deploys a globally consistent delivery model in North America, Europe and elsewhere,
regardless of which country the services are provided in or from. There are no regional differences
outside of legal requirements for delivery in certain countries (where AT&T subcontracts with a local
integrator to implement changes if necessary). AT&T delivers security services that are mostly
network-based, such as firewall management, intrusion detection and Web application firewalls,
although AT&T supports premises-based business as well.
BT
BT has a strong business in Europe, where two-thirds of its customers are based — typically,
enterprises. It operates eight SOCs in Europe alone, including satellite SOCs in major European
cities, staffed to varying degrees. BT covers the whole range of security services as defined in the
Magic Quadrant. The U.K. and France BT Assure Threat Monitoring instances are separate from the
U.S. or global instances for servicing customers who are subject to EMEA data protection
regulations. BT has security showcase and demonstration facilities at the BT Centre in London and
is looking for new local talent with its U.K. Cyber Security Challenge. BT provides comprehensive
MSS to U.K. government entities up to and including Business Impact Level 6 (IL6).
CSC
CSC has dozens of customers across Europe, predominantly in the U.K., Ireland and Scandinavia.
Services in Europe focus on monitoring firewalls and operating log management solutions. Its two
European SOCs are in the U.K., and one of them supports government clients.
CSC's strategy is to have a global logical SOC with multiple connected SOCs in most world regions.
Security incidents discovered anywhere in the world are immediately made available to all SOCs.
However, global threat information is carefully examined to ensure it is in compliance with
regulatory and legislative mandates before it is shared with other SOCs. This may create a local
instance that is kept only in a geography where intelligence sharing outside of that boundary is
10/27/2014 Magic Quadrant for Global MSSPs
http://www.gartner.com/technology/reprints.do?id=1-1TEY8UZ&ct=140424&st=sb 18/19
prohibited by law. For instance, IP addresses in Germany are kept in that locale.
Dell SecureWorks
Dell SecureWorks is active in all regions of Europe, including the U.K., Ireland, France, Germany,
Nordics, Benelux and the Middle East, offering a nearly complete portfolio of security services. One
of seven global SOCs is located in the U.K. Dell SecureWorks maintains a separate MSS delivery
platform in Europe for customers requiring local data storage. However, according to Dell
SecureWorks, a majority of its European customers find it acceptable to use the U.S. delivery
platform, which means its infrastructure is remotely managed with data storage in the U.S. Also, a
Hadoop cluster that stores all log results and enables fast correlation and full search is a global
capability, although it does support variations in event collection policies to support local data
privacy mandates, removing sensitive data from the log streams.
Dell SecureWorks uses a direct sales model for its primary markets; however, Dell SecureWorks
leverages its Dell counterparts and its channel partners to provide additional coverage in Europe.
HP
HP is a global provider of IT and security services with significant growth in Europe, supported by its
enterprisewide (rather than infrastructure-focused) approach to risk management. It offers a whole
range of security services, with a focus on endpoint protection, data loss prevention, vulnerability
scanning, network security devices, and security information and event management (SIEM).
HP is able to monitor and manage security infrastructure across all world regions, with global
visibility and yet a localized response. This is implemented with a two-tier SOC strategy, where
regional or sector-specific SOCs (which are operational in the U.K., Spain and Bulgaria and planned
for Germany) address areas with high regulation or compliance requirements, heavily concentrated
user demand, and high-threat areas requiring a rapid response.
IBM
IBM is a global MSSP that has strengthened its European delivery teams to meet local market
requirements. IBM has its SOC in Belgium and has now added an SOC in Poland and a partnership
in Riyadh, Saudi Arabia. It focuses on IT transformation projects, data center transformation,
mobility, data residency concerns and cloud as general acceptance for outsourcing continues to
grow. European staff members work as liaisons with the worldwide delivery and SOC teams.
In several industries such as financial services, retail and healthcare, IBM focuses on France,
Germany, Italy and the U.K. The MSS customer portal is fully localized in French, German, Italian,
Portuguese and Spanish. In Europe, IBM has long-standing partnerships with BT and Sita. In terms
of number of customers, EMEA is the third-most-important region for IBM.
NTT
As part of NTT, which also includes Dimension Data and Solutionary, NTT Com Security is a global
provider of MSS under its WideAngle brand and is the largest of NTT's security practices in the
European region. NTT Com Security was formed from a number of Europe-based acquisitions in
recent years, including Integralis and Secode, and operates SOCs in Norway, Sweden, the U.K. and
Germany, with a specific European customer focus on the U.K., Ireland, German-speaking countries,
Nordics and France.
The portfolio in Europe includes managed and professional services for firewalls, unified threat
management (UTM) and network intrusion prevention — as well as endpoint protection, SIEM and
log management, Web and message gateways, and vulnerability scanning. Data is stored in
regional data centers, which are multitenanted. Data is captured on-site and is then centralized for
customer and engineer reporting and management.
Orange Business Services
Orange Business Services (OBS) is a large MSSP in Europe, based on the number of customers and
revenue. In France, the number of midsize and small business customers is slightly higher than in
the rest of Europe. It delivers security services on firewalls, intrusion prevention systems,
multifunction security devices and secure Web gateways, as well as SIEM and log management.
The customer portal is available in English and French. In France, OBS pioneered a new type of
security and privacy service. Anonymization as a service (called Flux Vision) enables the use and
analysis of large amounts of sensitive telecommunications data in compliance with strict local
privacy regulations.
OBS emphasizes its CyberSOC and analytics capacity in Western Europe. Many customers request
to store data (logs and events) in one of the three European data centers, even for non-European
clients. This helps win business against U.S.-based providers. As an incumbent telecommunications
company, OBS is also well-positioned to deliver services in compliance with local regulations on
critical infrastructure protection.
Symantec
Symantec is a global MSSP that combines global visibility with attention to regional differences.
Device, application and log data is aggregated, analyzed and stored within the North American data
center. The SOC in India serves as a global resource, supporting all regional SOCs outside regional
business hours. The European SOC is located in the U.K., providing services to Europe, the Middle
East and Africa. Analysts provide personalized care to review customer security event information.
The European SOC maintains attestation to industry security standards by external third parties. In
addition, assets can be tagged with various compliance policy restrictions, including those that
contain personal data, enabling faster filtering of the related assets to a required report. Sales
teams use local-language fluency wherever possible, to communicate with the greatest clarity in
order to establish Symantec as a trusted security advisor.
Trustwave
10/27/2014 Magic Quadrant for Global MSSPs
http://www.gartner.com/technology/reprints.do?id=1-1TEY8UZ&ct=140424&st=sb 19/19
Trustwave is a global provider of MSS, with a globally consistent strategy. Ninety percent of
Trustwave's customers are in North America. Half of Trustwave's European customers are in the
U.K. and Ireland, while the other half are more or less equally distributed across all other major
European countries. The European SOC is located in Poland. Trustwave works with local partners
throughout EMEA, including the U.K. and Germany. Trustwave's security service focus is on threat
management and event monitoring, network protection and access control, application security,
content security, and anti-malware. The portal is also available in Spanish, while scanning and
compliance sections are also available in German, French and many other European languages.
Trustwave's hybrid on-premises and cloud SIEM architecture was created to support in-country or
on-premises data storage requirements, especially for EMEA countries with data privacy and
location sensitivity (for example, Germany). Trustwave also offers data-location-sensitive customers
a full on-premises technology stack to meet local data privacy requirements.
Verizon
Verizon has a substantial customer base in Europe — largely, enterprise customers. Demand is
driven by managed WAN deals with security services tied to them, as well as by industrial control
system security requirements in the manufacturing sector. Moreover, Verizon operates an SOC in
Luxembourg to address country requirements in the financial sector and clients with European data
sovereignty requirements. For additional charges, Verizon can provide systems and storage that
are not multitenant (using commercial SIEM instead of Verizon's MSS platform). Verizon also
operates regional denial of service (DoS) mitigation centers and maintains Hadoop nodes per
region as part of large-scale security analytics launched in 2014. Verizon also has a partnership
with Swisscom.
Note: This perspective was added to this Magic Quadrant on 25 July 2014 as a planned enhancement to
the reading experience. The perspective was originally published on 22 July 2014 as a separate
document. This content contains no new information from when it was originally published.
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be
reproduced or distributed in any form without Gartner’s prior written permission. If you are authorized to access this publication, your use of it is subject to the
Usage Guidelines for Gartner Services posted on gartner.com. The information contained in this publication has been obtained from sources believed to be reliable.
Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies
in such information. This publication consists of the opinions of Gartner’s research organization and should not be construed as statements of fact. The opinions
expressed herein are subject to change without notice. Although Gartner research may include a discussion of related legal issues, Gartner does not provide legal
advice or services and its research should not be construed or used as such. Gartner is a public company, and its shareholders may include firms and funds that
have financial interests in entities covered in Gartner research. Gartner’s Board of Directors may include senior managers of these firms or funds. Gartner research
is produced independently by its research organization without input or influence from these firms, funds or their managers. For further information on the
independence and integrity of Gartner research, see “Guiding Principles on Independence and Objectivity.”
About Gartner | Careers | Newsroom | Policies | Site Index | IT Glossary | Contact Gartner