IDC MarketScape: Worldwide Managed Security Services 2014 Vendor Assessment

Similar documents
IDC MarketScape: Worldwide Managed Security Services 2017 Vendor Assessment

IDC MarketScape: Worldwide Datacenter Transformation Consulting and Implementation Services 2016 Vendor Assessment

IDC MarketScape: Worldwide Network Consulting Services 2017 Vendor Assessment

IDC MarketScape: Worldwide Datacenter Transformation Consulting and Implementation Services 2014 Vendor Assessment

IDC MarketScape: Worldwide Cloud Professional Services 2018 Vendor Assessment

IDC MarketScape: Worldwide Cloud Professional Services 2014 Vendor Analysis

IDC MarketScape: Worldwide Service Providers 2018 Vendor Assessment

IDC MarketScape: Worldwide Security Solutions and Services Hardcopy 2017 Vendor Assessment

IDC MarketScape: Worldwide Managed Security Services 2017 Vendor Assessment

IDC MarketScape: Worldwide Mobile Threat Management Software Vendor Assessment

Predictive Insight, Automation and Expertise Drive Added Value for Managed Services

IDC MarketScape: Worldwide Datacenter Infrastructure Management 2015 Vendor Assessment

Global Headquarters: 5 Speen Street Framingham, MA USA P F

Global Headquarters: 5 Speen Street Framingham, MA USA P F

Worldwide Datacenter Automation Software 2013 Vendor Shares

Akamai: Turning Enterprise Security Inside Out

Optimizing Infrastructure Management with Predictive Analytics: The Red Hat Insights Approach

Intent-Based Networking in the Limelight with Cisco's Launch of Catalyst 9000 Series Ethernet Switches

Analytics-as-a-Service Firm Chooses Cisco Hyperconverged Infrastructure as a More Cost-Effective Agile Development Platform Compared with Public Cloud

The Emerging Role of a CDN in Facilitating Secure Cloud Deployments

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Continuous protection to reduce risk and maintain production availability

CloudGenix: Application-Centric SD-WAN

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Text Messaging Helps Your Small Business Perform Big

Run the business. Not the risks.

Atlantis Computing Adds the Ability to Address Classic Server Workloads

Three Key Challenges Facing ISPs and Their Enterprise Clients

Global Headquarters: 5 Speen Street Framingham, MA USA P F

Vendor Snapshot 2017: HP Inc. on Print and Document Security Services

IDC MarketScape: Canadian Data Centre Operations and Management 2016 Vendor Assessment

Global Headquarters: 5 Speen Street Framingham, MA USA P F

Cyber Group Deploys EMC ViPR for Next-Generation SaaS Application Infrastructure

I D C T E C H N O L O G Y S P O T L I G H T

2018 Trends in Hosting & Cloud Managed Services

Thin Clients as Attractive Solutions for Cost Effective, Secure Endpoint Management

National Bank Minimizes Security Risk and Supports New Business with McAfee Security Solutions

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

IDC FutureScape: Worldwide Security Products and Services 2017 Predictions

Optimisation drives digital transformation

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Global Headquarters: 5 Speen Street Framingham, MA USA P F

White Paper. How to Write an MSSP RFP

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

Mastering The Endpoint

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Cybersecurity. Securely enabling transformation and change

Magic Quadrant for MSSPs, North America

Symantec Data Center Transformation

Securing Digital Transformation

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

Oracle Autonomous Transaction Processing: Foolproofing the Database

OpenText Magellan, Reborn Cloud, and Other Highlights from OpenText Enterprise World 2018

Cisco Preparing Its Datacenters for the Next Generation of Virtualization and Hybrid Cloud with Its Application Centric Infrastructure

Symantec Security Monitoring Services

KEDAYAM A KAAPAGAM MANAGED SECURITY SERVICES. Kaapagam Technologies Sdn. Bhd. ( T)

IDC MarketScape: Canadian Data Centre Operations and Management 2016 Vendor Assessment

Better skilled workforce

to Enhance Your Cyber Security Needs

Vulnerability Management Trends In APAC

IT Consulting and Implementation Services

TRUE SECURITY-AS-A-SERVICE

Securing Your Digital Transformation

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Global Security Consulting Services, compliancy and risk asessment services

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

How to Write an MSSP RFP. White Paper

Server Workloads Forecasts and Analysis Study,

WHITE PAPER Dell Virtual Integrated System (VIS) Management Extensions Improve Datacenter Operational Productivity

align security instill confidence

Acronis Backup 12.5: Transforming Data Protection with Blockchain Tech, Ransomware Protection, and Quick Insights

Automated Infrastructure Management Powers Future-Ready Enterprise Clouds

NEXT GENERATION SECURITY OPERATIONS CENTER

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

CYBER RESILIENCE & INCIDENT RESPONSE

Business Continuity & Disaster Recovery

State of South Carolina Interim Security Assessment

2018 MANAGED SECURITY SERVICE PROVIDER (MSSP): BENCHMARK SURVEY Insights That Inform Decision-Making for Retail Industry Outsourcing

IDC MarketScape: Worldwide Endpoint Specialized Threat Analysis and Protection 2017 Vendor Assessment

Application Delivery Strategies for Today s Increasingly Mobile Workforce

BUILDING AND MAINTAINING SOC

Security-as-a-Service: The Future of Security Management

2017 Trends in Datacenter and Critical Infrastructure

MITIGATE CYBER ATTACK RISK

TechValidate Survey Report: SaaS Application Trends and Challenges

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

ISACA GEEK WEEK SECURITY MANAGEMENT TO ENTERPRISE RISK MANAGEMENT USING THE ISO FRAMEWORK AUGUST 19, 2015

OUR SECURITY DELIVERED YOUR WAY

Department of Management Services REQUEST FOR INFORMATION

Security in India: Enabling a New Connected Era

Finding Pure-Play Midtier ESPs: A Two-Step Process

PORTFOLIO OVERVIEW. Security. A Comprehensive Set of Security Services for Today s Complex Cyber Security Needs. Portfolio Overview.

Cloud Computing. January 2012 CONTENT COMMUNITY CONVERSATION CONVERSION

Astrium Accelerates Research and Design with IHS Goldfire

ProDeploy Suite. Accelerate enterprise technology adoption with expert deployment designed for you

I D C T E C H N O L O G Y S P O T L I G H T. V i r t u a l and Cloud D a t a Center Management

Building a Resilient Security Posture for Effective Breach Prevention

RSA NetWitness Suite Respond in Minutes, Not Months

Oracle Buys Automated Applications Controls Leader LogicalApps

Transcription:

IDC MarketScape IDC MarketScape: Worldwide Managed Security Services 2014 Vendor Assessment Christina Richmond THIS IDC MARKETSCAPE EXCERPT FEATURES: AT&T IDC MARKETSCAPE FIGURE FIGURE 1 IDC MarketScape Worldwide Managed Security Services Vendor Assessment Source: IDC, 2014 Please see the Appendix for detailed methodology, market definition, and scoring criteria. June 2014, IDC #248646ee

IN THIS EXCERPT The content for this excerpt was taken directly from IDC MarketScape: Worldwide Managed Security Services 2014 Vendor Assessment (Doc # 248646). All or parts of the following sections are included in this excerpt: IDC Opinion, IDC MarketScape Vendor Inclusion Criteria, Essential Guidance, Vendor Summary Profile, Appendix and Learn More. Also included is Figure 1. IDC OPINION Using the IDC MarketScape model, IDC compared 11 organizations that offer managed security services (MSS) worldwide. Through in-depth managed security services provider (MSSP) interviews and more than 20 surveys with providers' customers, IDC learned that all providers have the necessary capabilities to deliver traditional worldwide MSS. Through more granular evaluation, IDC found that each provider possesses some unique strengths and weaknesses when compared with its peer group. At a high level, the major differences centered on their strategies for the next 12 months. IDC believes the following areas will drive the MSS market forward and differentiate the providers: Security services to assist customers in their evolution toward cloud and cloud security enablement BYOD/mobile solutions Abilities to thwart the increasingly impervious adversaries with threat intelligence and analysis via big data capabilities Supporting customers after the inevitable breach with incident response and forensic capabilities Security operations center (SOC) operating model Security talent As a result of IDC's evaluation, IDC found six Leaders in AT&T, Computer Sciences Corporation (CSC), Dell SecureWorks, HP, IBM, and Verizon. A second group of Major Players consists of Atos, BT, Orange Business Services, Symantec, and T-Systems. With the maturation of MSS upon us, it is incumbent upon these top 11 worldwide MSSPs to lead the next generation of MSS, which IDC is calling MSS 2.0. Buyers certainly face complex choices in selecting a vendor with which to partner. However, despite these complexities in vendor selection, buyers purchasing MSS have plenty of options. IDC MARKETSCAPE VENDOR INCLUSION CRITERIA IDC collected and analyzed data on 11 MSSPs within the 2014 IDC MarketScape worldwide managed security services market assessment. While the market arena for MSS is very broad and there are many suppliers that offer these services, IDC narrowed down the field of players that participate in worldwide MSS based on the following criteria: 2014 IDC #248646e 2

Service capability across the MSS life cycle. Each service provider was required to possess full-service MSS delivery capabilities (see the Situation Overview section for an explanation of traditional MSS). Revenue. Each service provider was required to either have 2012 total MSS revenue in excess of $120 million or demonstrate that at least 10% of its MSS revenue was attained in each of three regions the Americas, EMEA, and APAC in addition to having a minimum of five SOCs. Geographic presence. Each vendor was required to have MSS delivery capability in each of three regions: the Americas, EMEA, and APAC. ESSENTIAL BUYER GUIDANCE Because of the number of providers and a multitude of variables, buyers face complex choices in selecting an MSSP: breadth and depth of offerings; SOC staffing, capabilities, and locations; data privacy requirements; complementary services; onboarding options; service-level agreements (SLAs); payment options; customer portal capabilities; customer service delivery methods; and more. Given the pace of technology change, current and future MSSP offerings should be evaluated, along with the investment road map, to be sure that future offerings align with anticipated business and cost projections. It can be expensive and disruptive to change providers, so it is worthwhile to take the time to find the right fit, no matter how many security services are being outsourced. Customer satisfaction surveys and pricing benchmarks may be helpful to the decision process. VENDOR SUMMARY PROFILES AT&T According to IDC analysis and buyer perception, AT&T is an IDC Leader worldwide. AT&T Managed Security Services is part of AT&T, a Texas-based multinational telecommunications company. AT&T typically engages customers initially by implementing a core network and then by adding services. The company is investing heavily in cloud technologies and threat intelligence. In recent months, AT&T has launched services related to mobile security, an advanced persistent threat security assessment, cloud Web security (which includes roaming user and mobile support), and DDoS defense. In anticipation of rising DDoS attacks, AT&T has doubled network capacity. Customers can choose à la carte, bundled, or single-price solutions and pay for them in a variety of ways. AT&T's eight SOCs are integrated with the AT&T Global Network Operations Centers and Government Security Operations Analysis Center (SOAC). AT&T operates both in a follow-the-sun model and with centers in each region staffed 24 x 7. Processes and procedures in all SOCs are the same to provide global support. In February 2014, AT&T and IBM announced a new service that combines security network infrastructure with advanced threat monitoring and analytics. AT&T provides network-based firewall, IDS/IPS, Web filtering, secure email gateway, and DDoS protection services for security devices managed on-premise 2014 IDC #248646e 3

or in the AT&T cloud. IBM capabilities include IBM Network Security Consulting to assess and transform network security, IBM Security Monitoring and Threat Intelligence for faster threat detection and response, and IBM Emergency Response Services for around-the-clock security expert support. Strengths AT&T's investments and drive to be a global leader in MSS are evident. AT&T's strengths include advanced threat detection and analysis, big data analysis of threat intelligence, mobile security, complementary services, flexibility in pricing and payment structures, multiple routes to purchase, and customer service/satisfaction activities. The joint venture with IBM meets a real market need with an end-to-end security solution that provides enterprise customers with both integration and simplicity. According to customer feedback, AT&T performed pilot projects to validate capabilities. The portal provides enhanced parent/child account reporting, and services can be added on to other services in a single-pane-of-glass view. Also, according to customer feedback, AT&T constantly strives to find new ways to improve and understand how to deliver security, and it executes time and time again. Challenges AT&T customers have basic, separate portals for each service they use, but AT&T has begun a multiyear plan, beginning with a customizable home page, to migrate to a converged portal. In addition to the portal overhaul, AT&T is addressing security trends by planning to launch several new offerings in areas of DDoS, firewall, network, and mobile. APPENDIX Situation Overview The security landscape is complex and challenging for businesses globally, and IDC recommends a holistic, enterprisewide security posture that is proactive and predictive versus reactive. In-house 24 x 7 security solutions are expensive, however, and expertise is scarce. It's a daunting task to sustain the necessary level of threat intelligence and advanced analytics capabilities, along with the skills to interpret and act on findings. The current state of security creates budgetary pressures that lead organizations to have "build versus buy" discussions. Engaging a security services provider can allow organizations to transfer the cost of ownership, thereby reducing capex and transferring the budget line item to opex. This step creates a predictable expense with a regular cadence in the budget cycle. And, managed security services providers are focused solely on the rapidly changing threat landscape and the protection of their customers' businesses. The rise in frequency and complexity of attacks and the need for increasingly sophisticated security solutions have led to a new echelon of MSS that IDC is calling MSS 2.0. A MSSP 2.0 is further "up the stack" than traditional MSSPs which are offering MSS 1.0 services such as basic managed and monitored services (firewalls, intrusion detection services [IDS]/intrusion prevention services [IPS], 2014 IDC #248646e 4

unified threat management [UTM], IAM, log monitoring, vulnerability scanning, etc.). Traditional MSSPs may also offer advanced services such as DDoS, Web application security, managed SIEM, and managed SOC. MSSPs that are focused on MSS 2.0 deliver basic and advanced traditional MSS plus professional/complementary services (see the Market Definition section). And, they are investing in mobile/byod, cloud, threat intelligence/big data, and incident response/forensics. Cloud, mobile/byod, and big data are three of four pillars that IDC has identified as top trends in 2014. The fourth pillar, which doesn't factor into this IDC MarketScape, is social media. Social media, however, does impact security, and advanced MSSP capabilities, in our analysis, can help detect, analyze, and protect against threats in the social media arena. A complication in the security landscape is the shortage of security talent. As a result, employee acquisition, training, and retention are top priorities. Trail-blazing MSSPs are going far beyond traditional hiring practices to ensure near- and long-term access to a security talent pool. Some of their tactics include creating their own universities, developing lab partnerships with universities, sponsoring cyber-competitions, establishing scholarships, and partnering with schools to develop curriculum. Further, regulatory requirements continue to evolve, and MSSPs can provide the expertise and evidence needed for oversight and compliance based on industry-standard certifications. Data privacy laws, which are yet to be formalized, are expected to vary from country to country. To date, MSSPs are meeting customer data privacy requirements on a case-by-case basis. IDC believes that data privacy laws will greatly influence SOC strategy and implementation. Businesses are increasingly turning to MSSPs to monitor and manage some or all of their security needs. Based on IDC market sizing, the MSS market is expected to continue to see growth in double digits in coming years. Reading an IDC MarketScape Graph For the purposes of this analysis, IDC divided potential key measures for success into two primary categories: capabilities and strategies. Positioning on the y-axis reflects the vendor's current capabilities and menu of services and how well aligned the vendor is to customer needs. The capabilities category focuses on the capabilities of the company and product today, here and now. Under this category, IDC analysts look at how well a vendor is building/delivering capabilities that enable it to execute its chosen strategy in the market. Positioning on the x-axis, or strategies axis, indicates how well the vendor's future strategy aligns with what customers will require in three to five years. The strategies category focuses on high-level decisions and underlying assumptions about offerings, customer segments, and business and go-tomarket plans for the next three to five years. The size of the individual vendor markers in the IDC MarketScape represents the market share of each individual vendor within the specific market segment being assessed. 2014 IDC #248646e 5

IDC MarketScape Methodology IDC MarketScape criteria selection, weightings, and vendor scores represent well-researched IDC judgment about the market and specific vendors. IDC analysts tailor the range of standard characteristics by which vendors are measured through structured discussions, surveys, and interviews with market leaders, participants, and end users. Market weightings are based on user interviews, buyer surveys, and the input of a review board of IDC experts in each market. IDC analysts base individual vendor scores, and ultimately vendor positions on the IDC MarketScape, on detailed surveys and interviews with the vendors, publicly available information, and end-user experiences in an effort to provide an accurate and consistent assessment of each vendor's characteristics, behavior, and capabilities. Service Provider Customer Interviews As part of this IDC MarketScape, IDC conducted interviews with vendor-provided client references. IDC utilized these customer interviews to learn about the customers' project backgrounds, how customers selected the service provider and what critical criteria they used to select their vendor, what sort of results customers were able to generate from their MSS engagement, what lay ahead, key lessons learned, and what customers felt were the differentiating and key strengths their chosen managed security service provider possesses. Weightings This MSSP assessment is designed to evaluate the characteristics of each firm and each firm's global presence. Many types of firms compete in the MSS market. As such, this evaluation is not an exhaustive list of the players to consider for an engagement. Instead, this evaluation reviews the primary players that offer capabilities spanning the MSS landscape. Factors like business and information technology (IT) objectives, business and IT requirements, and the business and IT culture of an organization play integral roles in determining which firms should be considered as potential candidates for an MSS engagement. Market Definition Managed Security Services For the purposes of this research, IDC defines managed security services as "the around-the-clock remote management or monitoring of IT security functions delivered via remote security operations centers (SOCs), not through personnel onsite." Exceptions and Inclusions Managed security services can include complementary consulting and advisory activities that are typically defined under professional security services. The study did seek to understand whether the MSSPs offer complementary services as IDC believes these are critical to the evolution and maturity of MSS. The MSSPs in this study do provide complementary services although there is no standard approach for how they are offered. Commonly, an initial assessment is bundled with MSS. Some MSSPs bundle other services. Most, however, offer complementary services as optional add-ons and charge separately for them. 2014 IDC #248646e 6

Complementary services surveyed in the study include breach management, incident response, forensics, compliance services, and assessment of architecture and design. Not all MSSPs provide all of these services. Some MSSPs provide all of the listed complementary services and many others. Terminology Global versus international. Global business and international business are often used interchangeably in casual conversation. When these ideas are looked at specifically in the ways companies operate as they move beyond domestic borders, they are quite distinct. The term global has a more broad and universal concept of the global marketplace, while international business refers to the application of a business model to various markets. In this study, most of the MSSPs analyzed are not truly global entities, at least not in reference to their MSS business. A truly global MSSP has a global 24 x 7 fully redundant SOC, localizes its marketing, sells through regional channels in addition to local direct sales, and conducts customer satisfaction studies and pricing evaluations with regional methods. Managed security and information event management (SIEM). This managed on-premise event collector transmits the raw log data to the MSSP's SOC for analysis, reporting, and archiving. This is an advanced and niche offering that only a handful of MSSPs offer. Managed SOC. A security operations center includes the people, processes, and technologies involved in detecting, containing, and remediating security threats. Some MSSPs take over the operation of SOCs that their customers have built and no longer want to manage. This is an advanced and niche offering that only a handful of MSSPs offer. LEARN MORE Related Research Worldwide Threat Intelligence Security Services 2014 2018 Forecast: "Iterative Intelligence" Threat Intelligence Comes of Age (IDC #246977, March 2014) IBM MSS: Vendor Agnostic, Custom, and Off the Shelf (IDC #246858, February 2014) AT&T Managed Security Services Offers "Defense in Depth" (IDC #246446, January 2014) Market Analysis Perspective: 3rd Platform Drives Growth and Disaggregation in Security Services (IDC #244989, December 2013) Trustwave: Solutions and Services for Security and Compliance (IDC #244994, December 2013) Trustwave Announces Enhancements and New Managed Secure Web Gateway (IDC #lcus24456813, November 2013) Dell SecureWorks: An Integrated Approach to Security (IDC #242998, September 2013) IBM Launches Managed Cloud-Based DDoS Mitigation With Akamai (IDC #243284, September 2013) Solutionary: Building Situational Awareness into Managed Security Services (IDC #242468, August 2013) 2014 IDC #248646e 7

Another Security Services Acquisition: NTT to Acquire Solutionary, a North American Managed Security Services Provider (IDC #lcus24187113, June 2013) Synopsis This IDC study represents a vendor assessment of providers offering managed security services (MSS) through the IDC MarketScape model. The assessment reviews both quantitative and qualitative characteristics that define current market demands and expected buyer needs for MSS. The evaluation is based on a comprehensive and rigorous framework that assesses how each vendor stacks up to one another, and the framework highlights the key factors that are expected to be the most significant for achieving success in the MSS market over the short term and the long term. "The high profile of security incidents and the costs associated with protecting the enterprise from them are driving executives and the boardroom to increasingly consider managed security services. No longer are the traditional managed security services enough, however, as greater predictive insights and advanced tools are required to win the battle against alarmingly skilled adversaries. Add to this challenge that there is not enough trained and 'battle-ready" security talent available. This coalescence has created 'MSS 2.0,' which raises the requirement for MSSPs to add iterative threat intelligence and advanced threat detection and analysis capabilities. It requires the proactive development of a new breed of security employees and demands cost-effective protection all while providing comprehensive visibility to customer security executives." Christina Richmond, program director, Security Services 2014 IDC #248646e 8

About IDC International Data Corporation (IDC) is the premier global provider of market intelligence, advisory services, and events for the information technology, telecommunications and consumer technology markets. IDC helps IT professionals, business executives, and the investment community make factbased decisions on technology purchases and business strategy. More than 1,100 IDC analysts provide global, regional, and local expertise on technology and industry opportunities and trends in over 110 countries worldwide. For 50 years, IDC has provided strategic insights to help our clients achieve their key business objectives. IDC is a subsidiary of IDG, the world's leading technology media, research, and events company. Global Headquarters 5 Speen Street Framingham, MA 01701 USA 508.872.8200 Twitter: @IDC idc-insights-community.com www.idc.com Copyright Notice This IDC research document was published as part of an IDC continuous intelligence service, providing written research, analyst interactions, telebriefings, and conferences. Visit www.idc.com to learn more about IDC subscription and consulting services. To view a list of IDC offices worldwide, visit www.idc.com/offices. Please contact the IDC Hotline at 800.343.4952, ext. 7988 (or +1.508.988.7988) or sales@idc.com for information on applying the price of this document toward the purchase of an IDC service or for information on additional copies or Web rights. Copyright 2014 IDC. Reproduction is forbidden unless authorized. All rights reserved.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback