FOR: Security &

Risk Professionals

The Forrester Wave: Managed Security

Services: North America, Q1 2012
by Ed Ferrara, March 26, 2012

key TakeaWays
Mssps dont simply Cut Costs, They Can enhance your security
Capabilities
Todays economic environment and mutating threat landscape are forcing CISOs
to consider alternatives to simply insourcing information security. MSSPs leverage
impressive economies of scale to offer clients an enhanced security environment,
cost-effective security, and a scalable and flexible security platform capable of
handling future expansion.
The Mssp Market grows at Rapid pace as Cisos Look For Trusted
partners
The MSS market is growing rapidly because more CISOs see MSS as a way to
address top operational challenges. Forrester estimates growth in this space to be
between 30% and 40% per year. This market growth is in large part due to the fact
that CISOs increasingly trust MSSPs to advise them in top security decisions and
act as strategic partners.
Threat intelligence and event Correlation are key differentiators
As signature-based technology becomes less effective against security threats,
improved behavioral and heuristic-based detection techniques will dictate which
providers are ahead of the pack. MSSPs that collect large data sets across their client
base and advanced analytics position themselves to provide more proactive threat
intelligence.

Forrester Research, Inc., 60 Acorn Park Drive, cambridge, MA 02140 USA

Tel: +1 617.613.6000 | Fax: +1 617.613.5000 | www.forrester.com

For Security & Risk Professionals

March 26, 2012

The Forrester Wave: Managed Security

Services: North America, Q1 2012
The Nine Service Providers That Matter Most And How They Stack Up
by Ed Ferrara
with Nicholas Hayes and Stephanie Balaouras

Why Read This Report

In Forresters 60-criteria evaluation of the North American managed security services market, we identified
the nine significant service providers in this category AT&T, CSC, Dell SecureWorks, HP, IBM, Symantec,
Trustwave, Verizon, and Wipro and researched, analyzed, and scored them. This report details our
findings about how each service provider measures up and plots where they stand in relation to each other,
to help security and risk (S&R) professionals select the right partner for their managed security services.

Table Of Contents

Notes & Resources

2 CISOs Need Support From Third Parties

Forrester conducted services evaluations in

October 2011 and interviewed nine MSSPs:
AT&T, CSC, Dell SecureWorks, HewlettPackard, IBM, Symantec, Trustwave, Verizon,
and Wipro.

3 The Market Landscape

4 Managed Security Services: North America
Evaluation Overview
Evaluation Focused On Breadth Of Capabilities,
Flexibility, And Customer Satisfaction

Related Research Documents

Evaluated Vendors Offer A Full Suite Of

Managed Security Services

Navigate The Future Of The Security

Organization
February 14, 2012

6 Evaluation Analysis
8 Vendor Profiles
Leaders
Strong Performers
10 Supplemental Material

2012 Budget And Planning Guide For CISOs

December 15, 2011
Updated Q4 2011: The New Threat
Landscape Proceed With Caution
November 1, 2011
The Forrester Wave: Managed Security
Services, Q3 2010
August 4, 2010

2012, Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best available
resources. Opinions reflect judgment at the time and are subject to change. Forrester, Technographics, Forrester Wave, RoleView, TechRadar,
and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies. To
purchase reprints of this document, please email clientsupport@forrester.com. For additional information, go to www.forrester.com.

For Security & Risk Professionals

The Forrester Wave: Managed Security Services: North America, Q1 2012

CISOs Need support from Third parties

Information security is changing as a discipline. Security is no longer that critical function that
must remain in-house. Just a year and a half ago Forrester reported that only one in four security
organizations outsourced their email filtering.1 Today, more than half of security organizations
outsource email filtering.2 An increasing number of CISOs now view security outsourcing as
a viable method for reducing costs and improving their security capabilities. And with security
budgets stagnant and business alignment a top priority for the CISO, MSS adoption is rising
rapidly.3 Forrester estimates growth in this space to be between 30% and 40% per year.
Cost management is certainly one factor contributing to the fast adoption of managed security
services (MSS), but more importantly, security organizations need the bandwidth and talent that
top MSS providers (MSSPs) can offer. Large corporations susceptible to significant cyberrisks and
compliance requirements need to enhance and invest in information security. With information
security budgets static, the need to look to third parties to provide quality security services and
drive economies of scale will shape security purchasing decisions during the next two to three years.
Forrester sees the high growth in MSS occurring for three primary reasons:

MSSPs offer better resources, scalability, and talent all for a cheaper price. Business

and technical alignment are important factors for the selection of an MSSP. CISOs looking
to security services cite cost reduction as a top factor, with 62% of CISOs listing this as an
important or very important reason.4 Yet, while cost is a top issue and may be the initial catalyst
for CISOs to seek the help of an MSSP, other more important issues, such as flexibility, expertise,
and advanced technology, quickly enter the conversation. Leveraging impressive economies
of scale, MSSPs can offer better returns on investment for CISOs in a number of areas and can
ultimately offer an enhanced, more secure IT environment.

CISOs want trusted, strategic partners. Information security is an activity built on trust.

MSSPs that understand this develop strong supporting partnerships with their clients and help
them overcome their biggest security challenges. As one CEO of a technology product company
explained: When I switched vendors, I was looking for a vendor in it for the long haul; one that
would work with me over time. In return, MSSPs see strong endorsements from their clients
and better contract renewal rates. Forrester believes that the relationship between CISOs and
MSSPs will continue to deepen. As the MSSP demonstrates competency and even proficiency
in certain areas, the partnership will quickly develop from an ad hoc relationship to a fully
managed security IT environment (see Figure 1).

Advanced technologies, such as threat intelligence and correlation, drive future demand.

Threat intelligence and correlation are not necessarily new ideas for CISOs. What is new
is sophistication of new threat intelligence technology to detect intrusions. With a rapidly
changing threat landscape and advanced persistent threats (APTs) now the norm, CISOs need
solutions capable of detecting suspicious activity and need to receive alerts in near real time.5

2012, Forrester Research, Inc. Reproduction Prohibited

March 26, 2012

For Security & Risk Professionals

The Forrester Wave: Managed Security Services: North America, Q1 2012

MSSPs providing this capability will offer a level of protection that many security organizations
desperately want and need. While not all MSSPs will be able to do this with the same level of
success, Forrester believes those MSSPs that get this right will have a huge advantage in the
market during the next two to five years.
The Market Landscape
The MSSP market is divided into two major groups. The first group is the large enterprise class
providers. These are MSSPs that offer multiple security operations centers (SOCs) in multiple
geographies. These firms also have from 100 to more than 1,500 engineers and from one to seven
SOCs. The second group are the midsize MSSPs that serve similar size companies, although some of
these MSSPs have some very large marquee clients. These companies have from 25 to 150 engineers
and usually one or two SOCs.
The focus of this Forrester Wave is the large enterprise providers that serve the North American
market. MSS revenue for these providers ranges from an estimated $60 million to more than $500
million. Some of these providers are divisions of much larger companies, with corporate revenue
estimated to be between $60 million and $130 billion.
Figure 1 MSSPs Try To Become Trusted Partners To Their Clients
Fully managed
security/IT environment

Network security
services

Level of strategic
partnership

Security services
bundle

Ad hoc security
services

57682

2012, Forrester Research, Inc. Reproduction Prohibited

Source: Forrester Research, Inc.

March 26, 2012

For Security & Risk Professionals

The Forrester Wave: Managed Security Services: North America, Q1 2012

Managed Security Services: North America Evaluation Overview

To assess the state of the North American managed security services market and see how the
vendors stack up against each other, Forrester evaluated the strengths and weaknesses of top MSSPs
with a substantial client base in the North American region.
Evaluation Focused On Breadth Of Capabilities, Flexibility, And Customer Satisfaction
After examining past research, user need assessments, and vendor and expert interviews, we
developed a comprehensive set of evaluation criteria. We evaluated vendors against 60 criteria,
which we grouped into three high-level categories:

Current offering. Each vendors position on the vertical axis of the Forrester Wave graphic

indicates the strength of its current MSS product offering. The sets of capabilities evaluated
in this category are: value proposition, customer satisfaction, delivery capabilities, cloud and
hosted services, infrastructure and perimeter, value-added services, content and application
security, and staff dedicated to MSS.

Strategy. A vendors position on the horizontal axis indicates the strength of its MSS strategy,
specifically focused on innovation and thought leadership, and company growth plans.

Market presence. The size of the vendors bubble on the chart indicates its market presence,
which Forrester measured based on the companys overall presence in the marketplace, its
North American market presence, and its overall and MSS-specific financials.

Evaluated Vendors Offer A Full Suite Of Managed Security Services

Forrester included nine vendors in the assessment: AT&T, CSC, Dell SecureWorks, Hewlett-Packard,
IBM, Symantec, Trustwave, Verizon, and Wipro. Each of these vendors has (see Figure 2):

A complete suite of managed security services. We looked for providers that offered a
complete suite of managed security services.

A strong MSS presence in North America. A significant portion of their managed security
service revenue had to come from their clients in North America.

Significant interest from Forrester customers. Forrester considered the level of interest from
our clients based on our various interactions, including inquiries, advisories, and consulting
engagements.

A large number of SOCs. Forrester considered the number of SOCs that each provider had
globally.

2012, Forrester Research, Inc. Reproduction Prohibited

March 26, 2012

For Security & Risk Professionals

The Forrester Wave: Managed Security Services: North America, Q1 2012

Substantial annual MSS revenues. The annual revenue from their total managed security
services was a large part of their business.

A high total number of locations and/or IP addresses managed. Forrester considered the

number of locations, and in some cases, the number of IP addresses, the provider managed.

A host of dedicated SOC analysts. The provider had a sizable number of analysts or engineers
that spent at least 80% of their time dedicated to the providers managed security services.

Figure 2 Evaluated Vendors: Vendor Information And Selection Criteria

Vendor

No. of
SOCs

SOC locations

No. of large
MSS clients
(deal size $50k+)

Portal
evaluated

Portal
version

AT&T

N.J., US; N.C., US; Va., US;

Bangalore, IN; MY

Forrester
estimate: 1,200+

AT&T Security
Center

N/A

CSC

AU; IN; MY; UK; US

Forrester
estimate: 30+

Pulse

v3.0

Dell
SecureWorks

Atlanta, Ga., US; Chicago, Ill., US;

Myrtle Beach, S.C., US; Plano,
Texas, US; Providence, R.I., US;
Edinburgh, UK; Noida, IN

Forrester
estimate: 800+

Dell
SecureWorks
Customer Portal

N/A

Hewlett-Packard

US; UK; MY

Forrester
estimate: 500+

HP
MSSPortal.net

v3.0

IBM

10

Atlanta, Ga., US; Boulder, Colo.,

US; Southfield, MI., US; Toronto,
CA; Brussels, BE; Hortolandia,
BR; Wroclaw, PL; Bangalore, IN;
Tokyo, JP; Brisbane, AU

Forrester
estimate: 2,000+

IBM Virtual
Security
Operations
Center

Symantec

Herndon, Va., US; Reading, UK;

Chennai, IN; Sydney, AU

Forrester
estimate: 2,000+

Symantec
Internet
Interface (SII)

v5.0

Trustwave

Chicago, Ill., US; Denver, Colo.,

US; Warsaw, PO

Forrester
estimate: 35+

TrustKeeper

N/A

Verizon

Ashburn, Va., US; Carey, N.C., US;

Miami, Fla., US; Leuven, BE;
Luxembourg, LU; Canberra, AU;
Chennai, IN

Forrester
estimate: 2,000+

MSS Security
Dashboard

v11.4

Wipro

Atlanta, Ga., US; Bangalore, IN;

Chennai, IN (2); Greater Noida,
IN; Mysore, IN; Pune, IN;
Bucharest, RO

Forrester
estimate: 150+

Managed
Security Services
Customer Portal

v7.64645

v1.3

Source: Forrester Research, Inc.

2012, Forrester Research, Inc. Reproduction Prohibited

March 26, 2012

For Security & Risk Professionals

The Forrester Wave: Managed Security Services: North America, Q1 2012

Figure 2 Evaluated Vendors: Vendor Information And Selection Criteria (Cont.)

Vendor selection criteria
Complete suite of managed security services. We looked for providers that offered a complete suite of
managed security services.
Strong MSS presence in North America. A significant portion of their managed security service revenue
had to come from their clients in North America.
Significant interest from Forrester customers. Forrester considered the level of interest from our clients
based on our various interactions, including: inquiries, advisories, and RFP.
Large number of SOCs and their location. Forrester considered the number of SOCs providers had
globally.
Substantial annual MSS revenues. The annual revenue from their total managed security services must
have been a large part of their business.
Total number of locations and/or IP addresses managed. Forrester considered the number of locations,
and, in some cases, the number of IP addresses the provider managed.
A host of dedicated SOC analysts. The number of analysts or engineers that spent at least 80% of their
time dedicated to the providers managed security services.
Source: Forrester Research, Inc.

Evaluation Analysis
All of the MSSPs reviewed for this research have the capabilities to become a strategic partner for
their clients; however, some were quite simply better at execution. The Leaders were notably close
in their scoring. We interpret this to mean that the Leaders understand equally what it means to be
a successful MSSP and execute on that vision. The Strong Performers also had their list of strengths
but did not rate as well in key areas such as client business alignment, advanced threat intelligence,
and execution on client SLAs. In order to be a true partner, Forrester believes strong client business
alignment, forward-thinking threat management, and excellent execution determine the ability of
the MSSP to meet current and future demands that clients will ask of these service providers.
The evaluation uncovered a market in which (see Figure 3):

IBM, Dell SecureWorks, Symantec, Verizon, Trustwave, CSC, and AT&T are Leaders. These

vendors demonstrated both breadth and depth in the services they offered. They offered different
delivery models and a robust set of capabilities across the board and plan to heavily invest in their
MSS offerings to make sure they remain competitive and advance in the marketplace.

HP and Wipro are Strong Performers. The Strong Performers all offer solid security services

and are able to compete through content expertise and price. While not all of the features they

2012, Forrester Research, Inc. Reproduction Prohibited

March 26, 2012

For Security & Risk Professionals

The Forrester Wave: Managed Security Services: North America, Q1 2012

provide are at the level of the Leaders, clients looking to outsource and reduce their total cost of
ownership should be sure to consider both of these companies.
This evaluation of the North American managed security services market is intended to be a starting
point only. We encourage readers to view detailed product evaluations and adapt the criteria
weightings to fit their individual needs through the Forrester Wave Excel-based vendor comparison
tool.
Figure 3 Forrester Wave: Managed Security Services: North America, Q1 2012
Risky
Bets

Contenders

Strong
Performers

Leaders

Strong
Dell SecureWorks
Symantec

IBM
Go online to download
the Forrester Wave tool

AT&T

Verizon
CSC

Wipro

for more detailed product

evaluations, feature

Trustwave

comparisons, and
customizable rankings.

HP
Current
offering

Market presence
Full vendor participation

Weak
Weak

Strategy

Strong
Source: Forrester Research, Inc.

2012, Forrester Research, Inc. Reproduction Prohibited

March 26, 2012

For Security & Risk Professionals

The Forrester Wave: Managed Security Services: North America, Q1 2012

Forresters
Weighting

AT&T

CSC

Dell SecureWorks

HP

IBM

Symantec

Trustwave

Verizon

Wipro

Figure 3 Forrester Wave: Managed Security Services: North America, Q1 2012 (Cont.)

CURRENT OFFERING
Value proposition
Customer satisfaction
Delivery capabilities
Cloud and hosted services
Infrastructure and perimeter
Value-added services
Content and application security
Staff dedicated to MSS

50%
10%
25%
15%
10%
10%
10%
5%
15%

3.82
3.00
3.40
3.65
3.85
4.00
4.90
3.50
4.50

3.78
3.00
4.20
3.45
3.65
4.10
4.45
4.00
3.30

4.12
4.60
3.60
4.10
3.90
4.05
5.00
3.50
4.50

3.15
3.00
2.90
2.90
3.30
3.10
3.80
4.00
3.10

4.17
4.60
3.80
4.65
4.55
4.05
4.95
4.00
3.35

4.08
3.60
3.50
3.80
4.85
4.25
4.75
5.00
4.25

3.64
4.60
3.00
3.90
4.30
3.40
4.75
3.50
2.85

4.00
4.20
2.60
4.55
4.75
3.80
4.90
3.00
5.00

3.30
3.00
2.40
3.70
3.85
3.35
2.75
4.50
4.15

STRATEGY
Innovation and thought leadership
Growth plans

50%
50%
50%

3.88
3.75
4.00

4.13
4.25
4.00

4.50
5.00
4.00

3.25
3.50
3.00

4.50
5.00
4.00

4.50
5.00
4.00

4.25
4.50
4.00

4.38
4.75
4.00

2.58
2.25
2.90

MARKET PRESENCE
Presence in the marketplace
North American market presence
Financials

0%
20%
60%
20%

4.70
5.00
4.70
4.40

2.34
3.00
1.70
3.60

4.46
5.00
4.70
3.20

4.28
3.80
4.40
4.40

4.70
5.00
4.70
4.40

4.22
5.00
4.70
2.00

2.40
3.00
2.80
0.60

4.34
3.80
4.70
3.80

2.14
3.00
1.70
2.60

All scores are based on a scale of 0 (weak) to 5 (strong).

Source: Forrester Research, Inc.

vENDOR PROFILES
Leaders

IBM. IBM continues its reign as a top Leader in the MSS market. IBM assists clients at all

spectrums of MSS maturity ranging from helping security leaders make that initial pitch to
upper executives with its Total Cost of Ownership tool to advanced analysis and correlation
capabilities in near real time through its proprietary analytic engine. IBM provides flexible
delivery capabilities and tight integration with client systems through a well-defined set of APIs
and offers a greatly improved customer portal. Look to IBM for significant depth of technical
expertise and broad SOC coverage.

Dell SecureWorks. SecureWorks remains a top player in the very competitive MSS market. Dell
SecureWorks strongest asset is the quality of its analysts. SecureWorks correlation and logic

2012, Forrester Research, Inc. Reproduction Prohibited

March 26, 2012

For Security & Risk Professionals

The Forrester Wave: Managed Security Services: North America, Q1 2012

engine technology, as well as its Counter Threat Unit, provide clients with the latest emerging
threats and ensure that suspicious activity is detected and reported immediately. Customers felt
monitoring services were excellent; however, they identified a dip in customer support after the
Dell acquisition. Dell is investing in the business, and in the right areas, to ensure it offers toptier security services.

Symantec. Symantec remains a key player in the MSS market, offering excellent capabilities,

especially in the fields of content and application security. Customers identified Symantecs
customer-centric focus and correlation features as positive attributes; they pointed to better
communication between top management and line management as areas of improvement.
Customers seeking strong technical expertise, solid correlation capabilities, and flexible product
offerings should look closely at Symantec.

Verizon. Verizon is a top telecommunications provider with a very large North American

presence, with more than 2,000 unique clients in the region. Verizon emphasizes the business
value and cost-controlling aspects that it delivers through managed security services and helps
clients allocate resources to the most critical assets through its enhanced risk-based correlation
engine. Verizon employs one of the largest security teams in the market with an aggressive
recruiting strategy. Companies searching for a full host of services with a focus on cost should
strongly consider Verizon.

Trustwave. Trustwave is one of the lesser-known MSSPs in this Forrester Wave. The company
continues to improve its services to remain a strong competitor in this market. Trustwave
leverages its PCI expertise and strong monitoring capabilities to attract larger, enterprise
customers. Trustwave has had some growing pains, however, especially in the areas of
onboarding, but it has one of the best customer retention rates of all the providers, with
more than 98% of clients renewing or extending their agreements. Those looking for a strong
technical team and customizable services should be sure to consider Trustwave.

CSC. During the past couple of years, CSC has demonstrated a renewed commitment to its MSS
offerings. CSC primarily focuses on existing IT customers and leverages its large consulting
practice to identify suitable candidates for a managed model. CSC uses cost-benefit models
to demonstrate the return on investment in its services, and it has one of the better portals
in terms of flexibility and features that we tested. Customers identified its well-run SOCs and
responsiveness as positive attributes for CSC. They pointed to log management and poorly
defined SLAs as areas of improvement. CSC continues to invest heavily in its MSS offerings and
will focus its resources on global threat intelligence.

AT&T. As a large, North American telecommunications provider, AT&T has one of the

largest customer bases, with more than 1,200 unique customers in the region. AT&T has an
aggressive threat intelligence program and scans more than 25 petabytes of data travelling over

2012, Forrester Research, Inc. Reproduction Prohibited

March 26, 2012

For Security & Risk Professionals

10

The Forrester Wave: Managed Security Services: North America, Q1 2012

its networks daily. AT&T focuses on threat detection with strong network infrastructure and
perimeter defense offerings, including robust log monitoring and analysis features. Areas of
improvement were its customer portal and reporting features. Customers identified the size of
its network and corresponding security capabilities as strong positives.
Strong Performers

Hewlett-Packard. HP remains one of the largest players in the MSS market, in large part due to

its ability to offer large, complete IT services packages as a managed offering. As a part of its IT
services bundles, HP manages entire IT security environments and provides great economies of
scale. HP excels in the areas of application security and value-added features, but other features
such as next-generation firewalls and advanced analytics lag behind other providers. Rigid
contracts are an improvement area. Strengths are strong data centers and account management.

Wipro. Wipros focus on its offshore delivery model enables it to offer a solid set of security

services at a very competitive price point. It has a broad list of security capabilities, and it
helps clients outsource some key operational aspects of security. In some of the technical
areas, such as content and application security, Wipro offers some of the better services we
evaluated. Customer references identified flexible resources and cost-effectiveness as positive
attributes for Wipro, but highlighted its tendency to over-commit and over-promise as an area
for improvement. Some of its services are less advanced, but Wipro remains a great option for
companies looking to reduce operational costs.

Supplemental MATERIAL
Online Resource
The online version of Figure 3 is an Excel-based vendor comparison tool that provides detailed
product evaluations and customizable rankings.
Data Sources Used In This Forrester Wave
Forrester used a combination of three data sources to assess the strengths and weaknesses of each
solution:

Vendor surveys. Forrester surveyed vendors on their capabilities as they relate to the evaluation
criteria. Once we analyzed the completed vendor surveys, we conducted vendor calls where
necessary to gather details of vendor qualifications.

Portal demos. We asked vendors to conduct demonstrations of their portals functionality. We

used findings from these product demos to validate details of each vendors product capabilities.

2012, Forrester Research, Inc. Reproduction Prohibited

March 26, 2012

For Security & Risk Professionals

11

The Forrester Wave: Managed Security Services: North America, Q1 2012

Customer reference calls. To validate product and vendor qualifications, Forrester also
conducted reference calls with two of each vendors current customers.

The Forrester Wave Methodology

We conduct primary research to develop a list of vendors that meet our criteria to be evaluated
in this market. From that initial pool of vendors, we then narrow our final list. We choose these
vendors based on: 1) product fit; 2) customer success; and 3) Forrester client demand. We eliminate
vendors that have limited customer references and products that dont fit the scope of our evaluation.
After examining past research, user need assessments, and vendor and expert interviews, we develop
the initial evaluation criteria. To evaluate the vendors and their products against our set of criteria, we
gather details of product qualifications through a combination of lab evaluations, questionnaires,
demos, and/or discussions with client references. We send evaluations to the vendors for their review,
and we adjust the evaluations to provide the most accurate view of vendor offerings and strategies.
We set default weightings to reflect our analysis of the needs of large user companies and/or
other scenarios as outlined in the Forrester Wave document and then score the vendors based
on a clearly defined scale. These default weightings are intended only as a starting point, and we
encourage readers to adapt the weightings to fit their individual needs through the Excel-based
tool. The final scores generate the graphical depiction of the market based on current offering,
strategy, and market presence. Forrester intends to update vendor evaluations regularly as product
capabilities and vendor strategies evolve.

Endnotes
1

Forrester discussed the growing managed security services (MSS) market in Q1 2010 and highlighted
that one in four security organizations outsourced their email filtering. See the March 10, 2010, Market
Overview: Managed Security Services report.

Source: Forrsights Security Survey, Q2 2011.

Todays chief information security officers (CISOs) continue to concentrate too much on tactical activities
and day-to-day security operations, unable to escape the reactionary hamster wheel. Additionally,
businesses and other parts of IT routinely circumvent todays security organization in order to innovate
and avoid hearing the predicted no response. So despite all the sensational headlines about major security
breaches, many CISOs find themselves marginalized by their business colleagues. In this report, Forrester
details what CISOs can do to realign with their businesses and transform themselves into chief business
security officers, reasserting their position with management, the board, and the company as a whole. See
the February 14, 2012, Navigate The Future Of The Security Organization report. Additionally, the global
downturn has negatively affected security budgets for several years now, and chief information security

2012, Forrester Research, Inc. Reproduction Prohibited

March 26, 2012

For Security & Risk Professionals

12

The Forrester Wave: Managed Security Services: North America, Q1 2012

officers (CISOs) have become accustomed to accommodating increasing responsibilities with minimal
change to resource levels. See the December 15, 2011, 2012 Budget And Planning Guide For CISOs
report.
4

Source: Forrsights Security Survey, Q2 2011.

The information security threat landscape is changing rapidly, and many security organizations are
struggling to keep up with the changing nature, complexity, and scale of attacks. This dynamic landscape
will not stabilize. As security managers struggle to keep up with this changing landscape and develop
capabilities for handling new attacks, the attacks themselves will adapt to bypass new controls. The attacks
of 2011 teach us that the threat landscape is not evolving but rapidly mutating as attackers find ever-more
devious ways of bypassing security controls. See the November 1, 2011, Updated Q4 2011: The New Threat
Landscape Proceed With Caution report.

2012, Forrester Research, Inc. Reproduction Prohibited

March 26, 2012

About Forrester
A global research and advisory firm, Forrester inspires leaders,
informs better decisions, and helps the worlds top companies turn
the complexity of change into business advantage. Our researchbased insight and objective advice enable IT professionals to
lead more successfully within IT and extend their impact beyond
the traditional IT organization. Tailored to your individual role, our
resources allow you to focus on important business issues

mo e info mation
r

fo

margin, speed, growth first, technology second.

To find out how Forrester Research can help you be successful every day, please
contact the office nearest you, or visit us at www.forrester.com, For a complete list
of worldwide locations, visit www.forrester.com/about.

Client uppo t
For information on hard-copy or electronic reprints, please contact Client Support
at +1 866.367.7378, +1 617.613.5730, or clientsupport@forrester.com. We offer
quantity discounts and special pricing for academic and nonprofit institutions.

Forrester Focuses On
Security & Risk Professionals
To help your firm capitalize on new business opportunities safely,
you must ensure proper governance oversight to manage risk while
optimizing security processes and technologies for future flexibility.
Forresters subject-matter expertise and deep understanding of your
role will help you create forward-thinking strategies; weigh opportunity
against risk; justify decisions; and optimize your individual, team, and
corporate performance.
Sean Rhode , client persona representing Security & Risk Professionals
s

Forrester Research, Inc. ( asdaq: FORR) is an independent research company that provides pragmatic and forward-thinking advice to
global leaders in business and technology. Forrester works with professionals in 19 key roles at major companies providing proprietary
research, customer insight, consulting, events, and peer-to-peer executive programs. For more than 28 years, Forrester has been making
IT, marketing, and technology industry leaders successful every day. For more information, visit www.forrester.com.
57682
RLL12347-USEN-00