Professional Documents
Culture Documents
Risk Professionals
key TakeaWays
Mssps dont simply Cut Costs, They Can enhance your security
Capabilities
Todays economic environment and mutating threat landscape are forcing CISOs
to consider alternatives to simply insourcing information security. MSSPs leverage
impressive economies of scale to offer clients an enhanced security environment,
cost-effective security, and a scalable and flexible security platform capable of
handling future expansion.
The Mssp Market grows at Rapid pace as Cisos Look For Trusted
partners
The MSS market is growing rapidly because more CISOs see MSS as a way to
address top operational challenges. Forrester estimates growth in this space to be
between 30% and 40% per year. This market growth is in large part due to the fact
that CISOs increasingly trust MSSPs to advise them in top security decisions and
act as strategic partners.
Threat intelligence and event Correlation are key differentiators
As signature-based technology becomes less effective against security threats,
improved behavioral and heuristic-based detection techniques will dictate which
providers are ahead of the pack. MSSPs that collect large data sets across their client
base and advanced analytics position themselves to provide more proactive threat
intelligence.
Table Of Contents
6 Evaluation Analysis
8 Vendor Profiles
Leaders
Strong Performers
10 Supplemental Material
2012, Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best available
resources. Opinions reflect judgment at the time and are subject to change. Forrester, Technographics, Forrester Wave, RoleView, TechRadar,
and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies. To
purchase reprints of this document, please email clientsupport@forrester.com. For additional information, go to www.forrester.com.
MSSPs offer better resources, scalability, and talent all for a cheaper price. Business
and technical alignment are important factors for the selection of an MSSP. CISOs looking
to security services cite cost reduction as a top factor, with 62% of CISOs listing this as an
important or very important reason.4 Yet, while cost is a top issue and may be the initial catalyst
for CISOs to seek the help of an MSSP, other more important issues, such as flexibility, expertise,
and advanced technology, quickly enter the conversation. Leveraging impressive economies
of scale, MSSPs can offer better returns on investment for CISOs in a number of areas and can
ultimately offer an enhanced, more secure IT environment.
CISOs want trusted, strategic partners. Information security is an activity built on trust.
MSSPs that understand this develop strong supporting partnerships with their clients and help
them overcome their biggest security challenges. As one CEO of a technology product company
explained: When I switched vendors, I was looking for a vendor in it for the long haul; one that
would work with me over time. In return, MSSPs see strong endorsements from their clients
and better contract renewal rates. Forrester believes that the relationship between CISOs and
MSSPs will continue to deepen. As the MSSP demonstrates competency and even proficiency
in certain areas, the partnership will quickly develop from an ad hoc relationship to a fully
managed security IT environment (see Figure 1).
Advanced technologies, such as threat intelligence and correlation, drive future demand.
Threat intelligence and correlation are not necessarily new ideas for CISOs. What is new
is sophistication of new threat intelligence technology to detect intrusions. With a rapidly
changing threat landscape and advanced persistent threats (APTs) now the norm, CISOs need
solutions capable of detecting suspicious activity and need to receive alerts in near real time.5
MSSPs providing this capability will offer a level of protection that many security organizations
desperately want and need. While not all MSSPs will be able to do this with the same level of
success, Forrester believes those MSSPs that get this right will have a huge advantage in the
market during the next two to five years.
The Market Landscape
The MSSP market is divided into two major groups. The first group is the large enterprise class
providers. These are MSSPs that offer multiple security operations centers (SOCs) in multiple
geographies. These firms also have from 100 to more than 1,500 engineers and from one to seven
SOCs. The second group are the midsize MSSPs that serve similar size companies, although some of
these MSSPs have some very large marquee clients. These companies have from 25 to 150 engineers
and usually one or two SOCs.
The focus of this Forrester Wave is the large enterprise providers that serve the North American
market. MSS revenue for these providers ranges from an estimated $60 million to more than $500
million. Some of these providers are divisions of much larger companies, with corporate revenue
estimated to be between $60 million and $130 billion.
Figure 1 MSSPs Try To Become Trusted Partners To Their Clients
Fully managed
security/IT environment
Network security
services
Level of strategic
partnership
Security services
bundle
Ad hoc security
services
57682
Current offering. Each vendors position on the vertical axis of the Forrester Wave graphic
indicates the strength of its current MSS product offering. The sets of capabilities evaluated
in this category are: value proposition, customer satisfaction, delivery capabilities, cloud and
hosted services, infrastructure and perimeter, value-added services, content and application
security, and staff dedicated to MSS.
Strategy. A vendors position on the horizontal axis indicates the strength of its MSS strategy,
specifically focused on innovation and thought leadership, and company growth plans.
Market presence. The size of the vendors bubble on the chart indicates its market presence,
which Forrester measured based on the companys overall presence in the marketplace, its
North American market presence, and its overall and MSS-specific financials.
A complete suite of managed security services. We looked for providers that offered a
complete suite of managed security services.
A strong MSS presence in North America. A significant portion of their managed security
service revenue had to come from their clients in North America.
Significant interest from Forrester customers. Forrester considered the level of interest from
our clients based on our various interactions, including inquiries, advisories, and consulting
engagements.
A large number of SOCs. Forrester considered the number of SOCs that each provider had
globally.
Substantial annual MSS revenues. The annual revenue from their total managed security
services was a large part of their business.
A high total number of locations and/or IP addresses managed. Forrester considered the
number of locations, and in some cases, the number of IP addresses, the provider managed.
A host of dedicated SOC analysts. The provider had a sizable number of analysts or engineers
that spent at least 80% of their time dedicated to the providers managed security services.
Vendor
No. of
SOCs
SOC locations
No. of large
MSS clients
(deal size $50k+)
Portal
evaluated
Portal
version
AT&T
Forrester
estimate: 1,200+
AT&T Security
Center
N/A
CSC
Forrester
estimate: 30+
Pulse
v3.0
Dell
SecureWorks
Forrester
estimate: 800+
Dell
SecureWorks
Customer Portal
N/A
Hewlett-Packard
US; UK; MY
Forrester
estimate: 500+
HP
MSSPortal.net
v3.0
IBM
10
Forrester
estimate: 2,000+
IBM Virtual
Security
Operations
Center
Symantec
Forrester
estimate: 2,000+
Symantec
Internet
Interface (SII)
v5.0
Trustwave
Forrester
estimate: 35+
TrustKeeper
N/A
Verizon
Forrester
estimate: 2,000+
MSS Security
Dashboard
v11.4
Wipro
Forrester
estimate: 150+
Managed
Security Services
Customer Portal
v7.64645
v1.3
Evaluation Analysis
All of the MSSPs reviewed for this research have the capabilities to become a strategic partner for
their clients; however, some were quite simply better at execution. The Leaders were notably close
in their scoring. We interpret this to mean that the Leaders understand equally what it means to be
a successful MSSP and execute on that vision. The Strong Performers also had their list of strengths
but did not rate as well in key areas such as client business alignment, advanced threat intelligence,
and execution on client SLAs. In order to be a true partner, Forrester believes strong client business
alignment, forward-thinking threat management, and excellent execution determine the ability of
the MSSP to meet current and future demands that clients will ask of these service providers.
The evaluation uncovered a market in which (see Figure 3):
IBM, Dell SecureWorks, Symantec, Verizon, Trustwave, CSC, and AT&T are Leaders. These
vendors demonstrated both breadth and depth in the services they offered. They offered different
delivery models and a robust set of capabilities across the board and plan to heavily invest in their
MSS offerings to make sure they remain competitive and advance in the marketplace.
HP and Wipro are Strong Performers. The Strong Performers all offer solid security services
and are able to compete through content expertise and price. While not all of the features they
provide are at the level of the Leaders, clients looking to outsource and reduce their total cost of
ownership should be sure to consider both of these companies.
This evaluation of the North American managed security services market is intended to be a starting
point only. We encourage readers to view detailed product evaluations and adapt the criteria
weightings to fit their individual needs through the Forrester Wave Excel-based vendor comparison
tool.
Figure 3 Forrester Wave: Managed Security Services: North America, Q1 2012
Risky
Bets
Contenders
Strong
Performers
Leaders
Strong
Dell SecureWorks
Symantec
IBM
Go online to download
the Forrester Wave tool
AT&T
Verizon
CSC
Wipro
Trustwave
comparisons, and
customizable rankings.
HP
Current
offering
Market presence
Full vendor participation
Weak
Weak
Strategy
Strong
Source: Forrester Research, Inc.
Forresters
Weighting
AT&T
CSC
Dell SecureWorks
HP
IBM
Symantec
Trustwave
Verizon
Wipro
Figure 3 Forrester Wave: Managed Security Services: North America, Q1 2012 (Cont.)
CURRENT OFFERING
Value proposition
Customer satisfaction
Delivery capabilities
Cloud and hosted services
Infrastructure and perimeter
Value-added services
Content and application security
Staff dedicated to MSS
50%
10%
25%
15%
10%
10%
10%
5%
15%
3.82
3.00
3.40
3.65
3.85
4.00
4.90
3.50
4.50
3.78
3.00
4.20
3.45
3.65
4.10
4.45
4.00
3.30
4.12
4.60
3.60
4.10
3.90
4.05
5.00
3.50
4.50
3.15
3.00
2.90
2.90
3.30
3.10
3.80
4.00
3.10
4.17
4.60
3.80
4.65
4.55
4.05
4.95
4.00
3.35
4.08
3.60
3.50
3.80
4.85
4.25
4.75
5.00
4.25
3.64
4.60
3.00
3.90
4.30
3.40
4.75
3.50
2.85
4.00
4.20
2.60
4.55
4.75
3.80
4.90
3.00
5.00
3.30
3.00
2.40
3.70
3.85
3.35
2.75
4.50
4.15
STRATEGY
Innovation and thought leadership
Growth plans
50%
50%
50%
3.88
3.75
4.00
4.13
4.25
4.00
4.50
5.00
4.00
3.25
3.50
3.00
4.50
5.00
4.00
4.50
5.00
4.00
4.25
4.50
4.00
4.38
4.75
4.00
2.58
2.25
2.90
MARKET PRESENCE
Presence in the marketplace
North American market presence
Financials
0%
20%
60%
20%
4.70
5.00
4.70
4.40
2.34
3.00
1.70
3.60
4.46
5.00
4.70
3.20
4.28
3.80
4.40
4.40
4.70
5.00
4.70
4.40
4.22
5.00
4.70
2.00
2.40
3.00
2.80
0.60
4.34
3.80
4.70
3.80
2.14
3.00
1.70
2.60
vENDOR PROFILES
Leaders
IBM. IBM continues its reign as a top Leader in the MSS market. IBM assists clients at all
spectrums of MSS maturity ranging from helping security leaders make that initial pitch to
upper executives with its Total Cost of Ownership tool to advanced analysis and correlation
capabilities in near real time through its proprietary analytic engine. IBM provides flexible
delivery capabilities and tight integration with client systems through a well-defined set of APIs
and offers a greatly improved customer portal. Look to IBM for significant depth of technical
expertise and broad SOC coverage.
Dell SecureWorks. SecureWorks remains a top player in the very competitive MSS market. Dell
SecureWorks strongest asset is the quality of its analysts. SecureWorks correlation and logic
engine technology, as well as its Counter Threat Unit, provide clients with the latest emerging
threats and ensure that suspicious activity is detected and reported immediately. Customers felt
monitoring services were excellent; however, they identified a dip in customer support after the
Dell acquisition. Dell is investing in the business, and in the right areas, to ensure it offers toptier security services.
Symantec. Symantec remains a key player in the MSS market, offering excellent capabilities,
especially in the fields of content and application security. Customers identified Symantecs
customer-centric focus and correlation features as positive attributes; they pointed to better
communication between top management and line management as areas of improvement.
Customers seeking strong technical expertise, solid correlation capabilities, and flexible product
offerings should look closely at Symantec.
Verizon. Verizon is a top telecommunications provider with a very large North American
presence, with more than 2,000 unique clients in the region. Verizon emphasizes the business
value and cost-controlling aspects that it delivers through managed security services and helps
clients allocate resources to the most critical assets through its enhanced risk-based correlation
engine. Verizon employs one of the largest security teams in the market with an aggressive
recruiting strategy. Companies searching for a full host of services with a focus on cost should
strongly consider Verizon.
Trustwave. Trustwave is one of the lesser-known MSSPs in this Forrester Wave. The company
continues to improve its services to remain a strong competitor in this market. Trustwave
leverages its PCI expertise and strong monitoring capabilities to attract larger, enterprise
customers. Trustwave has had some growing pains, however, especially in the areas of
onboarding, but it has one of the best customer retention rates of all the providers, with
more than 98% of clients renewing or extending their agreements. Those looking for a strong
technical team and customizable services should be sure to consider Trustwave.
CSC. During the past couple of years, CSC has demonstrated a renewed commitment to its MSS
offerings. CSC primarily focuses on existing IT customers and leverages its large consulting
practice to identify suitable candidates for a managed model. CSC uses cost-benefit models
to demonstrate the return on investment in its services, and it has one of the better portals
in terms of flexibility and features that we tested. Customers identified its well-run SOCs and
responsiveness as positive attributes for CSC. They pointed to log management and poorly
defined SLAs as areas of improvement. CSC continues to invest heavily in its MSS offerings and
will focus its resources on global threat intelligence.
AT&T. As a large, North American telecommunications provider, AT&T has one of the
largest customer bases, with more than 1,200 unique customers in the region. AT&T has an
aggressive threat intelligence program and scans more than 25 petabytes of data travelling over
10
its networks daily. AT&T focuses on threat detection with strong network infrastructure and
perimeter defense offerings, including robust log monitoring and analysis features. Areas of
improvement were its customer portal and reporting features. Customers identified the size of
its network and corresponding security capabilities as strong positives.
Strong Performers
Hewlett-Packard. HP remains one of the largest players in the MSS market, in large part due to
its ability to offer large, complete IT services packages as a managed offering. As a part of its IT
services bundles, HP manages entire IT security environments and provides great economies of
scale. HP excels in the areas of application security and value-added features, but other features
such as next-generation firewalls and advanced analytics lag behind other providers. Rigid
contracts are an improvement area. Strengths are strong data centers and account management.
Wipro. Wipros focus on its offshore delivery model enables it to offer a solid set of security
services at a very competitive price point. It has a broad list of security capabilities, and it
helps clients outsource some key operational aspects of security. In some of the technical
areas, such as content and application security, Wipro offers some of the better services we
evaluated. Customer references identified flexible resources and cost-effectiveness as positive
attributes for Wipro, but highlighted its tendency to over-commit and over-promise as an area
for improvement. Some of its services are less advanced, but Wipro remains a great option for
companies looking to reduce operational costs.
Supplemental MATERIAL
Online Resource
The online version of Figure 3 is an Excel-based vendor comparison tool that provides detailed
product evaluations and customizable rankings.
Data Sources Used In This Forrester Wave
Forrester used a combination of three data sources to assess the strengths and weaknesses of each
solution:
Vendor surveys. Forrester surveyed vendors on their capabilities as they relate to the evaluation
criteria. Once we analyzed the completed vendor surveys, we conducted vendor calls where
necessary to gather details of vendor qualifications.
used findings from these product demos to validate details of each vendors product capabilities.
11
Customer reference calls. To validate product and vendor qualifications, Forrester also
conducted reference calls with two of each vendors current customers.
Endnotes
1
Forrester discussed the growing managed security services (MSS) market in Q1 2010 and highlighted
that one in four security organizations outsourced their email filtering. See the March 10, 2010, Market
Overview: Managed Security Services report.
Todays chief information security officers (CISOs) continue to concentrate too much on tactical activities
and day-to-day security operations, unable to escape the reactionary hamster wheel. Additionally,
businesses and other parts of IT routinely circumvent todays security organization in order to innovate
and avoid hearing the predicted no response. So despite all the sensational headlines about major security
breaches, many CISOs find themselves marginalized by their business colleagues. In this report, Forrester
details what CISOs can do to realign with their businesses and transform themselves into chief business
security officers, reasserting their position with management, the board, and the company as a whole. See
the February 14, 2012, Navigate The Future Of The Security Organization report. Additionally, the global
downturn has negatively affected security budgets for several years now, and chief information security
12
officers (CISOs) have become accustomed to accommodating increasing responsibilities with minimal
change to resource levels. See the December 15, 2011, 2012 Budget And Planning Guide For CISOs
report.
4
The information security threat landscape is changing rapidly, and many security organizations are
struggling to keep up with the changing nature, complexity, and scale of attacks. This dynamic landscape
will not stabilize. As security managers struggle to keep up with this changing landscape and develop
capabilities for handling new attacks, the attacks themselves will adapt to bypass new controls. The attacks
of 2011 teach us that the threat landscape is not evolving but rapidly mutating as attackers find ever-more
devious ways of bypassing security controls. See the November 1, 2011, Updated Q4 2011: The New Threat
Landscape Proceed With Caution report.
About Forrester
A global research and advisory firm, Forrester inspires leaders,
informs better decisions, and helps the worlds top companies turn
the complexity of change into business advantage. Our researchbased insight and objective advice enable IT professionals to
lead more successfully within IT and extend their impact beyond
the traditional IT organization. Tailored to your individual role, our
resources allow you to focus on important business issues
mo e info mation
r
fo
To find out how Forrester Research can help you be successful every day, please
contact the office nearest you, or visit us at www.forrester.com, For a complete list
of worldwide locations, visit www.forrester.com/about.
Client uppo t
For information on hard-copy or electronic reprints, please contact Client Support
at +1 866.367.7378, +1 617.613.5730, or clientsupport@forrester.com. We offer
quantity discounts and special pricing for academic and nonprofit institutions.
Forrester Focuses On
Security & Risk Professionals
To help your firm capitalize on new business opportunities safely,
you must ensure proper governance oversight to manage risk while
optimizing security processes and technologies for future flexibility.
Forresters subject-matter expertise and deep understanding of your
role will help you create forward-thinking strategies; weigh opportunity
against risk; justify decisions; and optimize your individual, team, and
corporate performance.
Sean Rhode , client persona representing Security & Risk Professionals
s
Forrester Research, Inc. ( asdaq: FORR) is an independent research company that provides pragmatic and forward-thinking advice to
global leaders in business and technology. Forrester works with professionals in 19 key roles at major companies providing proprietary
research, customer insight, consulting, events, and peer-to-peer executive programs. For more than 28 years, Forrester has been making
IT, marketing, and technology industry leaders successful every day. For more information, visit www.forrester.com.
57682
RLL12347-USEN-00