• No results found

MarketScope for Managed Security Services in Europe

N/A
N/A
Protected

Academic year: 2021

Share "MarketScope for Managed Security Services in Europe"

Copied!
26
0
0

Loading.... (view fulltext now)

Full text

(1)

G00229872

MarketScope for Managed Security Services in

Europe

Published: 24 October 2012 Analyst(s): Carsten Casper

The market for managed security services in Europe is mature.

Off-premises-delivered services increase, communications and IT infrastructure

service providers dominate, and security specialists fill a niche. Growth has

slowed.

What You Need to Know

Managed security services (MSSs) in Europe show all the signs of a mature market, which continues to justify a Gartner MarketScope.

Half of the providers that participated in this MarketScope reported their MSS revenue numbers (totaling about $950 million). For the other half, we estimate a revenue of $1.150 billion, based on extrapolated revenue numbers from previous years and regional portions of globally reported numbers. Smaller national providers, accounting for about 20% of the market, add another $400 million, bringing our total estimated market for MSS in Europe to about $2.5 billion in 2012. Those providers who reported revenue numbers claim growth rates of 30% on average, but we believe revenue growth of about 15% to be more realistic.

Our "MarketScope for Managed Security Services in Europe" in October 2011 surveyed 17 European managed security service providers (MSSPs). For 2012, 19 MSSPs met our inclusion criteria. Overall, the provider landscape has been fairly stable.

Strategic Planning Assumption

By 2015, 30% of enterprises that use public cloud infrastructure as a service will also use MSSPs for security monitoring.

(2)

MarketScope

Geographic Scope, Inclusion and Exclusion Criteria

The market grew in volume (in terms of numbers of devices), so we revised our inclusion criteria regarding the minimum number of managed devices (1,000 firewalls and intrusion detection systems [IDSs]/intrusion prevention systems [IPSs] [see Note 1], instead of 700 devices last year). The minimum number of customers in Europe in 2012 remained stable (50 external customers; for the complete inclusion criteria, see the Inclusion and Exclusion Criteria section of this research). Several providers have a subregional focus in Europe: Atos in Benelux/France, Computacenter in the U.K./Germany, Open Systems and T-Systems in Germany/Austria/Switzerland, Orange

Business Systems in Benelux/France/U.K., and Telefonica in Southern Europe. However, they have sales staff in several European countries and can support clients with regional (rather than local) requirements. This MarketScope has a strong focus on European clients, but these clients have operations all over the world. While 100% of them demand coverage in Europe, many of them also ask their provider to manage devices in other regions and countries (12% in Asia/Pacific, 6% in Japan and 24% in North America). Within Europe, clients report expected country coverage as follows: U.K./Ireland 42%, Scandinavia 12%, Benelux/France 24%, Germany/Austria/Switzerland 48%, Southern Europe 42%, Eastern Europe/Russia 6% and France 18%.

Overall, we track around 100 MSSPs worldwide, with about one-third of them in Europe. The ones that do not appear operate mostly in one country (for example, S21sec in Spain), provide a very specialized security service (such as Qualys for vulnerability scanning) or do not provide stand-alone security services (for example, Unisys). The following providers were considered, but not included: Accumuli, CGI Group, CompuCom, Dimension Data, Outpost24, Qualys, Retarus, S21sec, S2 Grupo, Savvis, SecureIT, Spamina, SSP Europe, Telindus, Trustwave, United Service Providers and Unisys.

Landscape of Different Types of Providers Remains Relatively Stable

The market for managed and related security services continues to evolve, but the types of players are still the same. There are few stand-alone security players left in the regional European market. Most providers sell security services bundled with infrastructure management and outsourcing (for example, Atos, Computacenter, CSC, Dell SecureWorks, IBM Security Services, HCL Technologies, HP, T-Systems and Wipro Technologies) or bundled with communications services (for example, AT&T, BT Global Services, Cable&Wireless Worldwide, Orange Business Services, Tata

Communications, Telefonica and Verizon). Only a few European providers focus on IT security (for example, Integralis [now part of NTT Communications], Open Systems and Symantec). All providers in this MarketScope offer MSS as a discrete service.

European security providers service approximately 6,500 clients in Europe, and operate about 35,000 firewalls, 11,000 unified threat management (UTM) devices, 8,000 network IPSs/IDSs and 23,000 server IPSs/IDSs, as well as 6,000 secure message and Web gateways (see Note 2). They also manage or monitor hundreds of Web application firewalls and customer-owned security information and event management (SIEM)/log management products. The large European players

(3)

Eastern Europe in fairly equal proportions to the populations and gross domestic products of those countries.

Methodology

We conducted our survey of MSSPs simultaneously in North America, Europe and Asia/Pacific. We contacted about 100 providers of MSS in these regions. Fifty-two replied to our worldwide scoping questionnaire. They included information about all the regions in which they operate. Based on this information, we selected a subset of providers per region that met our inclusion criteria. These providers answered a more detailed questionnaire and provided references. The questionnaire was the same in all regions. In Europe, 19 providers met our European inclusion criteria.

We also contacted reference clients and conducted phone interviews, as well as online surveys. Reference clients were not only asked for information about their providers, but also questioned about other providers on their shortlists. Overall, we collected 50 client reference data points in Europe.

The assessment in this MarketScope was performed on the basis of survey data collected in May and June 2011, and client reference information collected in June, July and August 2012.

This survey focused on these security services (including managed customer premises equipment [CPE]), provider-hosted devices and cloud delivery. They are listed in order of popularity with

European clients. Devices near the top of the list are managed and monitored most often, according to the reference clients contacted during this market analysis:

Firewall (71%)

Network IDS/IPS (65%)

Secure Web gateway devices (29%)Desktop/endpoint security client (29%)Multifunction firewall/UTM (24%)Web application firewall (24%)

Vulnerability scanning and management (24%)

Customer-owned SIEM/log management products (24%)Server IDS/IPS (18%)

Secure message gateway devices (18%)Data loss prevention devices (18%)

Server/directory/app/database management system log sources (18%)Mobile device security management (12%)

(4)

In addition to these infrastructure-based security services, most European providers offer

complementary security services. The ones that are consumed most often are near the top of the list:

Log collection/retention (41%)

Professional security services (installation, configuration and upgrades, 41%)Vulnerability scans (periodic, and all layers, remote and intranet; 29%)

Threat intelligence (29%)

Security consulting (architecture, policies and training, 24%)Breach response, investigation and forensic analysis (18%)

Security system integration (customization, migration and code scanning, 6%)Penetration testing and one-time vulnerability assessments (6%)

Twenty-nine percent currently do not use any other service from their provider. Note: Identity-related services (authentication and token management) are not covered in this research.

Pricing and Service-Level Agreements

Pricing is difficult to compare from provider to provider and from year to year, because each client has different requirements regarding types of services (firewall, IPS, email/Web and so on), volume (from one firewall to several thousand firewalls), delivery model (CPE-based, hosted and cloud), geographic coverage, level of engagement (monitoring/management), integration (with IT infrastructure management or with communication services), service quality, response times, service-level agreements (SLAs) and language support. Price is a key factor in most purchase decisions, but comparisons are difficult outside of a specific RFP. Just as an example, yearly subscription prices for management and monitoring of a dedicated, midsize firewall typically range from $11,000 to $21,000 in Europe, but can be as low as $1,500 and as high as $45,000. Clients must analyze delivery scope, service levels, response times, staff expertise and supplemental fees behind these offers in order not to compare apples and oranges.

Our observations on pricing for management and monitoring of virtualized security devices remain mostly unchanged compared with last year. There is no approach common to all providers. Here are some approaches we encountered in Europe:

The provider says that it will pass on benefits of virtualized infrastructure to the client, but

pricing details depend on the individual deal.

The monitoring price for a virtualized device is the same as the monitoring price for a CPE

device, but the management price for a virtualized device is less than the management price for a CPE device.

Pricing for virtualized infrastructure is split into a device monitoring part (fixed fee) and virtual

firewall monitoring part (digressive fee for each virtual firewall). The same applies to

(5)

One provider did the math and calculated that virtual instances require roughly the same

workload as appliances. Hence, the provider went back to identical pricing for both delivery models. Several other providers confirmed that they charge the same for virtual devices and for physical devices, albeit they didn't explain their motivations.

SLAs have not changed significantly. Most providers offer 15 minutes or 30 minutes as the fastest possible response times (sometimes in the standard, sometimes only in the "premium" package). However, this only relates to the notification of the client. Resolution times vary widely, and obviously depend on the nature of the issue.

Some providers display an incident immediately on the customer portal, giving customers

information in real time. Such customers can also verify SLA guarantees anytime within the portal, including current and historical performance. Other providers deliver SLA reports weekly or monthly, or they make them available only on customer request.

Some providers make an attempt to innovate with SLAs and pricing:

Firewall pricing depends on bandwidth commitments (not consumption).

Remove bandwidth as a pricing variable, moving to flat pricing for intrusion detection/

prevention devices (which is good for large, centralized deployments, and disadvantageous for small/remote-office-type devices).

No minimal fixed cost for usage-based pricing (for example, vulnerability scans).

Customers who bring new clients can benefit from a joint discount on the combined service

volume.

Client satisfaction is measured after each interaction as a key performance indicator.Per-seat pricing is offered, as opposed to discrete component pricing.

In general, contracts have become more specific and concrete. Some providers have indicated that they now move from service-level objectives to SLAs. Clients that have been disappointed by a previous provider's performance push hard to include penalties in new contracts. Such a penalty typically amounts to a percentage of the monthly charge, up to a maximum of one monthly charge of the service cost, and is paid as a credit or an immediate payout (potentially with an "earn back" clause for subsequent SLA compliance).

Such penalties or remedies vary widely. Some providers always include language for immediate termination of the contract (under certain circumstances, which may include early termination fees, potentially with assisted transition to another service provider). In other cases, customers have to explicitly ask that remedies be put in the contract. Credits for SLA violations could be for up to 100% of the monthly fee, but often also have a cap at 70% or even 50%. Some providers display SLA violations immediately on the portal, but in many cases, the customer has to contact customer service, a customer relationship manager or some other provider staff to find out about SLA

violations. Remedies are not always of a financial nature, but can also include root cause analysis by an improvement task force, a service improvement plan or free innovation consulting.

(6)

Types of Services Offered

Delivery models change, and the topics "cloud computing" and "virtualization" continue to

dominate many discussions with European clients. As in previous years, service delivery in Europe is moving from CPE to delivery from a shared or virtualized infrastructure. On average, 70% are still delivered on CPE, and 30% are delivery from a shared or virtualized environment. The ratio between both models varies widely by service type: firewall 75%-to-25%, intrusion prevention 90%-to-10%, secure gateways 56%-to-44%, vulnerability scans and log data 65%-to-35%, and SIEM 45%-to-55%. Gartner expects this shift to continue by — on average — 5% in 2013.

Virtualization also plays an increasing role. The providers' approaches to virtualization have matured since last year as the following examples of provider capabilities illustrate:

Security controls in a virtual environment point their logs and alerts to a collector, where they

are integrated into the standard threat-monitoring service.

Security monitoring in virtual environments is supported by the collection and analysis of the

operational and security log data of the guest OS and hosted applications.

In VMware-based environments, event monitoring has been extended to consume and correlate

events from the VMware components themselves, giving visibility into the hypervisor layers.

Protect virtual data centers with network security technologies, and protect individual virtual

servers (from the network or from other virtual server), as well as the applications they are hosting, based on virtual security enforcement technologies that integrate with the virtualization layer.

Use a shared SIEM platform to monitor the security controls in a virtualized environment

(inter-virtual machine [VM] traffic, hypervisor attacks and malware).

Monitor and manage Juniper Virtual System and Check Point VSX infrastructures.Virtual security operations centers (SOCs) provide each virtualized instance with its own

personalized view (policies, logs and reporting), no different than if it were a stand-alone device.

Monitor cross-VM network activity with Sourcefire's VM IDS, and use collectors to monitor

directly from the VM hypervisor.

A concern raised by some clients is that monitoring capabilities for virtualized infrastructure are not as detailed as the ones for on-premises equipment. This will be acceptable for some clients, but untenable for others.

Decision Criteria

The main drivers to engage an MSSP are still to reduce costs, to reduce capital expenditures, and to supplement or replace in-house expertise and in-house resources. In Europe, regulatory

(7)

More specifically, we asked our European reference clients for their main reasons for choosing their service providers. The enumeration below shows the decision factors in decreasing order of

importance:

Security expertise

Viewed as a strategic partner

Pricing (total cost of contracted services)Industry experience

Quality of response to RFP or presentation of capabilitiesPositive prior experience with provider

Perceived viability and/or financial strengthUnderstanding of business needs

Good feedback from referencesProject implementation methodology

These priorities present almost equal opportunity for the specialist provider, the one that can show security and industry expertise, and the large incumbent provider of IT or network operations who likes to be preselected as a strategic partner and is also better able to compete on price. This observation is confirmed by the fact that many European customers shortlist security specialists and integrators alike.

Purchasing Behavior

The bulk of the contracts for MSS in the European region are valued from $150,000 to $750,000 per year (40% of contracts), while 30% of contracts are below the range, and 30% are above that range. The average contract size in Europe is around $500,000.

The typical contract size in Europe is still much greater than in Asia/Pacific, where 55% of the contracts have a value of less than $150,000 per year. On the other hand, the typical contract size in Europe is very similar to the typical contract size in the U.S.

Customer-provider relationships have been fairly stable over the past year. Eighty-two percent of the European reference clients have been customers of their providers for one year or more, only 18% for less than a year. Customer growth has been somewhat limited. Several providers reported no net increase in customer numbers or even honestly reported a net loss. Overall, European

MSSPs have lost 1% of their customers and gained only 6%, resulting in a net increase of customer numbers of 5%. From a customer perspective, this means that providers need to find ways to grow and should be more amenable to more competitive pricing and better service.

(8)

Advancing Threat Response

Many client organizations are concerned about targeted attacks and advanced persistent threats. Providers respond to such fears by evolving their defense portfolio. They align security monitoring and the monitoring of normal behavior of IT and business processes, systems and users, trying to avoid isolated detection controls that can be easily bypassed by sophisticated targeted attacks. This includes the application layer, where they monitor abnormal user activity and identify likely violation of regular user rights or abnormal user management activities. They also use failed authentication logs from operating systems to determine a pattern indicative of a brute force authentication attempt.

Advanced analytics also include the monitoring of network intrusions in the context of customer vulnerability posture — that is, correlating vulnerability data with a real-time network intrusion detection feed. Providers use statistical and trend analysis to detect denial-of-service attacks, internal botnet activity, the appearance of backdoors, or covert communication channels installed by malware or trojans. Providers differentiate on the amount of human intelligence that goes into such analysis. Some rely on efficient, automated processes for the statistical and behavioral analysis of large data feeds. Others rely on highly trained security professionals who analyze logs, correlate events and identify behavior anomalies. Both types of providers received positive client feedback, but none of it was attributable to the specific advanced response capabilities.

Outlook

The market for MSS continues to evolve. Advanced threats, effective and efficient responses, and competitive prices dominate discussions with clients. Delivery continues to move off-premises. Management of customer premises security devices will still be the dominant delivery model, but the percentage of hosted, security-as-a-service (SecaaS) and in-the-cloud security services will increase steadily. Overall, growth in Europe has slowed in 2012, and there are no signs that this will change significantly in 2013. There are multiple reasons for this: The overall economic outlook cautions organizations not to take any additional risk (such as outsourcing risk); most security service contracts have a duration of three years, and many were not up for renewal in 2012; skilled security staff is hard to find and poses a natural limit to growth of provider operations; some

providers are still busy digesting previous acquisitions; and even providers have no "silver bullet" to address advanced persistent and other emerging threats, which is top of mind for many

organizations that toy with the idea of getting help with security matters.

The split of the MSS market into IT outsourcers that offer security services, network providers that offer security services, and security specialists has stabilized, and the market will continue this way in 2013. Pure-play security providers will continue to have their place, and new players will increase in size and reach, and enter the regional European market, trying to differentiate themselves with innovative technology and a flexible portfolio of supported products.

Market/Market Segment Description

For the purposes of this research, Gartner defines "managed security services" as the remote management or monitoring of IT security functions delivered via remote SOCs, not through

(9)

personnel on-site. MSS does not, therefore, include staff augmentation or any consulting, development and integration services.

MSS includes:

Monitored or managed firewall or IPSMonitored or managed IPS

Distributed denial of service (DDoS) protectionManaged secure messaging gateway

Managed secure Web gatewaySecurity information managementSecurity event management

Managed vulnerability scanning of networks, servers, databases or applicationsSecurity vulnerability or threat notification services

Log management and analysis

Reporting associated with monitored/managed devices and incident response

This MarketScope evaluates service providers that offer monitored/managed firewall and intrusion detection/prevention functions as primary offerings, rather than those whose main focus is on other elements of the services listed.

Inclusion and Exclusion Criteria

To be included in this MarketScope, an MSSP must have these qualifications:

The ability to remotely monitor and/or manage firewalls and intrusion detection/prevention (IDP)

devices from multiple vendors via discrete service offerings

At least 1,000 firewall/IDP devices under remote management or monitoring for external

customers in Europe

At least 50 external customers in Europe with those devices under management or monitoringReference accounts in Europe relevant to Gartner customers

For example, vendors that only have offerings such as DDoS protection or vulnerability scanning, but not device monitoring and management, are not included. Providers of primarily Web and email hygiene and trust services (for example, certificate authorities) are not included. Other vendors offer MSS primarily to hosting customers, with limited offerings to others. As these providers expand the scope of their MSS offerings, they may be included in future MarketScopes.

(10)

Rating for Overall Market/Market Segment

Overall Market Rating: Positive

With a portfolio of mature basic services and an array of innovative options, the MSS market in Europe is mature, with a moderate growth perspective, despite — or to some extent because of — a continuously difficult economic climate in Europe. Secure infrastructure management is a

prerequisite for businesses that have to cut costs and operate under regulatory scrutiny and tight competition. Outsourcing of security has become a normal business option for most organizations. Where security concerns remain, physical operations in Europe are an option for most providers in this MarketScope. MSS customers usually extend their outsourcing contracts and occasionally change providers, but they rarely move services back in-house, which is still considered the more costly option.

These factors have resulted in the MSS market in Europe growing by merely 12% versus 2011 (with the market size for 2012 forecast at $2.5 billion by year's end). The reasons were discussed in the Outlook section of this research.

It is interesting to note that none of the providers achieved a Strong Positive rating this year. It's not to say that none of the providers is strong in security operations. Rather, none of the providers could prove this with reliable, sufficient customer feedback. Some providers, in particular the non-European ones, proved strong in terms of marketing, sales and innovation, but failed to prove that customers see it the same way. Other providers — in particular, some security specialists — offered excellent customer feedback, but couldn't prove a sufficiently broad portfolio of security services, geographic coverage, market insights and innovative road maps. Many providers in this

MarketScope are rated Positive, but these ratings aren't always the same. Customers need to put forward their detailed requirements and look closely to identify a provider with matching

(11)

Evaluation Criteria

Table 1. Evaluation Criteria

Evaluation Criteria Comment Weighting

Overall Viability (Business Unit, Financial, Strategy, Organization)

Viability includes an assessment of the provider's financial health, the financial and practical success of the MSS unit, and the likelihood that the MSS unit will continue investing in MSSs and researching and developing innovative security services. Additional areas assessed include management experience, the number of customers in Europe, investment in R&D, and understanding of business and technology trends.

Standard

Geographic Strategy

This includes the provider's strategy to direct resources, skills and offerings to meet the specific needs of regions outside the native area, directly or through partners, channels and subsidiaries, as appropriate for the region and market. We considered the vendor's ability to articulate the differences between the U.S. and European MSS markets, as well as differences within Europe.

High

Product/Service This is the provider's approach to service development and delivery, which emphasizes differentiation, functionality, methodology and feature sets as they map to current and future requirements. We considered the number of target platforms vendors can manage.

Standard

Marketing Strategy This is a clear, differentiated set of messages, consistently

communicated throughout the organization and externalized through the website, advertising, customer programs and positioning

statements. In addition, we considered how providers measure the effectiveness of marketing programs.

High

Customer Experience

This includes the ways customers receive technical and account support. These can include ancillary tools, customer support

programs (and the quality thereof) and the availability of user groups, SLAs and so on. We also assessed providers' implementation processes and system integration and consulting capabilities. Reference client feedback was particularly important in the rating for this criterion.

High

Innovation This takes into account capital and human resource investments, and the development of new services as displayed in the security service strategy and the road map.

Standard

Market

Responsiveness and Track Record

Ability to understand business and security technology trends and assess competitors. This includes the ability to respond, change direction, be flexible and achieve competitive success as new opportunities develop, competitors act, customer needs evolve and market dynamics change.

Standard

(12)

Figure 1. MarketScope for Managed Security Services in Europe

Strong

Negative Caution Promising Positive

Strong Positive AT&T x Atos x BT Global Services x Cable&Wireless Worldwide x Computacenter x CSC x Dell SecureWorks x HCL Technologies x HP x

IBM Security Services x

Integralis x

Open Systems x

Orange Business Services x

Symantec x Tata Communications x Telefonica x T-Systems x Verizon x Wipro Technologies x As of 24 October 2012 RATING

Source: Gartner (October 2012)

Vendor Product/Service Analysis

AT&T

AT&T is an established network service provider with a global approach, rather than regional differentiation. It emphasizes real-time visibility into wireline/wireless threats as a core capability of its MSS offers. It provides MSS to European multinational companies via SOCs in the U.S. and India, and still plans to open another SOC in Eastern Europe.

Its MSS strategy focuses on providing integrated network-based security to European-based customers that possess a global footprint, utilizing services such as virtualized firewall, integrated network intrusion prevention, UTMs and server intrusion prevention. It is aggressively moving into cloud-based security services.

Strengths

(13)

Its tight bundling of security services with network services and capabilities in cloud securityDesign team's flexibility with customer scenarios

Challenges

AT&T has limited control over some third-party delivery elements of its security service portfolio

(for example, Cisco ScanSafe).

Variable response to customer service requests remains an issue. Internal collaboration could

be improved. AT&T must continue to improve its visibility as a security provider to extend beyond the multinational company market.

Rating: Positive

Atos

Atos is an international IT services company with four primary service lines: consulting and

technology services, system integration, managed services, and transactional services. Atos claims to provide a holistic approach to managed security "from the router to the boardroom" that also addresses the business relevance of its security services. In July 2011, Atos completed its acquisition of the IT Solutions and Services subsidiary of Siemens.

The centerpiece of its security portfolio is Atos High Performance Security, an integrated SecaaS platform. The comprehensive portfolio also includes endpoint security, server security, network security and secure gateways. Most of its MSSP contracts are part of larger IT outsourcing relationships.

Strengths

Experience in integrating security services with complex, large-scale IT programsProfessionalism, knowledge and skills of its technical MSS staff

Ability to work effectively and collaboratively with other service providers (for example, network

service providers) that its clients have engaged

Challenges

Pursuing information security with the same diligence as IT operations

Improving collaboration among and consistency of different countries' and teams' operationsClients reporting occasional outages, and Atos sometimes slow in picking up incidents

(14)

BT Global Services

BT is an established name in network and communications services in Europe. It continues to invest globally in research and development. BT has a comprehensive security service portfolio called BT Assure that includes firewalls, network intrusion prevention, UTMs, email gateways, endpoint security and SIEM, as well as log management and some server IPSs.

Its MSS differentiation focuses on security embedded in the network, skilled resources and a global infrastructure. Targeting mainly large enterprises, its key message in 2012 emphasizes the need to "rethink the risk," meaning that organizations should step back and reassess their current security posture — looking in particular at bring your own device, cloud, expanded vendor/platform choice and analytics.

Strengths

Presents well its focus on emerging threats and technologies with business relevanceA resilient operations infrastructure and BT's responsiveness in incident reportingThe quality of its internal operational processes (for example, quality assurance)

The skills of its engineers, and the ability to listen, respond and adjust to client requirements

Challenges

BT Global Services must be careful not to lose its regional differentiation on its way to

becoming a global player.

Cost savings in order to keep pricing competitive must not result in staff shortage.

Rating: Positive

Cable&Wireless Worldwide

Cable&Wireless is an international communications company with a strong focus on the U.K./ Ireland and a limited number of customers in other European countries. It manages firewalls and some log sources, and a small amount of other security devices.

Strengths

Ability to leverage existing telecommunications client base for selling MSSs

Onshore team's knowledge and expertise, which brings real value to the relationship

Challenges

Cable&Wireless rarely appears on shortlists for MSS in Europe.

(15)

Rating: Promising

Computacenter

Computacenter is a multivendor provider of IT infrastructure services. It operates primarily in the U.K. and in Germany, and has two SOCs in each of these two countries.

Its MSS strategy emphasizes a holistic approach to security (client, network and data center), integrating MSS into other outsourcing deals and customer intimacy. Its strategy is to do "as much standards as possible, as much individuality as necessary."

Strengths

Providing cost-effective services from a local European vendor

Acting as a strategic partner, so it can understand infrastructure and business requirementsHaving the ability to leverage the existing client base for upselling MSSs

Challenges

Proving that Computacenter delivers what it promisesImproving service consistency and quality

Improving knowledge of vertical-industry-specific needs and requirements

Rating: Promising

CSC

CSC is a global provider of IT-enabled business solutions and services, with a global strategy. Its portfolio ranges from consulting, to solution design, through to implementation and management of the solution. Headquartered in the U.S., it provides MSS via SOCs in the U.K., Australia, Malaysia, India and the U.S.

CSC emphasizes a broad service portfolio and industry expertise that leads to business-oriented security service outcomes. This is a message that tends to resonate with European client

organizations.

Most customers in Europe use CSC for the management of firewalls, SIEM/log management and endpoint security clients. For cloud-based Web and email, CSC chooses to work with partners.

Strengths

Having the capability to embed an information risk manager as a single point of contact in the

client's organization

(16)

Flexible contracts that allow the downscaling and upscaling of consumption

Challenges

Be consistently more proactive and efficient in managing daily tasks

Portal capabilities that are still lagging behind competition, but are being expanded

Improving the ability to leverage security and threat information from its large client base for the

benefit of individual clients

Rating: Positive

Dell SecureWorks

Dell strives to expand its Information Security Services in Europe following its acquisition of the U.S.-based company SecureWorks. U.K. Dell SecureWorks manages and/or monitors security devices in several European countries, especially log sources, firewalls, network IDSs/IPSs and endpoint protection systems. Dell SecureWorks Counter Threat Unit provides threat intelligence, malware analysis and analytic support for MSS operations. Customer may buy these services as part of an MSS subscription. Dell SecureWorks provides a comprehensive portal, and also offers support in Spanish and French.

Strengths

Its clearly articulated strategy regarding the monitoring of virtualized environments and

advanced detection capabilities

Its comprehensive portal (including asset information and various correlation capabilities)

Challenges

Continuing to establish a brand presence in the European security market and proving successEnsuring consistency of service quality during the acquisition and integration of SecureWorks

into Dell

Rating: Positive

HCL Technologies

HCL Technologies is an India-based offshore provider that has already gained some traction in Europe. HCL staff is engaged and enthusiastic, aiming for solutions, rather than merely trying to close the deal. HCL emphasizes end-to-end security services, SLA-based service delivery and flexibility to meet customer's dynamic info-security requirements.

HCL offers the most comprehensive security services portfolio of all European providers. HCL not only is strong in server-based security services (IDS/IPS and log collection) as well as endpoint security client management, but also offers network security. In addition, it offers application

(17)

security services and identity and access management. It also claims comprehensive portal

capabilities. HCL focuses on providing services based on a large pool of skilled resources and can support delivery in a number of European languages.

Strengths

Consistent and mature service delivery, with a process-driven approach to security

management

Ability to optimize the balance between onshore (high-touch) and offshore (low-cost) staffCost-effectiveness, especially for standard platforms in the HCL support portfolio, and for

services that don't deviate from the standard offerings

Challenges

Improving management of nonstandard requests, specifically the ability to deal with requests

and issues that fall outside the scope of the existing formal processes

Improving strategic planning — clients would like to see more forward-thinking and innovative

suggestions for dealing with a constantly changing security environment

Rating: Positive

HP

HP has invested billions in building a comprehensive security portfolio that includes services acquired from EDS and Vistorm, and SIEM products from ArcSight.

HP's comprehensive security services portfolio includes endpoint security, firewall and network IPS management, UTMs, and log management. It has five SOCs worldwide, two of which are in Europe (the U.K. and Spain).

Strengths

It has experience in integrating security services with complex, large-scale enterprise IT

solutions.

Account managers take the time to develop a detailed understanding of the technical,

commercial and functional aspects of client business operations.

HP has a strength in helping organizations design and manage SOCs — including SOC

outsourcing.

Challenges

(18)

Improving HP's visibility as provider of MSSs in Europe, not just as an IT company

Rating: Positive

IBM Security Services

IBM emphasizes its ability to support clients as a trusted advisor by understanding their organizational goals and risk tolerances, and drawing from a global portfolio of asset-based managed and professional services to implement effective programs and controls that enable business growth through the application of security intelligence. IBM's security services portfolio is focused on endpoint, server and network protection. IBM targets larger enterprises and existing customers for its MSS. It emphasizes its reputation, global reach, and depth and breadth of its solution offerings as key differentiators. IBM is the MSS provider that appears most often on customer shortlists in Europe.

Strengths

Comprehensive portal and global security view based on large number of customersSupports many European languages and has a presence in all major European countriesAddressing European customers' data center concerns

Challenges

Providing consistent quality and customer experience, regardless of the delivering SOCRelatively expensive compared with some providers

Rating: Positive

Integralis

Integralis provides IT security and information risk management solutions. It delivers a portfolio of managed security, business infrastructure, consulting and technology integration services — including mobile security, advanced log management, and security intelligence and network

profiling. Integralis is an independent subsidiary of NTT Communications, Japan. Integralis focuses on firewall, UTM and network IPS services, complemented by log management and some endpoint security. Integralis grew strongly in 2012 in Europe, in terms of devices, customers, revenue and R&D investments.

Strengths

Excellent technical skills of its workforce

Operational and commercial flexibility in dealing with clients' security requirementsClients' valuing Integralis' security architecture design capabilities

(19)

Challenges

Retaining the high-touch approach appreciated by its customers in a growing and highly

competitive market

Keeping the functionality of its portal competitive

Rating: Positive

Open Systems

Open Systems is a specialized security service provider headquartered in Switzerland, with an additional SOC in Sydney. Its portfolio focuses on multifunction firewall/UTM devices, Web application firewalls and secure Web/email gateways, managed by its Mission Control security service. Open Systems operates a variation of the follow-the-sun model with its two SOCs. Other sites are equipped remotely and serviced remotely.

Open Systems is committed to on-premises delivery due to the need for storing sensitive data locally. It shows the highest proven customer satisfaction.

Strengths

Solid security service portfolio with a focus on network-based security

Highly skilled, measurably engaged, client-focused, flexible and highly professional staffCommitment to employee development, resulting in low staff fluctuation, stable service quality

and high customer satisfaction

Challenges

Maintaining the balance between high-growth, high-quality and customized (rather than merely

packaged) security services

Expanding the service portfolio toward log management, server and endpoint securityImproving visibility in the European market for MSSs

Rating: Positive

Orange Business Services

Orange Business Services is a division of the Orange Group, which delivers integrated and managed security solutions with a strong network focus. Offerings include the management of firewalls, network intrusion prevention devices and an above-average number of secure Web gateways. Security services are available independently, but many sales combine aspects of network operations, security services and security consulting. A third-party network allows direct connectivity with Orange-connected business partners.

(20)

The company's marketing emphasizes simplicity, flexible delivery models and reduced total cost of ownership (TCO) in its MSS offerings. It runs eight SOCs.

Strengths

Clients see Orange as a global player and speak favorably of Orange's large, regional Internet

gateways (connectivity, filtering, proxies, remote access and redundancy).

It focuses on small and midsize businesses, especially in France/Benelux.Orange offers operational stability and support around the world.

Orange leverages existing client relationships for selling security services.

Challenges

Improve time to market with new products: When balancing diligence and prudence against

innovation, clients would like Orange to lean a bit more toward the latter.

Improve efficiency of collaboration between account teams and engineering.Improve visibility in the enterprise security market segment.

Rating: Positive

Symantec

Symantec offers security monitoring, management and message protection capabilities,

augmenting in-house security operation capabilities with threat intelligence and security expertise. This portfolio includes server and network IDS/IPS, firewalls, and endpoint security solutions. It has an SOC in the U.K. and three other SOCs worldwide (and one additional one planned in Japan), operates a large network of security information sensors, and employs a sizable global staff of security administrators. Symantec appears often on MSS shortlists in Europe.

Strengths

Its global view of the threat environment via its large sensor network and threat intelligence

capability

Protects and monitors VM's infrastructuresThe quality of its support and sales resources

Challenge

Must continue to prove that European customers value its MSSs

(21)

Tata Communications

Tata Communications is an India-based global communications provider. It delivers a portfolio of management and monitoring services to protect customers' information assets from internal and external threats. It offers MSS via several global SOCs, one of which is in Europe. It targets large multinational organizations in various industries.

Its MSS strategy focuses on compliance, customer service, TCO and integration with the rest of its service portfolio.

Strengths

Global presence, owning one of the largest fiber networks in the worldInvests massively in its security service portfolio

Challenges

Prove its presence as an MSSP in the European market

Lacks the depth of understanding of regional and local requirements shown by competitors

Rating: Promising

Telefonica

Telefonica is a large, integrated telecommunications provider with international operations and a strong position in Spain. Its portfolio encompasses maintenance, monitoring, support and

administration of security devices, as well as vulnerability management, alert services, firewall rule analysis, SIEM, computer security incident response and anti-fraud.

Strengths

Flexibility in adapting to client requirementsGood number of skilled security staff

Ability to foster and maintain strong local relationships

Challenges

Improving the quality of service delivery and service management to competitive standardsAccelerating service deployments and equipment updates

(22)

T-Systems

T-Systems provides a full range of managed information and communication technology services, including a comprehensive portfolio of security services delivered on remotely managed appliances or devices, as well as managed services with appliances and devices installed within a T-Systems data center. Most of its SOCs are located in Germany and comply with national legislation,

especially German Data Privacy Law. This makes T-Systems a preferred security services partner for the German public sector and health sector. MSSs are often an integrated part of larger outsourcing deals. Its traditional focus is on the German-speaking parts of Europe, and it's also expanding into the Asia/Pacific region.

Strengths

Is focused on customer-specific security requirements for the German market

Has a broad solution portfolio, coupling security services with information and communication

technology services

Large installed base in the German and German-speaking market

Challenges

Transparency on pricing model because its prices are perceived to be above the market

average

Improving MSS portal functionality, in particular regarding the integration of log and vulnerability

data

Establishing a stronger profile in the European (rather than merely German-speaking) MSS

market in terms of visibility and client footprint

Rating: Promising

Verizon

Verizon offers customer support, providing region-specific solutions spanning managed network, MSSs and professional security services to address a wide range of risk, compliance and security needs. It offers premises-based as well as cloud-based MSSs, available stand-alone or bundled. It has a sound road map, introducing new or redefined services, improving customer experience and secure mobility services. Verizon has a solid presence in Europe, and emphasizes its

correlation capabilities, security expertise, global reach and risk-based security on global IP networks.

Strengths

(23)

European Security Operations Centers in Luxembourg, Zurich and (since 2011) Dortmund, with

highly skilled security staff

Large and knowledgeable sales team

Offering threat intelligence correlated from various sources

Challenges

Consistent and easy access to highly qualified security staffContinuously proving high customer satisfaction

Rating: Positive

Wipro Technologies

Wipro Technologies provides MSSs to organizations in Europe from a primary control center in India supported by SOCs in Eastern Europe and Germany, which deliver services locally and improve cross-border data privacy compliance. Wipro offers the most comprehensive security services portfolio, and claims to have one of the largest bases of managed security devices in Europe. Consulting and professional services augment MSS offerings, which include co-managed and fully managed services.

Strengths

Customer focus, expertise and business understandingWell-distributed sales force in Europe

Its ability to upsell security services to existing clients

Challenges

Identifying the right staff resources quickly and making them available in EuropeIncreasing brand visibility in the European security services market

Rating: Positive

Recommended Reading

Some documents may not be available as part of your current Gartner subscription.

"The Global Managed Security Services Provider Landscape" "Toolkit: Selecting the Right Managed Security Services Provider"

(24)

"Magic Quadrant for MSSPs, North America"

"MarketScope for Managed Security Services in Asia/Pacific"

"Magic Quadrants and MarketScopes: How Gartner Evaluates Vendors Within a Market" "Forecast: Security Service Markets, Worldwide, 2009-2014"

Evidence

For this research, we contacted about 100 MSSPs, of which 19 met the selection criteria. They had to answer a detailed list of questions about their company and their security services. In addition, we collected information on the providers' performance from Gartner clients and provider reference clients through phone interviews and an online survey.

Note 1 Intrusion Detection System and Intrusion Prevention System

For the purposes of this research, we ignore the differences between IDSs and IPSs. Whenever we use "IPS," we mean both.

Note 2 Secure Web and Email Gateway Services

Secure Web and email gateway services refer to the filtering of malware from Web and email traffic at the gateway. This does not include filtering at the endpoint.

Vendors Added or Dropped

We review and adjust our inclusion criteria for Magic Quadrants and MarketScopes as markets change. As a result of these adjustments, the mix of vendors in any Magic Quadrant or MarketScope may change over time. A vendor appearing in a Magic Quadrant or MarketScope one year and not the next does not necessarily indicate that we have changed our opinion of that vendor. This may be a reflection of a change in the market and, therefore, changed evaluation criteria, or a change of focus by a vendor.

Gartner MarketScope Defined

Gartner's MarketScope provides specific guidance for users who are deploying, or have deployed, products or services. A Gartner MarketScope rating does not imply that the vendor meets all, few or none of the evaluation criteria. The Gartner MarketScope evaluation is based on a weighted evaluation of a vendor's products in comparison with the evaluation criteria. Consider Gartner's criteria as they apply to your specific

requirements. Contact Gartner to discuss how this evaluation may affect your specific needs.

(25)

MarketScope Rating Framework

Strong Positive

Is viewed as a provider of strategic products, services or solutions:

Customers: Continue with planned investments.

Potential customers: Consider this vendor a strong choice for strategic

investments. Positive

Demonstrates strength in specific areas, but execution in one or more areas may still be developing or inconsistent with other areas of performance:

Customers: Continue planned investments.

Potential customers: Consider this vendor a viable choice for strategic or tactical

investments, while planning for known limitations.

Promising

Shows potential in specific areas; however, execution is inconsistent:

Customers: Consider the short- and long-term impact of possible changes in

status.

Potential customers: Plan for and be aware of issues and opportunities related to

the evolution and maturity of this vendor. Caution

Faces challenges in one or more areas:

Customers: Understand challenges in relevant areas, and develop contingency

plans based on risk tolerance and possible business impact.

Potential customers: Account for the vendor's challenges as part of due diligence.

Strong Negative

Has difficulty responding to problems in multiple areas:

Customers: Execute risk mitigation plans and contingency options.

Potential customers: Consider this vendor only for tactical investment with

(26)

Regional Headquarters

Corporate Headquarters 56 Top Gallant Road Stamford, CT 06902-7700 USA

+1 203 964 0096

Japan Headquarters Gartner Japan Ltd.

Atago Green Hills MORI Tower 5F 2-5-1 Atago, Minato-ku Tokyo 105-6205 JAPAN + 81 3 6430 1800 European Headquarters Tamesis The Glanty Egham Surrey, TW20 9AW UNITED KINGDOM +44 1784 431611

Latin America Headquarters Gartner do Brazil

Av. das Nações Unidas, 12551 9° andar—World Trade Center 04578-903—São Paulo SP BRAZIL

+55 11 3443 1509 Asia/Pacific Headquarters

Gartner Australasia Pty. Ltd. Level 9, 141 Walker Street North Sydney

New South Wales 2060 AUSTRALIA

+61 2 9459 4600

© 2012 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. The information contained in this publication has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. This publication consists of the opinions of Gartner’s research organization and should not be construed as statements of fact. The opinions expressed herein are subject to change without notice. Although Gartner research may include a discussion of related legal issues, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner is a public company, and its

shareholders may include firms and funds that have financial interests in entities covered in Gartner research. Gartner’s Board of Directors may include senior managers of these firms or funds. Gartner research is produced independently by its research organization without input or influence from these firms, funds or their managers. For further information on the independence and integrity of Gartner research, see “Guiding Principles on Independence and Objectivity” on its website, http://www.gartner.com/technology/about/

Figure

Table 1. Evaluation Criteria
Figure 1. MarketScope for Managed Security Services in Europe

References

Related documents

For example, if the tractor is required to track a circular path CC1, and if the hitch angle are maintained at a prescribed value φd, then the trailer will also follow a circular

A problem which remains in conventional small core DCF is that the nonlinearities such as Self Phase Modulation (SPM), Stimulated Raman Scattering (SRS), Stimulated

• Street Plans or Plats Approved On or After January 1, 1998: Developers are required to install street lights on all local residential and collector streets for which street

The main effects of movement type and congruency were not significant (F(1,10) = 0.161, p = 0.697; F(1,10) = 4.247, p = 0.066, respectively), suggesting that dominance durations

Through background research, committee consultations, administration of an awareness survey, and our 1,000 Wishes for Childhood event, we identified child protection,

Se logró el objetivo del estudio al deter- minar la huella hídrica azul de los cultivos forrajeros de la Comarca Lagunera, encon- trándose que la eficiencia y productividad del agua