Europe Analyst(s): Carsten Casper MarketScope for · PDF fileOur "MarketScope for Managed...

This research note is restricted to the personal use of [email protected]


G00229872

MarketScope for Managed Security Services inEuropePublished: 24 October 2012

Analyst(s): Carsten Casper

The market for managed security services in Europe is mature. Off-premises-delivered services increase, communications and IT infrastructureservice providers dominate, and security specialists fill a niche. Growth hasslowed.

What You Need to KnowManaged security services (MSSs) in Europe show all the signs of a mature market, whichcontinues to justify a Gartner MarketScope.

Half of the providers that participated in this MarketScope reported their MSS revenue numbers(totaling about $950 million). For the other half, we estimate a revenue of $1.150 billion, based onextrapolated revenue numbers from previous years and regional portions of globally reportednumbers. Smaller national providers, accounting for about 20% of the market, add another $400million, bringing our total estimated market for MSS in Europe to about $2.5 billion in 2012. Thoseproviders who reported revenue numbers claim growth rates of 30% on average, but we believerevenue growth of about 15% to be more realistic.

Our "MarketScope for Managed Security Services in Europe" in October 2011 surveyed 17European managed security service providers (MSSPs). For 2012, 19 MSSPs met our inclusioncriteria. Overall, the provider landscape has been fairly stable.

Strategic Planning AssumptionBy 2015, 30% of enterprises that use public cloud infrastructure as a service will also use MSSPsfor security monitoring.



MarketScope

Geographic Scope, Inclusion and Exclusion Criteria

The market grew in volume (in terms of numbers of devices), so we revised our inclusion criteriaregarding the minimum number of managed devices (1,000 firewalls and intrusion detectionsystems [IDSs]/intrusion prevention systems [IPSs] [see Note 1], instead of 700 devices last year).The minimum number of customers in Europe in 2012 remained stable (50 external customers; forthe complete inclusion criteria, see the Inclusion and Exclusion Criteria section of this research).

Several providers have a subregional focus in Europe: Atos in Benelux/France, Computacenter inthe U.K./Germany, Open Systems and T-Systems in Germany/Austria/Switzerland, OrangeBusiness Systems in Benelux/France/U.K., and Telefonica in Southern Europe. However, they havesales staff in several European countries and can support clients with regional (rather than local)requirements. This MarketScope has a strong focus on European clients, but these clients haveoperations all over the world. While 100% of them demand coverage in Europe, many of them alsoask their provider to manage devices in other regions and countries (12% in Asia/Pacific, 6% inJapan and 24% in North America). Within Europe, clients report expected country coverage asfollows: U.K./Ireland 42%, Scandinavia 12%, Benelux/France 24%, Germany/Austria/Switzerland48%, Southern Europe 42%, Eastern Europe/Russia 6% and France 18%.

Overall, we track around 100 MSSPs worldwide, with about one-third of them in Europe. The onesthat do not appear operate mostly in one country (for example, S21sec in Spain), provide a veryspecialized security service (such as Qualys for vulnerability scanning) or do not provide stand-alone security services (for example, Unisys). The following providers were considered, but notincluded: Accumuli, CGI Group, CompuCom, Dimension Data, Outpost24, Qualys, Retarus, S21sec,S2 Grupo, Savvis, SecureIT, Spamina, SSP Europe, Telindus, Trustwave, United Service Providersand Unisys.

Landscape of Different Types of Providers Remains Relatively Stable

The market for managed and related security services continues to evolve, but the types of playersare still the same. There are few stand-alone security players left in the regional European market.Most providers sell security services bundled with infrastructure management and outsourcing (forexample, Atos, Computacenter, CSC, Dell SecureWorks, IBM Security Services, HCL Technologies,HP, T-Systems and Wipro Technologies) or bundled with communications services (for example,AT&T, BT Global Services, Cable&Wireless Worldwide, Orange Business Services, TataCommunications, Telefonica and Verizon). Only a few European providers focus on IT security (forexample, Integralis [now part of NTT Communications], Open Systems and Symantec). All providersin this MarketScope offer MSS as a discrete service.

European security providers service approximately 6,500 clients in Europe, and operate about35,000 firewalls, 11,000 unified threat management (UTM) devices, 8,000 network IPSs/IDSs and23,000 server IPSs/IDSs, as well as 6,000 secure message and Web gateways (see Note 2). Theyalso manage or monitor hundreds of Web application firewalls and customer-owned securityinformation and event management (SIEM)/log management products. The large European playersserve the U.K. and Ireland; Benelux; Germany, Austria and Switzerland; France; and Southern and

Page 2 of 26 Gartner, Inc. | G00229872



Eastern Europe in fairly equal proportions to the populations and gross domestic products of thosecountries.

Methodology

We conducted our survey of MSSPs simultaneously in North America, Europe and Asia/Pacific. Wecontacted about 100 providers of MSS in these regions. Fifty-two replied to our worldwide scopingquestionnaire. They included information about all the regions in which they operate. Based on thisinformation, we selected a subset of providers per region that met our inclusion criteria. Theseproviders answered a more detailed questionnaire and provided references. The questionnaire wasthe same in all regions. In Europe, 19 providers met our European inclusion criteria.

We also contacted reference clients and conducted phone interviews, as well as online surveys.Reference clients were not only asked for information about their providers, but also questionedabout other providers on their shortlists. Overall, we collected 50 client reference data points inEurope.

The assessment in this MarketScope was performed on the basis of survey data collected in Mayand June 2011, and client reference information collected in June, July and August 2012.

This survey focused on these security services (including managed customer premises equipment[CPE]), provider-hosted devices and cloud delivery. They are listed in order of popularity withEuropean clients. Devices near the top of the list are managed and monitored most often, accordingto the reference clients contacted during this market analysis:

■ Firewall (71%)

■ Network IDS/IPS (65%)

■ Secure Web gateway devices (29%)

■ Desktop/endpoint security client (29%)

■ Multifunction firewall/UTM (24%)

■ Web application firewall (24%)

■ Vulnerability scanning and management (24%)

■ Customer-owned SIEM/log management products (24%)

■ Server IDS/IPS (18%)

■ Secure message gateway devices (18%)

■ Data loss prevention devices (18%)

■ Server/directory/app/database management system log sources (18%)

■ Mobile device security management (12%)

Gartner, Inc. | G00229872 Page 3 of 26



In addition to these infrastructure-based security services, most European providers offercomplementary security services. The ones that are consumed most often are near the top of thelist:

■ Log collection/retention (41%)

■ Professional security services (installation, configuration and upgrades, 41%)

■ Vulnerability scans (periodic, and all layers, remote and intranet; 29%)

■ Threat intelligence (29%)

■ Security consulting (architecture, policies and training, 24%)

■ Breach response, investigation and forensic analysis (18%)

■ Security system integration (customization, migration and code scanning, 6%)

■ Penetration testing and one-time vulnerability assessments (6%)

Twenty-nine percent currently do not use any other service from their provider. Note: Identity-related services (authentication and token management) are not covered in this research.

Pricing and Service-Level Agreements

Pricing is difficult to compare from provider to provider and from year to year, because each clienthas different requirements regarding types of services (firewall, IPS, email/Web and so on), volume(from one firewall to several thousand firewalls), delivery model (CPE-based, hosted and cloud),geographic coverage, level of engagement (monitoring/management), integration (with ITinfrastructure management or with communication services), service quality, response times,service-level agreements (SLAs) and language support. Price is a key factor in most purchasedecisions, but comparisons are difficult outside of a specific RFP. Just as an example, yearlysubscription prices for management and monitoring of a dedicated, midsize firewall typically rangefrom $11,000 to $21,000 in Europe, but can be as low as $1,500 and as high as $45,000. Clientsmust analyze delivery scope, service levels, response times, staff expertise and supplemental feesbehind these offers in order not to compare apples and oranges.

Our observations on pricing for management and monitoring of virtualized security devices remainmostly unchanged compared with last year. There is no approach common to all providers. Hereare some approaches we encountered in Europe:

■ The provider says that it will pass on benefits of virtualized infrastructure to the client, butpricing details depend on the individual deal.

■ The monitoring price for a virtualized device is the same as the monitoring price for a CPEdevice, but the management price for a virtualized device is less than the management price fora CPE device.

■ Pricing for virtualized infrastructure is split into a device monitoring part (fixed fee) and virtualfirewall monitoring part (digressive fee for each virtual firewall). The same applies tomanagement of virtualized infrastructure.




■ One provider did the math and calculated that virtual instances require roughly the sameworkload as appliances. Hence, the provider went back to identical pricing for both deliverymodels. Several other providers confirmed that they charge the same for virtual devices and forphysical devices, albeit they didn't explain their motivations.

SLAs have not changed significantly. Most providers offer 15 minutes or 30 minutes as the fastestpossible response times (sometimes in the standard, sometimes only in the "premium" package).However, this only relates to the notification of the client. Resolution times vary widely, andobviously depend on the nature of the issue.

Some providers display an incident immediately on the customer portal, giving customersinformation in real time. Such customers can also verify SLA guarantees anytime within the portal,including current and historical performance. Other providers deliver SLA reports weekly or monthly,or they make them available only on customer request.

Some providers make an attempt to innovate with SLAs and pricing:

■ Firewall pricing depends on bandwidth commitments (not consumption).

■ Remove bandwidth as a pricing variable, moving to flat pricing for intrusion detection/prevention devices (which is good for large, centralized deployments, and disadvantageous forsmall/remote-office-type devices).

■ No minimal fixed cost for usage-based pricing (for example, vulnerability scans).

■ Customers who bring new clients can benefit from a joint discount on the combined servicevolume.

■ Client satisfaction is measured after each interaction as a key performance indicator.

■ Per-seat pricing is offered, as opposed to discrete component pricing.

In general, contracts have become more specific and concrete. Some providers have indicated thatthey now move from service-level objectives to SLAs. Clients that have been disappointed by aprevious provider's performance push hard to include penalties in new contracts. Such a penaltytypically amounts to a percentage of the monthly charge, up to a maximum of one monthly chargeof the service cost, and is paid as a credit or an immediate payout (potentially with an "earn back"clause for subsequent SLA compliance).

Such penalties or remedies vary widely. Some providers always include language for immediatetermination of the contract (under certain circumstances, which may include early termination fees,potentially with assisted transition to another service provider). In other cases, customers have toexplicitly ask that remedies be put in the contract. Credits for SLA violations could be for up to100% of the monthly fee, but often also have a cap at 70% or even 50%. Some providers displaySLA violations immediately on the portal, but in many cases, the customer has to contact customerservice, a customer relationship manager or some other provider staff to find out about SLAviolations. Remedies are not always of a financial nature, but can also include root cause analysisby an improvement task force, a service improvement plan or free innovation consulting.




Types of Services Offered

Delivery models change, and the topics "cloud computing" and "virtualization" continue todominate many discussions with European clients. As in previous years, service delivery in Europeis moving from CPE to delivery from a shared or virtualized infrastructure. On average, 70% are stilldelivered on CPE, and 30% are delivery from a shared or virtualized environment. The ratio betweenboth models varies widely by service type: firewall 75%-to-25%, intrusion prevention 90%-to-10%,secure gateways 56%-to-44%, vulnerability scans and log data 65%-to-35%, and SIEM 45%-to-55%. Gartner expects this shift to continue by — on average — 5% in 2013.

Virtualization also plays an increasing role. The providers' approaches to virtualization have maturedsince last year as the following examples of provider capabilities illustrate:

■ Security controls in a virtual environment point their logs and alerts to a collector, where theyare integrated into the standard threat-monitoring service.

■ Security monitoring in virtual environments is supported by the collection and analysis of theoperational and security log data of the guest OS and hosted applications.

■ In VMware-based environments, event monitoring has been extended to consume and correlateevents from the VMware components themselves, giving visibility into the hypervisor layers.

■ Protect virtual data centers with network security technologies, and protect individual virtualservers (from the network or from other virtual server), as well as the applications they arehosting, based on virtual security enforcement technologies that integrate with the virtualizationlayer.

■ Use a shared SIEM platform to monitor the security controls in a virtualized environment (inter-virtual machine [VM] traffic, hypervisor attacks and malware).

■ Monitor and manage Juniper Virtual System and Check Point VSX infrastructures.

■ Virtual security operations centers (SOCs) provide each virtualized instance with its ownpersonalized view (policies, logs and reporting), no different than if it were a stand-alone device.

■ Monitor cross-VM network activity with Sourcefire's VM IDS, and use collectors to monitordirectly from the VM hypervisor.

A concern raised by some clients is that monitoring capabilities for virtualized infrastructure are notas detailed as the ones for on-premises equipment. This will be acceptable for some clients, butuntenable for others.

Decision Criteria

The main drivers to engage an MSSP are still to reduce costs, to reduce capital expenditures, andto supplement or replace in-house expertise and in-house resources. In Europe, regulatorycompliance plays less of a role than in the U.S.




More specifically, we asked our European reference clients for their main reasons for choosing theirservice providers. The enumeration below shows the decision factors in decreasing order ofimportance:

■ Security expertise

■ Viewed as a strategic partner

■ Pricing (total cost of contracted services)

■ Industry experience

■ Quality of response to RFP or presentation of capabilities

■ Positive prior experience with provider

■ Perceived viability and/or financial strength

■ Understanding of business needs

■ Good feedback from references

■ Project implementation methodology

These priorities present almost equal opportunity for the specialist provider, the one that can showsecurity and industry expertise, and the large incumbent provider of IT or network operations wholikes to be preselected as a strategic partner and is also better able to compete on price. Thisobservation is confirmed by the fact that many European customers shortlist security specialistsand integrators alike.

Purchasing Behavior

The bulk of the contracts for MSS in the European region are valued from $150,000 to $750,000 peryear (40% of contracts), while 30% of contracts are below the range, and 30% are above thatrange. The average contract size in Europe is around $500,000.

The typical contract size in Europe is still much greater than in Asia/Pacific, where 55% of thecontracts have a value of less than $150,000 per year. On the other hand, the typical contract sizein Europe is very similar to the typical contract size in the U.S.

Customer-provider relationships have been fairly stable over the past year. Eighty-two percent ofthe European reference clients have been customers of their providers for one year or more, only18% for less than a year. Customer growth has been somewhat limited. Several providers reportedno net increase in customer numbers or even honestly reported a net loss. Overall, EuropeanMSSPs have lost 1% of their customers and gained only 6%, resulting in a net increase of customernumbers of 5%. From a customer perspective, this means that providers need to find ways to growand should be more amenable to more competitive pricing and better service.




Advancing Threat Response

Many client organizations are concerned about targeted attacks and advanced persistent threats.Providers respond to such fears by evolving their defense portfolio. They align security monitoringand the monitoring of normal behavior of IT and business processes, systems and users, trying toavoid isolated detection controls that can be easily bypassed by sophisticated targeted attacks.This includes the application layer, where they monitor abnormal user activity and identify likelyviolation of regular user rights or abnormal user management activities. They also use failedauthentication logs from operating systems to determine a pattern indicative of a brute forceauthentication attempt.

Advanced analytics also include the monitoring of network intrusions in the context of customervulnerability posture — that is, correlating vulnerability data with a real-time network intrusiondetection feed. Providers use statistical and trend analysis to detect denial-of-service attacks,internal botnet activity, the appearance of backdoors, or covert communication channels installedby malware or trojans. Providers differentiate on the amount of human intelligence that goes intosuch analysis. Some rely on efficient, automated processes for the statistical and behavioralanalysis of large data feeds. Others rely on highly trained security professionals who analyze logs,correlate events and identify behavior anomalies. Both types of providers received positive clientfeedback, but none of it was attributable to the specific advanced response capabilities.

Outlook

The market for MSS continues to evolve. Advanced threats, effective and efficient responses, andcompetitive prices dominate discussions with clients. Delivery continues to move off-premises.Management of customer premises security devices will still be the dominant delivery model, butthe percentage of hosted, security-as-a-service (SecaaS) and in-the-cloud security services willincrease steadily. Overall, growth in Europe has slowed in 2012, and there are no signs that this willchange significantly in 2013. There are multiple reasons for this: The overall economic outlookcautions organizations not to take any additional risk (such as outsourcing risk); most securityservice contracts have a duration of three years, and many were not up for renewal in 2012; skilledsecurity staff is hard to find and poses a natural limit to growth of provider operations; someproviders are still busy digesting previous acquisitions; and even providers have no "silver bullet" toaddress advanced persistent and other emerging threats, which is top of mind for manyorganizations that toy with the idea of getting help with security matters.

The split of the MSS market into IT outsourcers that offer security services, network providers thatoffer security services, and security specialists has stabilized, and the market will continue this wayin 2013. Pure-play security providers will continue to have their place, and new players will increasein size and reach, and enter the regional European market, trying to differentiate themselves withinnovative technology and a flexible portfolio of supported products.

Market/Market Segment Description

For the purposes of this research, Gartner defines "managed security services" as the remotemanagement or monitoring of IT security functions delivered via remote SOCs, not through




personnel on-site. MSS does not, therefore, include staff augmentation or any consulting,development and integration services.

MSS includes:

■ Monitored or managed firewall or IPS

■ Monitored or managed IPS

■ Distributed denial of service (DDoS) protection

■ Managed secure messaging gateway

■ Managed secure Web gateway

■ Security information management

■ Security event management

■ Managed vulnerability scanning of networks, servers, databases or applications

■ Security vulnerability or threat notification services

■ Log management and analysis

■ Reporting associated with monitored/managed devices and incident response

This MarketScope evaluates service providers that offer monitored/managed firewall and intrusiondetection/prevention functions as primary offerings, rather than those whose main focus is on otherelements of the services listed.

Inclusion and Exclusion Criteria

To be included in this MarketScope, an MSSP must have these qualifications:

■ The ability to remotely monitor and/or manage firewalls and intrusion detection/prevention (IDP)devices from multiple vendors via discrete service offerings

■ At least 1,000 firewall/IDP devices under remote management or monitoring for externalcustomers in Europe

■ At least 50 external customers in Europe with those devices under management or monitoring

■ Reference accounts in Europe relevant to Gartner customers

For example, vendors that only have offerings such as DDoS protection or vulnerability scanning,but not device monitoring and management, are not included. Providers of primarily Web and emailhygiene and trust services (for example, certificate authorities) are not included. Other vendors offerMSS primarily to hosting customers, with limited offerings to others. As these providers expand thescope of their MSS offerings, they may be included in future MarketScopes.




Rating for Overall Market/Market Segment

Overall Market Rating: Positive

With a portfolio of mature basic services and an array of innovative options, the MSS market inEurope is mature, with a moderate growth perspective, despite — or to some extent because of —a continuously difficult economic climate in Europe. Secure infrastructure management is aprerequisite for businesses that have to cut costs and operate under regulatory scrutiny and tightcompetition. Outsourcing of security has become a normal business option for most organizations.Where security concerns remain, physical operations in Europe are an option for most providers inthis MarketScope. MSS customers usually extend their outsourcing contracts and occasionallychange providers, but they rarely move services back in-house, which is still considered the morecostly option.

These factors have resulted in the MSS market in Europe growing by merely 12% versus 2011 (withthe market size for 2012 forecast at $2.5 billion by year's end). The reasons were discussed in theOutlook section of this research.

It is interesting to note that none of the providers achieved a Strong Positive rating this year. It's notto say that none of the providers is strong in security operations. Rather, none of the providerscould prove this with reliable, sufficient customer feedback. Some providers, in particular the non-European ones, proved strong in terms of marketing, sales and innovation, but failed to prove thatcustomers see it the same way. Other providers — in particular, some security specialists — offeredexcellent customer feedback, but couldn't prove a sufficiently broad portfolio of security services,geographic coverage, market insights and innovative road maps. Many providers in thisMarketScope are rated Positive, but these ratings aren't always the same. Customers need to putforward their detailed requirements and look closely to identify a provider with matchingcapabilities.




Evaluation Criteria

Table 1. Evaluation Criteria

Evaluation Criteria Comment Weighting

Overall Viability(Business Unit,Financial, Strategy,Organization)

Viability includes an assessment of the provider's financial health, thefinancial and practical success of the MSS unit, and the likelihoodthat the MSS unit will continue investing in MSSs and researching anddeveloping innovative security services. Additional areas assessedinclude management experience, the number of customers in Europe,investment in R&D, and understanding of business and technologytrends.

Standard

GeographicStrategy

This includes the provider's strategy to direct resources, skills andofferings to meet the specific needs of regions outside the nativearea, directly or through partners, channels and subsidiaries, asappropriate for the region and market. We considered the vendor'sability to articulate the differences between the U.S. and EuropeanMSS markets, as well as differences within Europe.

High

Product/Service This is the provider's approach to service development and delivery,which emphasizes differentiation, functionality, methodology andfeature sets as they map to current and future requirements. Weconsidered the number of target platforms vendors can manage.

Standard

Marketing Strategy This is a clear, differentiated set of messages, consistentlycommunicated throughout the organization and externalized throughthe website, advertising, customer programs and positioningstatements. In addition, we considered how providers measure theeffectiveness of marketing programs.

High

CustomerExperience

This includes the ways customers receive technical and accountsupport. These can include ancillary tools, customer supportprograms (and the quality thereof) and the availability of user groups,SLAs and so on. We also assessed providers' implementationprocesses and system integration and consulting capabilities.Reference client feedback was particularly important in the rating forthis criterion.

High

Innovation This takes into account capital and human resource investments, andthe development of new services as displayed in the security servicestrategy and the road map.

Standard

MarketResponsivenessand Track Record

Ability to understand business and security technology trends andassess competitors. This includes the ability to respond, changedirection, be flexible and achieve competitive success as newopportunities develop, competitors act, customer needs evolve andmarket dynamics change.

Standard

Source: Gartner (October 2012)




Figure 1. MarketScope for Managed Security Services in Europe

StrongNegative

Caution Promising PositiveStrong

PositiveAT&T x

Atos x

BT Global Services x

Cable&Wireless Worldwide x

Computacenter x

CSC x

Dell SecureWorks x

HCL Technologies x

HP x

IBM Security Services x

Integralis x

Open Systems x

Orange Business Services x

Symantec x

Tata Communications x

Telefonica x

T-Systems x

Verizon x

Wipro Technologies x

As of 24 October 2012

RATING

Source: Gartner (October 2012)

Vendor Product/Service Analysis

AT&T

AT&T is an established network service provider with a global approach, rather than regionaldifferentiation. It emphasizes real-time visibility into wireline/wireless threats as a core capability ofits MSS offers. It provides MSS to European multinational companies via SOCs in the U.S. andIndia, and still plans to open another SOC in Eastern Europe.

Its MSS strategy focuses on providing integrated network-based security to European-basedcustomers that possess a global footprint, utilizing services such as virtualized firewall, integratednetwork intrusion prevention, UTMs and server intrusion prevention. It is aggressively moving intocloud-based security services.

Strengths

■ Global coverage of communications and security services

■ Its ability to leverage communications clients for upselling MSS




■ Its tight bundling of security services with network services and capabilities in cloud security

■ Design team's flexibility with customer scenarios

Challenges

■ AT&T has limited control over some third-party delivery elements of its security service portfolio(for example, Cisco ScanSafe).

■ Variable response to customer service requests remains an issue. Internal collaboration couldbe improved. AT&T must continue to improve its visibility as a security provider to extendbeyond the multinational company market.

Rating: Positive

Atos

Atos is an international IT services company with four primary service lines: consulting andtechnology services, system integration, managed services, and transactional services. Atos claimsto provide a holistic approach to managed security "from the router to the boardroom" that alsoaddresses the business relevance of its security services. In July 2011, Atos completed itsacquisition of the IT Solutions and Services subsidiary of Siemens.

The centerpiece of its security portfolio is Atos High Performance Security, an integrated SecaaSplatform. The comprehensive portfolio also includes endpoint security, server security, networksecurity and secure gateways. Most of its MSSP contracts are part of larger IT outsourcingrelationships.

Strengths

■ Experience in integrating security services with complex, large-scale IT programs

■ Professionalism, knowledge and skills of its technical MSS staff

■ Ability to work effectively and collaboratively with other service providers (for example, networkservice providers) that its clients have engaged

Challenges

■ Pursuing information security with the same diligence as IT operations

■ Improving collaboration among and consistency of different countries' and teams' operations

■ Clients reporting occasional outages, and Atos sometimes slow in picking up incidents

Rating: Positive




BT Global Services

BT is an established name in network and communications services in Europe. It continues to investglobally in research and development. BT has a comprehensive security service portfolio called BTAssure that includes firewalls, network intrusion prevention, UTMs, email gateways, endpointsecurity and SIEM, as well as log management and some server IPSs.

Its MSS differentiation focuses on security embedded in the network, skilled resources and a globalinfrastructure. Targeting mainly large enterprises, its key message in 2012 emphasizes the need to"rethink the risk," meaning that organizations should step back and reassess their current securityposture — looking in particular at bring your own device, cloud, expanded vendor/platform choiceand analytics.

Strengths

■ Presents well its focus on emerging threats and technologies with business relevance

■ A resilient operations infrastructure and BT's responsiveness in incident reporting

■ The quality of its internal operational processes (for example, quality assurance)

■ The skills of its engineers, and the ability to listen, respond and adjust to client requirements

Challenges

■ BT Global Services must be careful not to lose its regional differentiation on its way tobecoming a global player.

■ Cost savings in order to keep pricing competitive must not result in staff shortage.

Rating: Positive

Cable&Wireless Worldwide

Cable&Wireless is an international communications company with a strong focus on the U.K./Ireland and a limited number of customers in other European countries. It manages firewalls andsome log sources, and a small amount of other security devices.

Strengths

■ Ability to leverage existing telecommunications client base for selling MSSs

■ Onshore team's knowledge and expertise, which brings real value to the relationship

Challenges

■ Cable&Wireless rarely appears on shortlists for MSS in Europe.

■ The less skilled offshore team makes it sometimes necessary to revert to the onshore team.




Rating: Promising

Computacenter

Computacenter is a multivendor provider of IT infrastructure services. It operates primarily in theU.K. and in Germany, and has two SOCs in each of these two countries.

Its MSS strategy emphasizes a holistic approach to security (client, network and data center),integrating MSS into other outsourcing deals and customer intimacy. Its strategy is to do "as muchstandards as possible, as much individuality as necessary."

Strengths

■ Providing cost-effective services from a local European vendor

■ Acting as a strategic partner, so it can understand infrastructure and business requirements

■ Having the ability to leverage the existing client base for upselling MSSs

Challenges

■ Proving that Computacenter delivers what it promises

■ Improving service consistency and quality

■ Improving knowledge of vertical-industry-specific needs and requirements

Rating: Promising

CSC

CSC is a global provider of IT-enabled business solutions and services, with a global strategy. Itsportfolio ranges from consulting, to solution design, through to implementation and management ofthe solution. Headquartered in the U.S., it provides MSS via SOCs in the U.K., Australia, Malaysia,India and the U.S.

CSC emphasizes a broad service portfolio and industry expertise that leads to business-orientedsecurity service outcomes. This is a message that tends to resonate with European clientorganizations.

Most customers in Europe use CSC for the management of firewalls, SIEM/log management andendpoint security clients. For cloud-based Web and email, CSC chooses to work with partners.

Strengths

■ Having the capability to embed an information risk manager as a single point of contact in theclient's organization

■ Being able to work with partners to complete the security service portfolio




■ Flexible contracts that allow the downscaling and upscaling of consumption

Challenges

■ Be consistently more proactive and efficient in managing daily tasks

■ Portal capabilities that are still lagging behind competition, but are being expanded

■ Improving the ability to leverage security and threat information from its large client base for thebenefit of individual clients

Rating: Positive

Dell SecureWorks

Dell strives to expand its Information Security Services in Europe following its acquisition of theU.S.-based company SecureWorks. U.K. Dell SecureWorks manages and/or monitors securitydevices in several European countries, especially log sources, firewalls, network IDSs/IPSs andendpoint protection systems. Dell SecureWorks Counter Threat Unit provides threat intelligence,malware analysis and analytic support for MSS operations. Customer may buy these services aspart of an MSS subscription. Dell SecureWorks provides a comprehensive portal, and also offerssupport in Spanish and French.

Strengths

■ Its clearly articulated strategy regarding the monitoring of virtualized environments andadvanced detection capabilities

■ Its comprehensive portal (including asset information and various correlation capabilities)

Challenges

■ Continuing to establish a brand presence in the European security market and proving success

■ Ensuring consistency of service quality during the acquisition and integration of SecureWorksinto Dell

Rating: Positive

HCL Technologies

HCL Technologies is an India-based offshore provider that has already gained some traction inEurope. HCL staff is engaged and enthusiastic, aiming for solutions, rather than merely trying toclose the deal. HCL emphasizes end-to-end security services, SLA-based service delivery andflexibility to meet customer's dynamic info-security requirements.

HCL offers the most comprehensive security services portfolio of all European providers. HCL notonly is strong in server-based security services (IDS/IPS and log collection) as well as endpointsecurity client management, but also offers network security. In addition, it offers application




security services and identity and access management. It also claims comprehensive portalcapabilities. HCL focuses on providing services based on a large pool of skilled resources and cansupport delivery in a number of European languages.

Strengths

■ Consistent and mature service delivery, with a process-driven approach to securitymanagement

■ Ability to optimize the balance between onshore (high-touch) and offshore (low-cost) staff

■ Cost-effectiveness, especially for standard platforms in the HCL support portfolio, and forservices that don't deviate from the standard offerings

Challenges

■ Improving management of nonstandard requests, specifically the ability to deal with requestsand issues that fall outside the scope of the existing formal processes

■ Improving strategic planning — clients would like to see more forward-thinking and innovativesuggestions for dealing with a constantly changing security environment

Rating: Positive

HP

HP has invested billions in building a comprehensive security portfolio that includes servicesacquired from EDS and Vistorm, and SIEM products from ArcSight.

HP's comprehensive security services portfolio includes endpoint security, firewall and network IPSmanagement, UTMs, and log management. It has five SOCs worldwide, two of which are in Europe(the U.K. and Spain).

Strengths

■ It has experience in integrating security services with complex, large-scale enterprise ITsolutions.

■ Account managers take the time to develop a detailed understanding of the technical,commercial and functional aspects of client business operations.

■ HP has a strength in helping organizations design and manage SOCs — including SOCoutsourcing.

Challenges

■ Improving the features and functionality of its MSS portal




■ Improving HP's visibility as provider of MSSs in Europe, not just as an IT company

Rating: Positive

IBM Security Services

IBM emphasizes its ability to support clients as a trusted advisor by understanding theirorganizational goals and risk tolerances, and drawing from a global portfolio of asset-basedmanaged and professional services to implement effective programs and controls that enablebusiness growth through the application of security intelligence. IBM's security services portfolio isfocused on endpoint, server and network protection. IBM targets larger enterprises and existingcustomers for its MSS. It emphasizes its reputation, global reach, and depth and breadth of itssolution offerings as key differentiators. IBM is the MSS provider that appears most often oncustomer shortlists in Europe.

Strengths

■ Comprehensive portal and global security view based on large number of customers

■ Supports many European languages and has a presence in all major European countries

■ Addressing European customers' data center concerns

Challenges

■ Providing consistent quality and customer experience, regardless of the delivering SOC

■ Relatively expensive compared with some providers

Rating: Positive

Integralis

Integralis provides IT security and information risk management solutions. It delivers a portfolio ofmanaged security, business infrastructure, consulting and technology integration services —including mobile security, advanced log management, and security intelligence and networkprofiling. Integralis is an independent subsidiary of NTT Communications, Japan. Integralis focuseson firewall, UTM and network IPS services, complemented by log management and some endpointsecurity. Integralis grew strongly in 2012 in Europe, in terms of devices, customers, revenue andR&D investments.

Strengths

■ Excellent technical skills of its workforce

■ Operational and commercial flexibility in dealing with clients' security requirements

■ Clients' valuing Integralis' security architecture design capabilities

■ Can prove that customers are satisfied




Challenges

■ Retaining the high-touch approach appreciated by its customers in a growing and highlycompetitive market

■ Keeping the functionality of its portal competitive

Rating: Positive

Open Systems

Open Systems is a specialized security service provider headquartered in Switzerland, with anadditional SOC in Sydney. Its portfolio focuses on multifunction firewall/UTM devices, Webapplication firewalls and secure Web/email gateways, managed by its Mission Control securityservice. Open Systems operates a variation of the follow-the-sun model with its two SOCs. Othersites are equipped remotely and serviced remotely.

Open Systems is committed to on-premises delivery due to the need for storing sensitive datalocally. It shows the highest proven customer satisfaction.

Strengths

■ Solid security service portfolio with a focus on network-based security

■ Highly skilled, measurably engaged, client-focused, flexible and highly professional staff

■ Commitment to employee development, resulting in low staff fluctuation, stable service qualityand high customer satisfaction

Challenges

■ Maintaining the balance between high-growth, high-quality and customized (rather than merelypackaged) security services

■ Expanding the service portfolio toward log management, server and endpoint security

■ Improving visibility in the European market for MSSs

Rating: Positive

Orange Business Services

Orange Business Services is a division of the Orange Group, which delivers integrated andmanaged security solutions with a strong network focus. Offerings include the management offirewalls, network intrusion prevention devices and an above-average number of secure Webgateways. Security services are available independently, but many sales combine aspects ofnetwork operations, security services and security consulting. A third-party network allows directconnectivity with Orange-connected business partners.




The company's marketing emphasizes simplicity, flexible delivery models and reduced total cost ofownership (TCO) in its MSS offerings. It runs eight SOCs.

Strengths

■ Clients see Orange as a global player and speak favorably of Orange's large, regional Internetgateways (connectivity, filtering, proxies, remote access and redundancy).

■ It focuses on small and midsize businesses, especially in France/Benelux.

■ Orange offers operational stability and support around the world.

■ Orange leverages existing client relationships for selling security services.

Challenges

■ Improve time to market with new products: When balancing diligence and prudence againstinnovation, clients would like Orange to lean a bit more toward the latter.

■ Improve efficiency of collaboration between account teams and engineering.

■ Improve visibility in the enterprise security market segment.

Rating: Positive

Symantec

Symantec offers security monitoring, management and message protection capabilities,augmenting in-house security operation capabilities with threat intelligence and security expertise.This portfolio includes server and network IDS/IPS, firewalls, and endpoint security solutions. It hasan SOC in the U.K. and three other SOCs worldwide (and one additional one planned in Japan),operates a large network of security information sensors, and employs a sizable global staff ofsecurity administrators. Symantec appears often on MSS shortlists in Europe.

Strengths

■ Its global view of the threat environment via its large sensor network and threat intelligencecapability

■ Protects and monitors VM's infrastructures

■ The quality of its support and sales resources

Challenge

■ Must continue to prove that European customers value its MSSs

Rating: Positive




Tata Communications

Tata Communications is an India-based global communications provider. It delivers a portfolio ofmanagement and monitoring services to protect customers' information assets from internal andexternal threats. It offers MSS via several global SOCs, one of which is in Europe. It targets largemultinational organizations in various industries.

Its MSS strategy focuses on compliance, customer service, TCO and integration with the rest of itsservice portfolio.

Strengths

■ Global presence, owning one of the largest fiber networks in the world

■ Invests massively in its security service portfolio

Challenges

■ Prove its presence as an MSSP in the European market

■ Lacks the depth of understanding of regional and local requirements shown by competitors

Rating: Promising

Telefonica

Telefonica is a large, integrated telecommunications provider with international operations and astrong position in Spain. Its portfolio encompasses maintenance, monitoring, support andadministration of security devices, as well as vulnerability management, alert services, firewall ruleanalysis, SIEM, computer security incident response and anti-fraud.

Strengths

■ Flexibility in adapting to client requirements

■ Good number of skilled security staff

■ Ability to foster and maintain strong local relationships

Challenges

■ Improving the quality of service delivery and service management to competitive standards

■ Accelerating service deployments and equipment updates

Rating: Positive




T-Systems

T-Systems provides a full range of managed information and communication technology services,including a comprehensive portfolio of security services delivered on remotely managed appliancesor devices, as well as managed services with appliances and devices installed within a T-Systemsdata center. Most of its SOCs are located in Germany and comply with national legislation,especially German Data Privacy Law. This makes T-Systems a preferred security services partnerfor the German public sector and health sector. MSSs are often an integrated part of largeroutsourcing deals. Its traditional focus is on the German-speaking parts of Europe, and it's alsoexpanding into the Asia/Pacific region.

Strengths

■ Is focused on customer-specific security requirements for the German market

■ Has a broad solution portfolio, coupling security services with information and communicationtechnology services

■ Large installed base in the German and German-speaking market

Challenges

■ Transparency on pricing model because its prices are perceived to be above the marketaverage

■ Improving MSS portal functionality, in particular regarding the integration of log and vulnerabilitydata

■ Establishing a stronger profile in the European (rather than merely German-speaking) MSSmarket in terms of visibility and client footprint

Rating: Promising

Verizon

Verizon offers customer support, providing region-specific solutions spanning managed network,MSSs and professional security services to address a wide range of risk, compliance and securityneeds. It offers premises-based as well as cloud-based MSSs, available stand-alone or bundled.

It has a sound road map, introducing new or redefined services, improving customer experienceand secure mobility services. Verizon has a solid presence in Europe, and emphasizes itscorrelation capabilities, security expertise, global reach and risk-based security on global IPnetworks.

Strengths

■ Global reach and expertise




■ European Security Operations Centers in Luxembourg, Zurich and (since 2011) Dortmund, withhighly skilled security staff

■ Large and knowledgeable sales team

■ Offering threat intelligence correlated from various sources

Challenges

■ Consistent and easy access to highly qualified security staff

■ Continuously proving high customer satisfaction

Rating: Positive

Wipro Technologies

Wipro Technologies provides MSSs to organizations in Europe from a primary control center in Indiasupported by SOCs in Eastern Europe and Germany, which deliver services locally and improvecross-border data privacy compliance. Wipro offers the most comprehensive security servicesportfolio, and claims to have one of the largest bases of managed security devices in Europe.Consulting and professional services augment MSS offerings, which include co-managed and fullymanaged services.

Strengths

■ Customer focus, expertise and business understanding

■ Well-distributed sales force in Europe

■ Its ability to upsell security services to existing clients

Challenges

■ Identifying the right staff resources quickly and making them available in Europe

■ Increasing brand visibility in the European security services market

Rating: Positive

Recommended ReadingSome documents may not be available as part of your current Gartner subscription.

"The Global Managed Security Services Provider Landscape"

"Toolkit: Selecting the Right Managed Security Services Provider"




"Magic Quadrant for MSSPs, North America"

"MarketScope for Managed Security Services in Asia/Pacific"

"Magic Quadrants and MarketScopes: How Gartner Evaluates Vendors Within a Market"

"Forecast: Security Service Markets, Worldwide, 2009-2014"

Evidence

For this research, we contacted about 100 MSSPs, of which 19 met the selection criteria. They hadto answer a detailed list of questions about their company and their security services. In addition,we collected information on the providers' performance from Gartner clients and provider referenceclients through phone interviews and an online survey.

Note 1 Intrusion Detection System and Intrusion Prevention System

For the purposes of this research, we ignore the differences between IDSs and IPSs. Whenever weuse "IPS," we mean both.

Note 2 Secure Web and Email Gateway Services

Secure Web and email gateway services refer to the filtering of malware from Web and email trafficat the gateway. This does not include filtering at the endpoint.

Vendors Added or Dropped

We review and adjust our inclusion criteria for Magic Quadrants and MarketScopes asmarkets change. As a result of these adjustments, the mix of vendors in any MagicQuadrant or MarketScope may change over time. A vendor appearing in a MagicQuadrant or MarketScope one year and not the next does not necessarily indicate thatwe have changed our opinion of that vendor. This may be a reflection of a change in themarket and, therefore, changed evaluation criteria, or a change of focus by a vendor.

Gartner MarketScope Defined

Gartner's MarketScope provides specific guidance for users who are deploying, or havedeployed, products or services. A Gartner MarketScope rating does not imply that thevendor meets all, few or none of the evaluation criteria. The Gartner MarketScopeevaluation is based on a weighted evaluation of a vendor's products in comparison withthe evaluation criteria. Consider Gartner's criteria as they apply to your specificrequirements. Contact Gartner to discuss how this evaluation may affect your specificneeds.

In the table below, the various ratings are defined:




MarketScope Rating Framework

Strong PositiveIs viewed as a provider of strategic products, services or solutions:

■ Customers: Continue with planned investments.

■ Potential customers: Consider this vendor a strong choice for strategicinvestments.

PositiveDemonstrates strength in specific areas, but execution in one or more areas may still bedeveloping or inconsistent with other areas of performance:

■ Customers: Continue planned investments.

■ Potential customers: Consider this vendor a viable choice for strategic or tacticalinvestments, while planning for known limitations.

PromisingShows potential in specific areas; however, execution is inconsistent:

■ Customers: Consider the short- and long-term impact of possible changes instatus.

■ Potential customers: Plan for and be aware of issues and opportunities related tothe evolution and maturity of this vendor.

CautionFaces challenges in one or more areas:

■ Customers: Understand challenges in relevant areas, and develop contingencyplans based on risk tolerance and possible business impact.

■ Potential customers: Account for the vendor's challenges as part of due diligence.

Strong NegativeHas difficulty responding to problems in multiple areas:

■ Customers: Execute risk mitigation plans and contingency options.

■ Potential customers: Consider this vendor only for tactical investment with short-term, rapid payback.




Regional Headquarters

Corporate Headquarters56 Top Gallant RoadStamford, CT 06902-7700USA+1 203 964 0096

Japan HeadquartersGartner Japan Ltd.Atago Green Hills MORI Tower 5F2-5-1 Atago, Minato-kuTokyo 105-6205JAPAN+ 81 3 6430 1800

European HeadquartersTamesisThe GlantyEghamSurrey, TW20 9AWUNITED KINGDOM+44 1784 431611

Latin America HeadquartersGartner do BrazilAv. das Nações Unidas, 125519° andar—World Trade Center04578-903—São Paulo SPBRAZIL+55 11 3443 1509

Asia/Pacific HeadquartersGartner Australasia Pty. Ltd.Level 9, 141 Walker StreetNorth SydneyNew South Wales 2060AUSTRALIA+61 2 9459 4600

© 2012 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. Thispublication may not be reproduced or distributed in any form without Gartner’s prior written permission. The information contained in thispublication has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness oradequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. This publicationconsists of the opinions of Gartner’s research organization and should not be construed as statements of fact. The opinions expressedherein are subject to change without notice. Although Gartner research may include a discussion of related legal issues, Gartner does notprovide legal advice or services and its research should not be construed or used as such. Gartner is a public company, and itsshareholders may include firms and funds that have financial interests in entities covered in Gartner research. Gartner’s Board ofDirectors may include senior managers of these firms or funds. Gartner research is produced independently by its research organizationwithout input or influence from these firms, funds or their managers. For further information on the independence and integrity of Gartnerresearch, see “Guiding Principles on Independence and Objectivity” on its website, http://www.gartner.com/technology/about/ombudsman/omb_guide2.jsp.


http://www.gartner.com/technology/about/ombudsman/omb_guide2.jsp

http://www.gartner.com/technology/about/ombudsman/omb_guide2.jsp

Date post:	28-Mar-2018
Category:	Documents
Upload:	ngodan
View:	220 times
Download:	5 times

Europe Analyst(s): Carsten Casper MarketScope for · PDF fileOur "MarketScope for Managed...

Documents