Gartner Magic Quadrant for Managed Security Services 2018: Analysis

by Joe Panettieri • Dec 23, 2018

Gartner’s Magic Quadrant 2018 for Managed Security Services Providers (MSSPs) offers some timely updates compared to the 2017 edition.

• Updated May 2019: Here’s the Gartner Magic Quadrant 2019 for MSSPs.
• Original 2018 report follows below.

So what’s new for 2018? Trustwave moved into the enviable Leaders Quadrant, while Capgemini, DXC Technology and Fujitsu were added to the overall rankings. Also, CSC and HPE Enterprise Services were dropped, since they merged under DXC Technology banner. Overall, 17 MSSPs are in this year’s Magic Quadrant, compared to 16 from 2017.

In the article below, we highlight some of Gartner’s findings for each of the 17 companies. We also add some MSSP Alert perspectives, especially as they pertain to partner programs and company milestones that we’ve covered over the past year.

The overall list, sorted alphabetically by companies in each quadrant, looks like this:

• Leaders: IBM, Secureworks, Symantec, Trustwave, Verizon
• Challengers: AT&T, BT, DXC Technology, NTT
• Visionaries: None
• Niche Players: Atos, BAE Systems, Capgemini, CenturyLink, Fujitsu, HCL Technologies, Orange Business Services, Wipro

You can see the actual MSSP Magic Quadrant chart with each company plotted on the final page of this article. But first, here’s a deeper look at each quadrant, the companies within and their partner strategies.

Gartner Magic Quadrant Managed Security Services Providers (MSSPs): 2018 Leaders

Companies sorted alphabetically in the leader’s quadrant include…

IBM Managed Security Services:

• Gartner Says: IBM is headquartered in Armonk, New York, with MSS offices in the U.S. (Atlanta and Cambridge, Massachusetts); London; Brussels; and Hortolandia, Brazil. IBM offers a broad range of MSSs, security consulting and incident response, either as stand-alone offerings or as part of larger IT services and outsourcing engagements. MSSs are delivered from five 24/7 SOCs, called X-Force Command Centers: one in the U.S.; one in San Jose, Costa Rica; one in Hortolandia, Brazil; one in Tokyo and one in Wroclaw, Poland. IBM has three additional non-24/7 SOCs in India, Belgium and the U.S. IBM uses its QRadar SIEM solution to deliver unified monitoring across MSS, regardless of the location of the QRadar platform — shared multitenant, on-premises or as a service. There are four MSS tiers available, ranging from basic endpoint security to highly customized services. IBM’s advanced analytics and targeted attack detection capabilities for the network and hosts include support for customer-deployed products, IBM products (e.g., QRadar modules) and strategic partner solutions (e.g., Carbon Black for IBM Security’s Managed Detection and Response service). Threat intelligence and incident response services, as well as security consulting services, are available. Support for data residency requirements is available through European Commission Model Clauses contract language, local data centers in the customer’s region supported by EU staff out of the Poland SOC, and use of on-premises QRadar SIEM or using SIEM as a service hosted within IBM Cloud within region. Large enterprises with global service delivery requirements looking for flexible security event monitoring technology options, and those with strategic relationships with IBM, should consider IBM for MSSs.
• MSSP Alert Says: IBM re-launched its global partner program in January 2017. All partner programs — from products to recurring revenue services — are part of a singular IBM PartnerWorld partner program. Also, the company’s PartnerWorld summit has merged into IBM Think 2018 — a new conference representing all of IBM’s key themes and priorities. IBM Security continues to open new X-Force Command Centers across the globe. The latest one, announced in mid-2017, is based in Wroclaw, Poland. The company also is ramping up its incident response efforts ahead of the European Union’s GDPR regulation activating in May 2018. Also, third-party security providers like Smarttech leverage IBM Watson for cyber capabilities.
• Top 100 MSSP Alert Ranking for 2017: 2

Secureworks

• Gartner Says: Secureworks offers a range of MSSs and other security-specific services to customers globally. Corporate headquarters are located in Atlanta, with offices in London, Edinburgh, Sydney and Tokyo. Services are delivered from three 24/7 SOCs in the U.S. (Atlanta; Chicago; and Providence, Rhode Island); one 24/7 SOC in Edinburgh, Scotland; and one 24/7 SOC in Kawasaki, Japan. The SOCs are supported by a center of excellence in Romania that is focused on customer device management and new service innovation. MSS delivery is through Secureworks’ proprietary Counter Threat Appliance (CTA) and Counter Threat Platform (CTP), which leverages a shared big data platform and advanced analytics capabilities. Customer access to services is via the Secureworks Client Portal. A range of commercial log sources from customer-deployed technologies are supported, in addition to leveraging commercial and proprietary tools for managed network and host-based threat monitoring. Host and network-based advanced threat detection are provided through Secureworks’ Advanced Endpoint Threat Detection (AETD) service (via its proprietary Red Cloak agent or Carbon Black) and its Advanced Malware Protection and Detection (AMPD; in partnership with Lastline) service. The Secureworks Counter Threat Unit research team provides threat research and threat intelligence, malware analysis, and analytics support to the provider’s SOCs. Additional services, such as vulnerability scanning (both customer- or Secureworks-managed) and advanced threat intelligence services are also available to buyers. Midsize, enterprise and government organizations seeking an established MSS that leverages a consistent, shared delivery approach with a global presence, and a security-focused set of offerings, should, consider Secureworks.
• MSSP Alert Says: Though well-known, SecureWorks had a relatively quiet 2017  and early 2018, and the company hasn’t made many high-profile partner moves — though there have been a few. Chief among them: A partnership to push deeper into the government IT security market.
• Top 100 MSSP Alert Ranking for 2017: 1

Symantec Managed Security Services

• Gartner Says: Symantec is headquartered in Mountain View, California, and has six SOCs: one each in the U.S., the U.K. and Japan, and three in the Asia/Pacific region (India, Australia and Singapore). The SOCs operate on a follow-the-sun model to provide 24/7 support. Customers are assigned to a primary SOC in their region along with a global team of analysts aligned to their specific industry vertical. Symantec’s Cyber Security Services offerings include security monitoring and management, including hosted log retention, security intelligence, incident response services and security skills development services. Symantec has a broad portfolio of security technology solutions. Recent acquisitions include Outlier Security (EDR), Skycure (mobile device protection), and Fireglass (isolation technology). Symantec’s MSS SOC technology platform is based on self-developed technology. Customer event and log data are analyzed by Symantec’s global SOCs and retained in the North American data center. Symantec meets data residency requirements through contractual arrangements and the EU Standard Model Clause. Symantec MSS supports advanced threat detection via integrations with its own solutions as well as third-party products for network monitoring and forensics capabilities, and for payload analysis. MSS monitoring of EDR and forensics tools is offered for Symantec and third-party products. Incident and breach response services are available on retainer or on an ad hoc basis to buyers looking for a single provider for MSSs and response services. Monitoring capabilities are available for popular SaaS, IaaS and public cloud services. Pricing for MSS is offered in two models: based on a per-device/event source cost or on an enterprisewide license that provides unlimited monitoring up to a set limit of event sources (aka nodes). Enterprises seeking an established MSSP with a global presence should consider Symantec.
• MSSP Alert Says: Symantec’s overall business has become more channel friendly in the past year, thanks to an overhauled management team and multiple M&A deals that provide new revenue opportunities for partners. Among the most recent deals: Symantec in July 2017 announced plans to acquire Skycure, a risk-based enterprise mobility solutions provider, for an undisclosed sum. It’s the latest in a growing list of M&A deals designed to reshape Symantec for modern cloud, mobile and cyberthreats.
• Top 100 MSSP Alert Ranking for 2017: 10

Trustwave

• Gartner Says: Trustwave, a stand-alone business within Singtel Group Enterprise, is based in Chicago, with regional headquarters in London, Sao Paulo and Sydney. Trustwave has several partnerships with regional telecommunications and service providers (e.g., Rogers Communications in Canada, Optus in Australia, Globe Telecom in the Philippines and TIS in Japan) around the globe to provide MSSs to those partners’ customer bases. Trustwave has nine 24/7 SOCs around the globe — three in North America, two in Europe (Warsaw and London), and four in the Asia/Pacific region (Manila, Philippines; Singapore; Sydney; and Tokyo). In the case of its telecom partners, the 24/7 SOCs are operated by Trustwave, some of which are in colocated facilities with the partners. Trustwave has a large portfolio of security technologies — including SIEM, UTM, network access control, application security, WAF and anti-malware — and builds MSSs around those, as well as support for a variety of third-party security products. Threat intelligence and incident response services are provided in- house from the Trustwave SpiderLabs team. Trustwave offers a managed EDR service leveraging Carbon Black and CounterTack as partners. Midmarket and small enterprise organizations, especially those with PCI DSS compliance requirements, make up the majority of Trustwave customers; however, the vendor has increased its focus on large enterprise buyers. Telecommunications customers that have formed strategic partnerships with Trustwave, as well as companies in the retail, hospitality, healthcare and banking vertical industries, should consider Trustwave for MSSs. Trustwave is a good option for customers that need both products and services from a single provider, as the vendor has several competitive security software- and hardware-based platforms.
• MSSP Alert Says: Trustwave makes the move into Gartner’s leadership quadrant — an impressive endorsement of the company’s growing capabilities and solid market reputation. Of the major MSSPs we cover, Trustwave ranks among the most active in terms of company milestones, partner initiatives, and major threat research (via the company’s SpiderLabs unit) that pinpoints emerging threats. Among the recent moves: A partnership to push deeper into Canada, new GDPR compliance services, and an online learning system for channel partners.
• Top 100 MSSP Alert Ranking for 2017: 6

Verizon

• Gartner Says: Verizon is a telecommunications company headquartered in Basking Ridge, New Jersey, with regional offices in Reading, U.K., and Singapore, which offers MSSs and security consulting services. Verizon uses a global network of SOCs, with three SOCs in the U.S., four in the Asia/Pacific region (India and Australia), and two in Europe (Luxembourg and Germany). Verizon’s Unified Security Portal (USP) provides single portal access across all services and capabilities for customers. Verizon’s MSS platform includes log management capabilities allowing clients to search, index and store logs using technology based on Elasticsearch. A mix of proprietary and commercial technology including Splunk is used to analyze security data, which is ingested via Verizon’s proprietary Log Event Collector (LEC). Verizon uses regional SOCs and data retention to meet requirements for local data storage and analysis. Network Threat Advanced Analytics, which was added as a service in 2017, is available to both customers on the Verizon backbone network and also through NetFlow analysis capabilities deployed on a customer’s site. Malware analysis and network and endpoint forensics are available to buyers. Remote and on-site support for incident and breach response is provided via the Threat Intel and Response Service. Enterprises, including existing Verizon network customers, should consider Verizon if they require well-established global or region-specific MSSs.
• MSSP Alert Says: As we pointed out last year, Verizon has a well-established partner program. And there are signs that Verizon’s MSSP services will increasingly flow through channel partners. Also, the company is in acquisition mode.Verizon in January 2018 acquired Niddel, security startup whose flagship Magnet platform leverages machine learning to autonomously ferret out contaminated systems inside an organization. However, Verizon’s corporate team (not the MSSP team) had at least two embarrassing security setbacks in 2017, twice leaving information exposed on Amazon Web Services.
• Top 100 MSSP Alert Ranking for 2017: 3

Continue to next page for the Challengers section of the Magic Quadrant.