IBM is a large, mature provider of security and IT services and products, with global delivery capabilities.
It has a full-featured portal, with new features like Watson-driven automated chat capabilities and an SOC analyst reservation system for scheduling device and policy changes. The portal also leverages the QRadar management console for functionality such as log management, searches and reporting.
IBM acquired Resilient Systems in April 2016, bringing options to MSS buyers that want to leverage a security incident response platform tool.
Customers generally give good marks for IBM’s ability to deliver core MSS capabilities.
Gartner clients often include IBM in competitive MSS evaluations, and the vendor has high visibility for MSS in all geographic regions.
Gartner clients, especially midmarket clients, report challenges engaging with the IBM sales processes, and obtaining timely and responsive MSS bids.
IBM is in the process of transitioning customers to its new QRadar platform. Current customers should monitor their migration path and plan appropriately for the move.
IBM’s advanced threat detection offerings rely on using IBM’s QRadar SIEM modules and other partners, like Carbon Black. Buyers with existing UEBA or forensics products may require on-premises deployments or that custom services be developed.
IBM’s move toward “QRadar anywhere” for MSSs should be monitored by potential buyers to ensure they are being oriented toward the best option for their organizations’ use cases, maturity, geographic footprint and size.
MSSP Alert Says: IBM spent most of 2016 overhauling its global partner program. The official re-launch arrived in January 2017. All partner programs — from products to recurring revenue services — are part of a singular IBM PartnerWorld partner program.
10. NTT Security (Challengers Quadrant)
The features of the current MSS customer portal from Solutionary, and the WideAngle analyst workbench and its proprietary SIEM platform, offer a strong set of capabilities for integration into a unified platform.
MSSs that had been delivered via the NTT operating companies, and which are now consolidated in NTT Security, get generally positive reviews from Gartner clients.
NTT operating companies provide broad geographic coverage for selling MSS, and can bundle MSS with a wide range of security service offerings and delivery options, including broader telecommunications and IT infrastructure service offerings.
MSS will be sold, and customer relationships managed, by NTT operating companies and their strategic partners, with services delivered by NTT Security. Current and prospective MSS customers must ensure that there is a well-understood and efficient process to handle business and technical issues.
NTT Security must successfully execute the integration of two existing MSS delivery platforms and portals, development of a new customer portal, and eventual migration of existing MSS customers from three platforms to the new unified platform. MSS customers should get assurances from their NTT operating company provider regarding the availability of current MSS capabilities and roadmaps for enhancements.
NTT Security is moving its dedicated, specialized security sales team to the NTT operating companies for MSS sales and customer relationship management. This may create misalignment among NTT Security marketing and product management and development functions, which should be monitored by MSS customers.
MSSP Alert Says: NTT acquired Dell’s IT services business (the former Perot Systems) for $3.055 billion in 2016. Amid that massive acquisition, I’m not sure NTT has the time and energy to promote managed services to partners.
11. Orange Business Services (Niche Quadrant)
Orange offers a broad range of network and IT services that can be bundled with MSSs.
The vendor can provide good device management services for large global enterprises with distributed data center and branch locations.
Customers give good marks for Orange’s MSSs, especially for network and security device management.
The Orange MSS portal (there is a separate IT services management portal) continues to lag behind those of competitors in supporting day-to-day investigation of security events. There is limited context and navigation capability, and customers seeking to investigate log data directly must be granted access to the console of the SIEM platform used with that customer.
Orange has less mature capabilities in providing advanced attack analytics as part of its MSS, and also in using analytics and big data technologies to underpin service delivery.
Orange rarely appears on Gartner clients’ shortlists for MSS procurement, and it has limited MSS market visibility outside of its network service customer base.
MSSP Alert Says: Here again, Orange could be a key partner for MSPs seeking to move into the European market without needing to master Brexit-related issues on their own…
12. SecureWorks (Leaders Quadrant)
SecureWorks is highly visible with Gartner clients considering MSS, and is frequently included in competitive MSS deals by both midmarket and enterprise buyers based in North America. It also has good visibility with European and Australian customers.
Gartner customers give positive feedback for SecureWorks’ MSS delivery, security expertise and relationship management.
SecureWorks’ addition of native support for monitoring activity in AWS will appeal to buyers looking for less complex monitoring options of public cloud environments.
SecureWorks offers a standard incident response retainer that is used by customers to ensure continuity of support, from alert detection to incident investigation and remediation.
The SecureWorks MSS portal offers extensive access to event data, supporting context, threat intelligence and reporting.
Over the last 12 months, midmarket and small-enterprise Gartner clients have increasingly reported dissatisfaction with SecureWorks’ MSS delivery and postsales experience. Potential buyers should do a proof of concept (POC) to confirm that the service will integrate appropriately with their security teams’ processes and procedures.
SecureWorks continues to lack visibility in markets beyond North America, Europe and Australia for MSSs. Its consulting practice has higher visibility outside of North America and Europe.
Gartner clients have increasingly reported that SecureWorks’ pricing is more expensive relative to other MSSPs.
MSSP Alert Says: Dell IPOed SecureWorks to strengthen Dell’s balance sheet amid the EMC buyout. Generally speaking, we’d like to see and hear from SecureWorks more aggressively during the Dell EMC World conference and other major customer/partner gatherings.
But wait. MSSP Magic Quadrant members 13 through 16 await you on page four of four…