The Symantec MSS portal is full-featured, with support for alert assessment and investigation, workflow, log search, and reporting.
Symantec offers an enterprisewide licensing approach based on per-data-source (node) pricing.
MSS customers indicate that the DeepSight Intelligence service threat feeds and intelligence reports are differentiators of Symantec’s services. Symantec’s acquisition of Blue Coat provides an additional source of threat and malware intelligence.
The Blue Coat acquisition provides the opportunity for Symantec MSS to offer enhanced capabilities, such as network forensics and monitoring of SaaS environments.
Gartner clients often consider Symantec’s MSS offerings in competitive evaluations.
Unlike most MSSPs, Symantec offers only limited device management services, primarily for IDPS, and not for other security controls. Prospective customers seeking those services in addition to monitoring must anticipate working with Symantec partners.
Symantec’s services for endpoint threat detection and response are evolving. Customers using EDR products from competitors should confirm Symantec’s long-term plans.
As Symantec completes the integration with Blue Coat, buyers should perform due diligence to confirm long-term support for MSSs.
MSSP Alert Says: Symantec underwent yet another channel organization shakeup in 2016. Partners, meanwhile, want more predictability and stability from the security company. The company’s latest quarterly results show partner promise.
14. TrustWave (Challengers Quadrant)
Trustwave is a good option for customers that need both products and services from a single provider, as the vendor has several competitive security software- and hardware-based platforms.
Advanced threat detection as a turnkey service is available using a variety of EDR technologies.
Trustwave SpiderLabs’ security research and threat intelligence is used to provide protective and detective capabilities to the Trustwave products used in MSS, and to SOC analysts monitoring customer devices.
Trustwave has moderate visibility with Gartner clients looking to purchase MSSs.
Trustwave lags behind other MSSPs in employing advanced analytics technologies and methods to help SOC analysts and customers identify advanced, targeted attackers.
Trustwave’s updated MSS portal has improved incident views/alerting and workflow, but asset data capture/import, reporting features and self-service options are still limited.
As Trustwave continues to add support for third-party security technologies, customers should validate when and to what extent the security products they have deployed will be fully supported by Trustwave MSSs.
MSSP Alert Says: We haven’t seen much channel partner activity from Trustwave. Most alliances involve telcos of technology companies.
15. Verizon (Leaders Quadrant)
Verizon’s position as a telecommunications service provider brings additional network-based MSS offerings for networks and internet service customers through enhanced data acquisition and analysis of customer network traffic and premises-based device logs.
Buyers looking for an MSSP that offers end-to-end threat detection and response — monitoring through to incident and breach response services — will benefit from Verizon’s experienced, and MSS-integrated, RISK team.
Verizon MSS is very visible among Gartner clients, and is often included in competitive MSS evaluations.
With the introduction of volume-based licensing by Verizon, MSS buyers should have a solid understanding of their potential data volumes, both at the start of the engagement and going forward in the future. Buyers should also confirm how overages above their licensed capacity will impact the costs to the service from unanticipated spikes in log event volumes.
While Verizon’s new MSS Analytics platform can monitor events from endpoint security solutions, it does not yet have a turnkey, host-based advanced threat detection service similar to several competitors.
Verizon is still in the process of moving customers to its new unified portal and back end. Current customers should monitor and plan for the migration. New customers can use features from either the legacy or unified portal until existing customers are migrated.
Wipro’s MSS delivery approach is highly customizable to customers’ requirements and existing technology solutions, but can also bring preferred partner solutions to a customer as needed.
Wipro supports native and well-integrated security event collection for leading public cloud service providers (AWS and Microsoft Azure), in addition to leading SaaS vendors (Office 365, Salesforce).
Wipro has made strategic investments through its venture capital arm in new security products, such as Vectra Networks and IntSights, which have been adopted by its MSS offerings (e.g., Threat Hunting as- a- Service).
Wipro’s CDC portal does not provide several self-service capabilities, such as account creation and management, which must be managed by Wipro SOC analysts. The CDC portal also lags some MSSP competitors for ease of use, especially in investigating and validating alerts raised by the Wipro SOC.
Wipro rarely appears on Gartner clients’ shortlists for stand-alone MSSs deals.