Gartner Magic Quadrant: Intrusion Detection, Prevention Systems 2018 for MSSPs

by Joe Panettieri • Dec 26, 2018

This year’s Gartner Magic Quadrant for Intrusion Detection and Prevention Systems, released in January 2018, tracks and analyzes nine cybersecurity companies in the IDPS sector. But which of those IDPS providers actually offer MSP- and MSSP-friendly partner programs and associated consumption models? MSSP Alert was eager to track down the answers.

Scroll through the information below and you’ll find IDPS offerings in each of the four Gartner quadrants:

• Leaders: Cisco Systems, McAfee and Trend Micro
• Challengers: Alert Logic, FireEye and NSFocus
• Visionaries: Vectra Networks
• Niche Players: Venustech and Hillstone Networks

For each of those nine companies, we share some of Gartner’s perspectives below. Plus, we inject some of MSSP Alert’s views and associated coverage about each company to help managed security services providers formulate their IDPS partner strategies. On the final page of this article, you’ll also find the actual Gartner Magic Quadrant 2018 graphic of IDPS offerings.

Gartner Magic Quadrant: Intrusion Detection & Prevention Systems 2018 Leaders

This quadrant includes Cisco Systems, McAfee and Trend Micro (sorted alphabetically). Take a look:

Cisco Systems

• Gartner Says: Cisco has a broad security product portfolio and has had IDPS offerings for many years. The Sourcefire acquisition has continued to be a positive and strong influence on Cisco’s network security portfolio, giving the company traction in the firewall market that it would not have garnered otherwise. The Firepower IDPS line also shares a management console with the Cisco firewall offerings, called the Firepower Management Center.
• MSSP Alert Says: Cisco has a strong reputation with enterprise-class service providers. But the company also is rekindling relationships and building new partnerships in the SMB sector. Recent moves include positioning Cisco’s endpoint security portfolio for MSSPs seeking advanced malware protection, Internet security and enterprise mobility management (EMM) capabilities.

McAfee

• Gartner Says: McAfee has completed its move out of Intel, creating a stand-alone company — though Intel retains a 49 percent stake in the firm. The new McAfee company has a significant product portfolio across network, server, cloud, web, security information and event management (SIEM), network analytics, data loss prevention (DLP), and endpoint security. This move to being an independent entity has been a net positive for the company. It has led to better roadmap execution and will allow McAfee to better focus and compete in the security market. Its IDPS, called the Network Security Platform (NSP), is a main element of its network security product offerings, McAfee has focused heavily on roadmap execution and integration of this range into its other portfolio of products. In November 2017, McAfee acquired SkyHigh Networks, a cloud access security broker (CASB) provider.
• MSSP Alert Says: Some MSPs got burned when Intel mismanaged the former McAfee MXLogic business. But overall there are signs that McAfee is waking up to the MSSP partner opportunity. Among the efforts to watch: McAfee’s Managed Services Specialization for partners.

Trend Micro

• Gartner Says: Headquartered in Japan, Trend Micro is a large, global IT security vendor. It completed its acquisition of TippingPoint from Hewlett Packard Enterprise (HPE) in March 2016. The acquisition has been a net positive for Trend Micro’s IDPS product, sales and marketing operations. TippingPoint is well-placed within Trend Micro in the same division as the Deep Discovery products. … The IDPS also benefis from synergies between TippingPoint’s and Trend Micro’s research teams on malware, which is enhancing the ability of the IDPS to specifically address the network-based elements of malware threats. Additionally, the Trend Micro advanced threat (sandbox) technology for its IDPS, called Deep Discovery, now has integrations to its IDPS to be able to receive telemetry in real time that can be used for prevention and detection use cases. … Trend Micro’s IDPS platforms have gained native integrated advanced threat capabilities, a significantly larger channel with more expertise in selling security, and access to Trend Micro’s significant research resources.
• MSSP Alert Says: Trend Micro was an early partner and friend to MSPs in the SMB sector. But the company has occasionally scaled back messaging and support to those audiences in recent years. Still, there are signs that Trend Micro has renewed its MSP efforts over the past year, and we’re watching the company closely for signs of more progress.

Gartner Magic Quadrant: Intrusion Detection & Prevention Systems 2018 Challengers

This quadrant includes Alert Logic, FireEye and NSFocus (sorted alphabetically). Take a look:

Alert Logic:

• Gartner Says: Alert Logic is a privately held security-as-a-service provider based in Houston, Texas. Services it offers include managed IDS, web application firewall (WAF), log management and vulnerability management. Alert Logic’s IDS is built on a Snort foundation with additional anomaly-based signatures, heuristics and supervised machine learning intelligence. It is offered in two packages: Alert Logic Threat Manager is an IDS-only offering and includes vulnerability management capabilities; and Alert Logic Cloud Defender includes out-of-band WAF and log management, along with detection based off of logs. Alert Logic’s IDS is offered as a physical on-premises appliance, with new deployments more often in the form of virtual machines deployed in hosting or cloud environments. The vendor has also invested in applying machine learning to the IDS event stream to help reduce the amount of “net events” that need to be reviewed by human analysts. Since Alert Logic’s IDS is deployed out of band in detection mode with managed components, it does not offer a wide range of high-performance appliances. Alert Logic adds and subtracts sensors, where it makes sense for the customer’s changing network in order to meet high- throughput detection needs by scaling horizontally, not in the appliance.
• MSSP Alert Says: Alert Logic itself is an MSSP of sorts, ranking No. 9 on our Top 100 MSSPs list for 2017. The company also works closely with third-party MSPs and MSSPs. A key example involves Sinnaker, which leverages Alert Logic’s platform to safeguard Oracle and SAP deployments.

FireEye

• Gartner Says: FireEye is a U.S.-based cybersecurity company headquartered in Milpitas, California. It is a well- known security vendor specializing in advanced threat protection, security analytics, threat intelligence and incident response. In recent years, it has expanded its product and service portfolio extensively with a mix of organic growth and acquisitions. These additions are with managed services, cloud security analytics, threat intelligence, network forensics and security orchestration, as well as via adding IPS to its most well-known solution, the FireEye Network Security (NX Series) solution, which is available as a physical or virtual appliance. The virtual appliances support a range of hypervisors, including Amazon AWS, but not Microsoft Azure. In the past year, FireEye has improved its architecture by decoupling the IDPS (the NX Series) from the Multi-Vector Virtual Execution (MVX; for ATD/sandboxing) presenting the concept of a “smart node” (the IDPS appliance) and the “smart grid” (MVX/sandbox) with version 7.9 of the solution. Additionally, the “smart grid” MVX now supports bursting from the local instance(s) to the cloud, allowing for better scalability without the need for additional on-premises appliances. These evolutions let the solution scale horizontally for performance, and allow for better support to detect lateral movement of threat use cases (versus just north-south) and also for distributed environments.
• MSSP Alert Says: FireEye has sometimes alienated partners and MSSPs because the company has its own consulting and managed services capabilities. Still, there are signs that FireEye is making progress with partners — including MSSPs.

NSFocus

• Gartner Says: NSFOCUS is headquartered in Beijing and California. It is a large regional security vendor for Asia and is expanding to other geographies. NSFOCUS offers distributed denial of service (DDoS; via its Anti-DDoS System [ADS] offering), web application scanning (via Web Vulnerability Scanning System [WVSS]), and WAF and vulnerability management (via Remote Security Assessment System [RSAS]). The vendor also offers managed security services (MSSs) on a number of its products. The NSFOCUS IDPS has a large range of appliances, models ranging from 300 Mbps to 120 Gbps of throughput and four virtual appliances. This is an improvement over when it was reviewed for the previous Magic Quadrant, with higher-throughput chassis now available. The virtual appliances are certified on VMware, Kernel-Based Virtual Machine (KVM) and OpenStack, but not Xen. Its IDPS includes sandboxing capabilities called Threat Analysis Center (TAC), as well as application control and anti-malware, and it can also utilize reputation-based controls. Additionally, most models support a flexible licensing scheme, allowing clients to buy a chassis from a “range,” but then simply increase the inspected throughput with a licensing update — increasing throughput without having to replace the device.
• MSSP Alert Says: The company appears to be piecing together a partner program but we haven’t seen clear, consistent signs of momentum. A 2016 partner program announcement leads to a dead webpage on the company’s website.

Continue to page two of two for the Visionaries and Niche Player quadrants. Also, we share the Gartner Magic Quadrant graphic on page two.