Which companies offer the best cybersecurity incident response services? We took a look at the Forrester Wave report for Q1 2022 and dug around for some perspectives. Then, we compared Forrester's findings with our MSSP- and MSP-oriented partner program coverage.
What did we find? The short answer involves these 10 -- actually, make that 13 -- cybersecurity incident response companies -- some of which have well-defined partner programs, though some also compete against MSPs and MSSPs on some fronts.
Here are the 13 companies to know (sorted alphabetically), their Forrester rankings (Leader, Strong Performer, Contender or Challenger) along with our associated partner program insights.
To narrow down the field to those 13 companies, Forrester focused on organizations that generate at least $25 million in incident response services revenue, and acted as a lead investigator in 100+ incident response engagements in the past 12 months, among other criteria.
Among the names to know:
1. Aon's Stroz Friedberg Incident Response (Leader): We haven't seen an MSSP partner program here, but we have seen M&A activity. The deal involved Aon's buyout of Cytelligence - an incident response and digital forensics specialist.
2. Booz Allen Hamilton (Strong Performer): Here again, M&A is the operative term. Indeed, Booz Allen's budget from 2021 through 2025 includes $3.5 billion to $4.5 billion in total capital deployment that “prioritizes strategic acquisitions,” Booz Allen CEO Horacio Rozanski told Wall Street analysts during a January 2022 earnings call. M&A is familiar territory for the company. Booz Allen in 2021 acquired digital forensics and incident response company Tracepoint and Liberty IT Solutions, a Salesforce government cloud partner. Also, the company in February 2022 re-hired Raynor Dahlquist as a senior VP within the company’s national security business.
3. Cisco Talos Incident Response (Contender): Talos is too closely tied to Cisco's own products, Forrester alleges. But Cisco also has a good track record partnering with IT consulting partners. And the MSP ecosystem is now Cisco's fastest-growing route to market, the company said in March 2022.
4. CrowdStrike Incident Response (Leader): CrowdStrike has channel partner and MSSP momentum. For fiscal year 2022, CrowdStrike’s MSSP business grew more than 200% year-over-year. Still, the company’s own managed detection and response (MDR) security services also are popular on the direct sales front.
5. Deloitte Cyber Incident Response Services (Leader): Deloitte launched Managed eXtended Detection and Response (MXDR) services in January 2022. The MXDR announcement comes after Deloitte made several cybersecurity acquisitions in 2021, including:
- Sliced Tech: A cloud- and security-centric MSP that partners with Fortinet and BlackBerry.
- aeCyberSolutions: The industrial cybersecurity solutions division of Applied Engineering Solutions (aeSolutions).
- TransientX: A zero trust network access (ZTNA) provider.
- Terbium Labs: A digital risk protection company.
- CloudQuest: A multi-cloud security posture management (CSPM) company.
- R9B: A Cyber threat hunting services and solutions provider.
6. IBM Security's X-Force Incident Response (Contender): IBM in March 2022 opened a new security operations center (SOC) in India as part of a multi-million dollar investment. The new SOC arrived amid challenging times for IBM’s overall security business. Indeed, IBM Security revenues are shrinking while most rivals are growing across the MSSP, MDR and SOCaaS markets. During a January 2022 earnings call, IBM disclosed that “security revenue declined modestly in the quarter driven by lower performance in data security,” though security revenue grew 5 percent for the year, the firm added.
7. Kroll (Strong Performer): Kroll also has been making acquisitions. Example deals include acquiring Security Compass Advisory in December 2021; Redscan in March 2021 and RP Digital Security in 2020.
8. Mandiant (Leader): Perhaps the world's best-known cybersecurity incident response company. The business has long competed and cooperated with channel partners. But the next big move involves Google acquiring Mandiant to boost the Google Cloud security business. That could be good news for MSSPs that want to work with Google, considering the search giant has already acquired another MSSP friendly company known as Siemplify.
9. Palo Alto Networks Unit 42 (Strong Performer): Perhaps better known for its threat report research, the overall Palo Alto Networks business continues to gain more MSSP partner support, Also, Palo Alto Networks has been making a partner push. The company in November 2021 introduced a new XMDR partner specialization and continues to explore MSP and MSSP partnership opportunities.
10. PwC (Strong Performer): PwC's overall strategy here is to help customers "prepare, response and recover." That involves organic R&D along with acquisitions. Key moves include acquiring Avaleris, an MSSP that offers Microsoft identity, security and cloud services.
11. Secureworks (Strong Performer): Here's an MSSP that's pivoting aggressively toward SaaS-based XDR software and channel partners. Still, the evolution toward SecureWorks Taegis XDR will take several years to play out. Side note: Dell Technologies still owns Secureworks.
12. Trustwave (Challenger): Trustwave, owned by Singtel, is another MSSP undergoing a business transition. Key moves include selling off its payment card industry compliance business to Sysnet Global Solutions for $80 million in 2021. Meanwhile, Singtel has been evaluating steps to optimize Trustwave’s business since May 2021. Key moves include tucking certain Trustwave assets into Singtel, NCS and Optus in the Asia Pacific region.
13. Verizon (Contender): Verizon has been a quiet giant in the cybersecurity business. The telecom and cellular service provider in 2020 incorporated the Securonix SIEM solution into its managed detection and response (MDR) service. Still, we haven't heard much in terms of new moves...
