Top 10 Zero Trust Cybersecurity Companies for 2019
- Segmenting and securing the network across locations and hosting models; and
- preaching the Zero Trust gospel — the need to challenge and eliminate the inherent trust assumptions in our security strategies that made us vulnerable to external and internal attacks.
Dig a little deeper, and Forrester recently evaluated 14 security companies and their capabilities as so-called Zero Trust eXtended ecosystem providers. To be considered for the Forrester research for 2018, each vendor had to have:
- at least $75 million in annual revenues;
- technical capabilities in at least three of seven areas: 1) network security; 2) device security; 3) people/identity security; 4) workload/application security; 5) data security; 6) security visibility and analytics; and 7) security automation and orchestration.
- APIs for integration; and
- alignment with Forrester’s ZTX framework and overall Zero Trust concepts, among other things.
The complete Forrester report is here for 2018.
Managed Security Services and Zero Trust
Now, let’s connect the dots between Forrester’s report and the MSSP industry. Of the 14 companies on the Forrester list — four more than the 10 we promised in the headline — here’s a look at each security firm and their MSSP focus heading into 2019. Note: MSSP Alert has sorted the 14 companies alphabetically rather than by the Forrester Wave ranking.
1. Akamai: The network security company offers DDoS, botnet mitigation, malware protection, and application microsegmentation capabilities. MSSP Alert says: Akamai has a long-established partner program and works with well-known Top 100 MSSPs like Trustwave.
2. Centrify: The company specializes in privileged identity management (PIM) and identity-as-a-service) IDaaS. MSSP Alert says: Private equity firm Thoma Bravo acquired Centrify in mid-2018. Shortly ahead of the deal, Centrify in June 2018 launched a partner program called Centrify Zero Trust Security Network. The effort was previously know as the Centrify Alliance Partner Program (CAPP). The Thoma Bravo deal could allow Centrify to strengthen its MSP and MSSP partner engagements, MSSP Alert believes.
3. Cisco Systems: Security has been a key focus area for Cisco Systems CEO Chuck Robbins, and the company has well-known offerings across endpoint, network and cloud security services. MSSP Alert says: Cisco’s $2.35 billion buyout of Duo Security in August 2018 furthers the company’s zero trust effort. Plus, Cisco is taking steps to engage MSPs in the SMB sector, and the company in September 2018 named Ruba Borno as VP and GM, Cisco Managed Services. Roll all those efforts together, and it’s clear the MSP and MSSP push continues.
4. Cyxtera Technologies: The company is a secure infrastructure and colocation provider — supporting more than 3,500 enterprises, government agencies and service providers. MSSP Alert says: Cyxtera works with numerous MSSPs and Managed Detection and Response (MDR) providers. An example partnership involves eSentire integrating its MDR service with the Cyxtera’s AppGate SDP zero-trust network solution. And earlier this year, Cyxtera acquired Immunity, a Miami-based threat assessment and penetration services provider.
5. Forcepoint: Formerly known as Websense/Raytheon, the company’s focus areas include the federal space, and the company’s technologies address security user behavior analytics (SUBA) and data security, Forrester notes. MSSP Alert says: Parent Raytheon itself is an MDR and MSSP provider. But Forcepoint also has relationships with numerous MSSPs — including Calian Group.
6. Fortinet: Fortinet is best-known as a network security provider, but don’t overlook the company’s application, cloud, identity, threat detection and prevention offerings. MSSP Alert says: Fortinet pioneered MSSP partner programs. and in mid-2018 aligned its MSSP efforts with the company’s broader channel program.
7. Illumio: The company specializes in micro-segmentation solutions, while also offering customers application dependency maps and vulnerability maps. MSSP Alert says: . An integration between Illumio and Qualys Cloud Platform shows potential attack paths in real time. We have not, however, heard a specific MSSP partner strategy from Illumio as of December 2018.
Visit page two of two for companies eight through 14, sorted alphabetically.
I am intrigued as to why McAfee isn’t on this list. With their recent mVISION portfolio/platform, surely they have a solid offering?
Hi VM Thunder,
Thanks for your note. We used Forrester’s latest Zero Trust report as a starting point, then connected the dots back to the MSSP market. McAfee was not mentioned in this particular report, though we do have respect for the company and the mVISION effort. In fact, we just mentioned the company in our Top 10 SIEM Tools list last week.
Thank you for the clarification and the link to the SIEM tools. I had missed that, somehow.
How is Cisco on the list when they continually hard-code backdoors into their network and security equipment?
Hi Surprised: You raise a relevant question that deserves a closer look. For readers who are not familiar with the Cisco backdoor discussion, Tom’s Hardware has some details here. In response to the question you’ve raised, Surprised, we will reach out to both Gartner and Cisco for comment about the back door history, the implications for zero trust networks, and how Cisco is addressing the issue going forward.
I will update this comment when we have more details to share.