Plenty of MSPs are striving to become managed security services providers (MSSPs). But transforming into a full-blown MSSP requires a complex mix of talent and technology
. Instead of making lofty investments, many MSPs are looking to partner up with established MSSPs.
That's where Gartner's Magic Quadrant for MSSPs potentially enters the picture. Here's a synopsis of the 2017 rankings, along with MSSP Alert's partner spin on the situation.
> Related: Top 100 MSSPs for 2017, exclusively from MSSP Alert
Onto the Gartner Magic Quadrant. Companies are sorted alphabetically...
1. AT&T (Challengers Quadrant)
- AT&T offers mature security management and monitoring services, along with flexible delivery options (e.g., AT&T NetBond service and its FlexWare platform), that are attractive to buyers seeking security controls and services as components of their managed network infrastructure.
- The Threat Manager—Log Analysis portal represents an opportunity to provide a richer and more functional interface to AT&T managed security customers than is available in the current portals.
- AT&T continues to invest in its capabilities in its unified delivery organization for MSSs, including incident response/forensics offerings.
MSSP Alert Says: AT&T punted its managed hosting services
- AT&T is adding capabilities to the portal for its Threat Manager—Log Analysis service during 2017.
- Potential customers should validate that the roadmap for portal features to support investigation, workflow and reporting will meet their requirements.
- MSS customers use separate portals for device management and security monitoring services. AT&T plans to unify these in in 2017. The vendor provides 24/7 support for threat monitoring and management, via U.S.- or Europe-based SOCs.
to IBM Cloud in 2015. But that doesn't mean AT&T has somehow abandoned recurring revenue opportunities with channel partners
. Network services and security remain core to the business. Though we'd like to learn more about the MSSP implications for partners.
2. Atos (Niche Quadrant)
- Atos supports customers that need a service provider to perform security monitoring and management where Atos acts as an extension of a customer's security capabilities with minimal direction.
- Atos has access to high-profile digital business projects at large enterprises because of its broader IT services engagements — many MSS competitors do not have this level of access and visibility to transformational technology projects.
- Atos has a variety of alliances and partnerships with security technology vendors to deliver its device management and security monitoring offerings.
MSSP Alert Says:
- Atos' MSS portal has limited customer self-service options, threat intelligence integration and reporting, as Atos relies on dedicated security managers assigned to customers to support those functions.
- Atos' advanced threat detection capabilities rely on its endpoint and network security services, supported by its SIEM service for security monitoring. Atos has announced new big data-based security analytics capabilities for MSS to be delivered in 2017 that leverage vendor partnerships and its own proprietary hardware and software solutions.
- Atos is rarely mentioned by Gartner clients interested in MSSs.
Atos looks more like a rival than a partner to traditional MSPs that want MSSP services. Among the pieces of evidence: Atos in early 2017 acquired Engage ESM
— a ServiceNow Gold Services Partner that also works with Cisco Systems, Moogsoft and HP Inc. The deal closed has been finalized; financial terms were not disclosed.
3. BAE Systems (Niche Quadrant)
- BAE Systems has experience with big data platforms and advanced analytics, which is employed across multiple services and solutions for advanced threat defense, as well as financial crime and fraud detection/prevention.
- BAE Systems has multiple options for instrumenting an organization, including its own network monitoring appliance and endpoint detection and response (EDR) agent, as well as partnerships with EDR vendors like Carbon Black, which are used to deliver security monitoring services as well as managed detection and response-type services.
- The vendor is an experienced defense contractor that has developed tradecraft for addressing advanced targeted attacks, which influences its advanced threat detection and threat intelligence offerings.
- Customers give generally positive feedback about BAE Systems for the sales, execution and MSS delivery phases.
MSSP Alert Says: BAE Systems in 2016 outsourced its own IT operations to CSC
- BAE Systems is still working to integrate the service and customers acquired as part of its purchase of SilverSky in 2014. Potential buyers should validate the impact of any changes to its platform and the technologies used to deliver the services.
- The MSS portal capabilities favor the enterprise customer with sufficient staff dedicated to receiving and investigating potential incidents alerted by BAE Systems' SOCs. BAE Systems plans to deploy a new portal in 2017 to unify its offerings and introduce new features and capabilities. Potential buyers should understand which portal they will use and the impact if they need to migrate from the legacy portal to the new portal.
- BAE Systems is rarely mentioned in MSS vendor shortlist discussions with Gartner clients.
for $600 million. Hmmm... Does that move mean BAE now has more time to innovate on the MSSP front?
4. BT (Challengers Quadrant)
- BT offers all MSSs and related offerings from a single, integrated business unit, providing a single source for enterprises, especially those with existing BT relationships, seeking security services delivered by a single provider.
- BT uses a variety of partnerships with security technology and service vendors to deliver its device management, security monitoring and threat intelligence offerings.
- The vendor's customers give good marks for most elements across the acquisition, implementation and delivery of MSSs.
MSSP Alert Says
- BT's portal is focused on features for enterprise technical security staff, with fewer features and capabilities compared to many MSS competitors' portals. A new portal is planned for release in 2017 that will add new features and capabilities.
- BT's offerings are focused on network-based security controls and event sources. Buyers seeking endpoint, platform and application security event monitoring may require customized services.
- Buyers seeking advanced threat detection capabilities must purchase and deploy BT's ACP solution, typically in conjunction with BT Assure Cyber security consulting. BT is integrating Assure Threat Monitoring into its Assure Cyber portfolio in 2017.
- BT's customer visibility is high in Europe, but it is less visible with MSS buyers in other regions.
: For U.S.-based MSPs seeking to navigate Brexit and security issues across Europe, BT could be worth an exploratory call...
But wait. MSSP Magic Quadrant members 5 through 8 await you on page two of four...
Welcome to page two of four.
5. CenturyLink (Niche Quadrant)
- CenturyLink's enterprise and midmarket customers for network, cloud and platform services can augment security monitoring requirements with CenturyLink via their MSSs.
- CenturyLink's rationalization of security services across its lines of business has enabled a more focused and consistent delivery of MSSs.
- CenturyLink recently introduced a new version of its customer portal with an improved interface and features, which is available now to U.S. customers and will be rolled out globally in 2017.
- Customers give good marks for CenturyLink's delivery of MSSs.
MSSP Alert Says:
- CenturyLink trails competitors in support for advanced threat detection and advanced analytics. User and entity behavior analytics (UEBA) capabilities are planned for 2017.
- The vendor's 24/7 SOC services are only available from a U.S.-based SOC. Customers in other regions with requirements for local 24/7 SOC support must request custom services until CenturyLink upgrades availability in 2017.
- CenturyLink announced the acquisition of Level 3 Communications in October 2016. Existing MSS customers and potential buyers should monitor the situation for any changes to its MSS offerings.
- CenturyLink rarely appears on Gartner clients' shortlists for MSSs.
CenturyLink's rapid move into -- and then stumbling exit from -- the cloud services market doesn't exactly inspire partner confidence in the telco giant. But network services are core to CenturyLink, and managed security services are closely aligned with those network services.
6. CSC (Challengers Quadrant)
- CSC has strong integration with ServiceNow, including its Security Incident Response application, after CSC's acquisition of Fruition Partners.
- CSC's Audit Log Assurance (ALA) offering supports buyers that require centralized audit log collection and compliance reporting across a variety of regulations, and mandates across on-premises assets and public and private cloud environments.
- CSC's security expertise supports its strong presence in the international public sector, financial services, insurance and critical infrastructure industries.
- CSC's Pulse portal lacks features compared to those from competing MSSPs. It is oriented toward enterprises leveraging CSC for security device and application management services, while the security event investigation and workflow capabilities are lacking. CSC has plans to introduce a new portal in 2017.
- In May 2016, CSC announced its intent to merge with the Enterprise Services division of Hewlett Packard Enterprise (HPE). Buyers should monitor the situation as HPE has a competing MSS offering in the Enterprise Services unit, and the two units will need to be assessed for effectiveness and cost consolidation.
- CSC is rarely included on Gartner commercial clients' shortlists for stand-alone MSS deals.
As CSC and HPE sort out their IT services merger, don't expect a major partner emphasis in the enterprise MSSP sector...
7. HCL (Niche Quadrant)
- HCL Technologies is competitive when offering MSS as part of a broader IT outsourcing deal, both for prospective and existing customers.
- The vendor has strong partnerships with security technology vendors for product procurement and implementation that can be leveraged by MSS customers.
- Its MSS delivery approach is customizable to customers' requirements and existing security technology solutions.
MSSP Alert Says:
- HCL Technologies' portal provides basic incident investigation, workflow and reporting functions.
- The vendor's capabilities for advanced threat detection and analytics are less developed compared to its competitors.
- HCL Technologies is rarely mentioned in Gartner client inquiries for MSS, and it has more visibility for dedicated security outsourcing models (such as managed SIEM) than for MSS.
HCL has been buying up channel partners, particularly in the Microsoft Dynamics CRM sector. That's not related to MSSPs, admittedly. But the buyout strategy means HCL is more of a competitor than partner to peer MSPs...
8. HP Enterprise (Challengers Quadrant)
- HPE has multiregional MSS and consulting delivery resources, and support capabilities for large service engagements.
- The vendor's broad technology and service delivery options enable extensively customized MSS engagements, including technology bundling and hybrid delivery options (e.g., co-managed SIEM for ArcSight and other SIEM vendors).
- HPE's standardization on components of the HPE Security ArcSight platform for global MSSs brings consistency to its shared delivery platform capabilities.
- Its partnership with FireEye for incident response services brings recognized advanced threat detection and incident response capabilities to HPE's existing MSSs.
MSSP Alert Says:
- The current HPE MSS portal lacks several features that are available in competitors' portals, especially in asset and vulnerability details, self-service reporting capabilities, and integration with customer ticketing systems. HPE states that customers will have access to a new portal in 1Q17 that will add many of these capabilities.
- HPE Security Services delivers a range of security monitoring options, ranging from remote MSS to dedicated managed SIEM, which can be confusing for buyers because of the way these offerings are positioned. Prospective MSS buyers, particularly those procuring MSS as part of broader IT outsourcing deals, should evaluate the service delivery model being positioned to them.
- As HPE shifts MSS to a consumption-based model — priced according to the number of security devices and data sources, and monthly data usage — prospective MSS customers should validate assumptions about security data volume in the anticipated scope of services, and understand the impact of higher- or lower-than-planned-for volume on service delivery and pricing.
- Customers with contracts up for renewal in 2017 and potential MSS buyers will need to evaluate any changes in personnel and service delivery models as a result of the upcoming merger between HPE Enterprise Services and CSC.
Here again, the combination of HPE's enterprise IT services and CSC raises more questions than it answers for prospective MSP partners...
But wait. MSSP Magic Quadrant members 9 through 12 await you on page three of four...
Welcome to page three of four.
9. IBM (Leaders Quadrant)
- IBM is a large, mature provider of security and IT services and products, with global delivery capabilities.
- It has a full-featured portal, with new features like Watson-driven automated chat capabilities and an SOC analyst reservation system for scheduling device and policy changes. The portal also leverages the QRadar management console for functionality such as log management, searches and reporting.
- IBM acquired Resilient Systems in April 2016, bringing options to MSS buyers that want to leverage a security incident response platform tool.
- Customers generally give good marks for IBM's ability to deliver core MSS capabilities.
- Gartner clients often include IBM in competitive MSS evaluations, and the vendor has high visibility for MSS in all geographic regions.
MSSP Alert Says:
- Gartner clients, especially midmarket clients, report challenges engaging with the IBM sales processes, and obtaining timely and responsive MSS bids.
- IBM is in the process of transitioning customers to its new QRadar platform. Current customers should monitor their migration path and plan appropriately for the move.
- IBM's advanced threat detection offerings rely on using IBM's QRadar SIEM modules and other partners, like Carbon Black. Buyers with existing UEBA or forensics products may require on-premises deployments or that custom services be developed.
- IBM's move toward "QRadar anywhere" for MSSs should be monitored by potential buyers to ensure they are being oriented toward the best option for their organizations' use cases, maturity, geographic footprint and size.
IBM spent most of 2016 overhauling its global partner program. The official re-launch arrived in January 2017. All partner programs -- from products to recurring revenue services -- are part of a singular IBM PartnerWorld partner program.
10. NTT Security (Challengers Quadrant)
- The features of the current MSS customer portal from Solutionary, and the WideAngle analyst workbench and its proprietary SIEM platform, offer a strong set of capabilities for integration into a unified platform.
- MSSs that had been delivered via the NTT operating companies, and which are now consolidated in NTT Security, get generally positive reviews from Gartner clients.
- NTT operating companies provide broad geographic coverage for selling MSS, and can bundle MSS with a wide range of security service offerings and delivery options, including broader telecommunications and IT infrastructure service offerings.
MSSP Alert Says: NTT acquired Dell's IT services business
- MSS will be sold, and customer relationships managed, by NTT operating companies and their strategic partners, with services delivered by NTT Security. Current and prospective MSS customers must ensure that there is a well-understood and efficient process to handle business and technical issues.
- NTT Security must successfully execute the integration of two existing MSS delivery platforms and portals, development of a new customer portal, and eventual migration of existing MSS customers from three platforms to the new unified platform. MSS customers should get assurances from their NTT operating company provider regarding the availability of current MSS capabilities and roadmaps for enhancements.
- NTT Security is moving its dedicated, specialized security sales team to the NTT operating companies for MSS sales and customer relationship management. This may create misalignment among NTT Security marketing and product management and development functions, which should be monitored by MSS customers.
(the former Perot Systems) for $3.055 billion in 2016. Amid that massive acquisition, I'm not sure NTT has the time and energy to promote managed services to partners.
11. Orange Business Services (Niche Quadrant)
- Orange offers a broad range of network and IT services that can be bundled with MSSs.
- The vendor can provide good device management services for large global enterprises with distributed data center and branch locations.
- Customers give good marks for Orange's MSSs, especially for network and security device management.
MSSP Alert Says:
- The Orange MSS portal (there is a separate IT services management portal) continues to lag behind those of competitors in supporting day-to-day investigation of security events. There is limited context and navigation capability, and customers seeking to investigate log data directly must be granted access to the console of the SIEM platform used with that customer.
- Orange has less mature capabilities in providing advanced attack analytics as part of its MSS, and also in using analytics and big data technologies to underpin service delivery.
- Orange rarely appears on Gartner clients' shortlists for MSS procurement, and it has limited MSS market visibility outside of its network service customer base.
Here again, Orange could be a key partner for MSPs seeking to move into the European market without needing to master Brexit-related issues on their own...
12. SecureWorks (Leaders Quadrant)
- SecureWorks is highly visible with Gartner clients considering MSS, and is frequently included in competitive MSS deals by both midmarket and enterprise buyers based in North America. It also has good visibility with European and Australian customers.
- Gartner customers give positive feedback for SecureWorks' MSS delivery, security expertise and relationship management.
- SecureWorks' addition of native support for monitoring activity in AWS will appeal to buyers looking for less complex monitoring options of public cloud environments.
- SecureWorks offers a standard incident response retainer that is used by customers to ensure continuity of support, from alert detection to incident investigation and remediation.
- The SecureWorks MSS portal offers extensive access to event data, supporting context, threat intelligence and reporting.
MSSP Alert Says:
- Over the last 12 months, midmarket and small-enterprise Gartner clients have increasingly reported dissatisfaction with SecureWorks' MSS delivery and postsales experience. Potential buyers should do a proof of concept (POC) to confirm that the service will integrate appropriately with their security teams' processes and procedures.
- SecureWorks continues to lack visibility in markets beyond North America, Europe and Australia for MSSs. Its consulting practice has higher visibility outside of North America and Europe.
- Gartner clients have increasingly reported that SecureWorks' pricing is more expensive relative to other MSSPs.
Dell IPOed SecureWorks to strengthen Dell's balance sheet amid the EMC buyout. Generally speaking, we'd like to see and hear from SecureWorks more aggressively during the Dell EMC World conference and other major customer/partner gatherings.
But wait. MSSP Magic Quadrant members 13 through 16 await you on page four of four...
Welcome to page four of four.
13. Symantec (Leaders Quadrant)
- The Symantec MSS portal is full-featured, with support for alert assessment and investigation, workflow, log search, and reporting.
- Symantec offers an enterprisewide licensing approach based on per-data-source (node) pricing.
- MSS customers indicate that the DeepSight Intelligence service threat feeds and intelligence reports are differentiators of Symantec's services. Symantec's acquisition of Blue Coat provides an additional source of threat and malware intelligence.
- The Blue Coat acquisition provides the opportunity for Symantec MSS to offer enhanced capabilities, such as network forensics and monitoring of SaaS environments.
- Gartner clients often consider Symantec's MSS offerings in competitive evaluations.
MSSP Alert Says:
- Unlike most MSSPs, Symantec offers only limited device management services, primarily for IDPS, and not for other security controls. Prospective customers seeking those services in addition to monitoring must anticipate working with Symantec partners.
- Symantec's services for endpoint threat detection and response are evolving. Customers using EDR products from competitors should confirm Symantec's long-term plans.
- As Symantec completes the integration with Blue Coat, buyers should perform due diligence to confirm long-term support for MSSs.
Symantec underwent yet another channel organization shakeup in 2016. Partners, meanwhile, want more predictability and stability from the security company. The company's latest quarterly results show partner promise.
14. TrustWave (Challengers Quadrant)
- Trustwave is a good option for customers that need both products and services from a single provider, as the vendor has several competitive security software- and hardware-based platforms.
- Advanced threat detection as a turnkey service is available using a variety of EDR technologies.
- Trustwave SpiderLabs' security research and threat intelligence is used to provide protective and detective capabilities to the Trustwave products used in MSS, and to SOC analysts monitoring customer devices.
- Trustwave has moderate visibility with Gartner clients looking to purchase MSSs.
MSSP Alert Says:
- Trustwave lags behind other MSSPs in employing advanced analytics technologies and methods to help SOC analysts and customers identify advanced, targeted attackers.
- Trustwave's updated MSS portal has improved incident views/alerting and workflow, but asset data capture/import, reporting features and self-service options are still limited.
- As Trustwave continues to add support for third-party security technologies, customers should validate when and to what extent the security products they have deployed will be fully supported by Trustwave MSSs.
We haven't seen much channel partner activity from Trustwave. Most alliances involve telcos of technology companies.
15. Verizon (Leaders Quadrant)
- Verizon's position as a telecommunications service provider brings additional network-based MSS offerings for networks and internet service customers through enhanced data acquisition and analysis of customer network traffic and premises-based device logs.
- Buyers looking for an MSSP that offers end-to-end threat detection and response — monitoring through to incident and breach response services — will benefit from Verizon's experienced, and MSS-integrated, RISK team.
- Verizon MSS is very visible among Gartner clients, and is often included in competitive MSS evaluations.
MSSP Alert Says:
- With the introduction of volume-based licensing by Verizon, MSS buyers should have a solid understanding of their potential data volumes, both at the start of the engagement and going forward in the future. Buyers should also confirm how overages above their licensed capacity will impact the costs to the service from unanticipated spikes in log event volumes.
- While Verizon's new MSS Analytics platform can monitor events from endpoint security solutions, it does not yet have a turnkey, host-based advanced threat detection service similar to several competitors.
- Verizon is still in the process of moving customers to its new unified portal and back end. Current customers should monitor and plan for the migration. New customers can use features from either the legacy or unified portal until existing customers are migrated.
Verizon has a well-established partner program
. And there are signs that Verizon's MSSP services will increasingly flow through channel partners
16. WiPro (Niche Quadrant)
- Wipro's MSS delivery approach is highly customizable to customers' requirements and existing technology solutions, but can also bring preferred partner solutions to a customer as needed.
- Wipro supports native and well-integrated security event collection for leading public cloud service providers (AWS and Microsoft Azure), in addition to leading SaaS vendors (Office 365, Salesforce).
- Wipro has made strategic investments through its venture capital arm in new security products, such as Vectra Networks and IntSights, which have been adopted by its MSS offerings (e.g., Threat Hunting as- a- Service).
MSSP Alert Says: Wipro has alliances with major technology companies
- Wipro's CDC portal does not provide several self-service capabilities, such as account creation and management, which must be managed by Wipro SOC analysts. The CDC portal also lags some MSSP competitors for ease of use, especially in investigating and validating alerts raised by the Wipro SOC.
- Wipro rarely appears on Gartner clients' shortlists for stand-alone MSSs deals.
. But the company doesn't have a major partner program for aspiring MSSP resellers...
Actual Gartner MSSP Magic Quadrant Graphic
Now that you've read a bit about each company in Garter's MSSP Magic Quadrant for 2017, here's a look at each company plotted in the quadrants:
Here endeth MSP Alert's look at Gartner's Magic Quadrant for MSSPs in 2017.