Content, Content

Gartner Magic Quadrant for Managed Security Services 2018: Analysis

Gartner's Magic Quadrant 2018 for Managed Security Services Providers (MSSPs) offers some timely updates compared to the 2017 edition. So what's new for 2018? Trustwave moved into the enviable Leaders Quadrant, while Capgemini, DXC Technology and Fujitsu were added to the overall rankings. Also, CSC and HPE Enterprise Services were dropped, since they merged under DXC Technology banner. Overall, 17 MSSPs are in this year's Magic Quadrant, compared to 16 from 2017. In the article below, we highlight some of Gartner's findings for each of the 17 companies. We also add some MSSP Alert perspectives, especially as they pertain to partner programs and company milestones that we've covered over the past year. The overall list, sorted alphabetically by companies in each quadrant, looks like this:
  • Leaders: IBM, Secureworks, Symantec, Trustwave, Verizon
  • Challengers: AT&T, BT, DXC Technology, NTT
  • Visionaries: None
  • Niche Players: Atos, BAE Systems, Capgemini, CenturyLink, Fujitsu, HCL Technologies, Orange Business Services, Wipro
You can see the actual MSSP Magic Quadrant chart with each company plotted on the final page of this article. But first, here's a deeper look at each quadrant, the companies within and their partner strategies.

Gartner Magic Quadrant Managed Security Services Providers (MSSPs): 2018 Leaders

Companies sorted alphabetically in the leader's quadrant include... IBM Managed Security Services:
  • Gartner Says: IBM is headquartered in Armonk, New York, with MSS offices in the U.S. (Atlanta and Cambridge, Massachusetts); London; Brussels; and Hortolandia, Brazil. IBM offers a broad range of MSSs, security consulting and incident response, either as stand-alone offerings or as part of larger IT services and outsourcing engagements. MSSs are delivered from five 24/7 SOCs, called X-Force Command Centers: one in the U.S.; one in San Jose, Costa Rica; one in Hortolandia, Brazil; one in Tokyo and one in Wroclaw, Poland. IBM has three additional non-24/7 SOCs in India, Belgium and the U.S. IBM uses its QRadar SIEM solution to deliver unified monitoring across MSS, regardless of the location of the QRadar platform — shared multitenant, on-premises or as a service. There are four MSS tiers available, ranging from basic endpoint security to highly customized services. IBM's advanced analytics and targeted attack detection capabilities for the network and hosts include support for customer-deployed products, IBM products (e.g., QRadar modules) and strategic partner solutions (e.g., Carbon Black for IBM Security's Managed Detection and Response service). Threat intelligence and incident response services, as well as security consulting services, are available. Support for data residency requirements is available through European Commission Model Clauses contract language, local data centers in the customer's region supported by EU staff out of the Poland SOC, and use of on-premises QRadar SIEM or using SIEM as a service hosted within IBM Cloud within region. Large enterprises with global service delivery requirements looking for flexible security event monitoring technology options, and those with strategic relationships with IBM, should consider IBM for MSSs.
  • MSSP Alert Says: IBM re-launched its global partner program in January 2017. All partner programs — from products to recurring revenue services — are part of a singular IBM PartnerWorld partner program. Also, the company's PartnerWorld summit has merged into IBM Think 2018 -- a new conference representing all of IBM's key themes and priorities. IBM Security continues to open new X-Force Command Centers across the globe. The latest one, announced in mid-2017, is based in Wroclaw, Poland. The company also is ramping up its incident response efforts ahead of the European Union's GDPR regulation activating in May 2018. Also, third-party security providers like Smarttech leverage IBM Watson for cyber capabilities.
  • Top 100 MSSP Alert Ranking for 2017: 2

  • Gartner Says: Secureworks offers a range of MSSs and other security-specific services to customers globally. Corporate headquarters are located in Atlanta, with offices in London, Edinburgh, Sydney and Tokyo. Services are delivered from three 24/7 SOCs in the U.S. (Atlanta; Chicago; and Providence, Rhode Island); one 24/7 SOC in Edinburgh, Scotland; and one 24/7 SOC in Kawasaki, Japan. The SOCs are supported by a center of excellence in Romania that is focused on customer device management and new service innovation. MSS delivery is through Secureworks' proprietary Counter Threat Appliance (CTA) and Counter Threat Platform (CTP), which leverages a shared big data platform and advanced analytics capabilities. Customer access to services is via the Secureworks Client Portal. A range of commercial log sources from customer-deployed technologies are supported, in addition to leveraging commercial and proprietary tools for managed network and host-based threat monitoring. Host and network-based advanced threat detection are provided through Secureworks' Advanced Endpoint Threat Detection (AETD) service (via its proprietary Red Cloak agent or Carbon Black) and its Advanced Malware Protection and Detection (AMPD; in partnership with Lastline) service. The Secureworks Counter Threat Unit research team provides threat research and threat intelligence, malware analysis, and analytics support to the provider's SOCs. Additional services, such as vulnerability scanning (both customer- or Secureworks-managed) and advanced threat intelligence services are also available to buyers. Midsize, enterprise and government organizations seeking an established MSS that leverages a consistent, shared delivery approach with a global presence, and a security-focused set of offerings, should, consider Secureworks.
  • MSSP Alert Says: Though well-known, SecureWorks had a relatively quiet 2017  and early 2018, and the company hasn't made many high-profile partner moves -- though there have been a few. Chief among them: A partnership to push deeper into the government IT security market.
  • Top 100 MSSP Alert Ranking for 2017: 1

Symantec Managed Security Services
  • Gartner Says: Symantec is headquartered in Mountain View, California, and has six SOCs: one each in the U.S., the U.K. and Japan, and three in the Asia/Pacific region (India, Australia and Singapore). The SOCs operate on a follow-the-sun model to provide 24/7 support. Customers are assigned to a primary SOC in their region along with a global team of analysts aligned to their specific industry vertical. Symantec's Cyber Security Services offerings include security monitoring and management, including hosted log retention, security intelligence, incident response services and security skills development services. Symantec has a broad portfolio of security technology solutions. Recent acquisitions include Outlier Security (EDR), Skycure (mobile device protection), and Fireglass (isolation technology). Symantec's MSS SOC technology platform is based on self-developed technology. Customer event and log data are analyzed by Symantec's global SOCs and retained in the North American data center. Symantec meets data residency requirements through contractual arrangements and the EU Standard Model Clause. Symantec MSS supports advanced threat detection via integrations with its own solutions as well as third-party products for network monitoring and forensics capabilities, and for payload analysis. MSS monitoring of EDR and forensics tools is offered for Symantec and third-party products. Incident and breach response services are available on retainer or on an ad hoc basis to buyers looking for a single provider for MSSs and response services. Monitoring capabilities are available for popular SaaS, IaaS and public cloud services. Pricing for MSS is offered in two models: based on a per-device/event source cost or on an enterprisewide license that provides unlimited monitoring up to a set limit of event sources (aka nodes). Enterprises seeking an established MSSP with a global presence should consider Symantec.
  • MSSP Alert Says: Symantec's overall business has become more channel friendly in the past year, thanks to an overhauled management team and multiple M&A deals that provide new revenue opportunities for partners. Among the most recent deals: Symantec in July 2017 announced plans to acquire Skycure, a risk-based enterprise mobility solutions provider, for an undisclosed sum. It’s the latest in a growing list of M&A deals designed to reshape Symantec for modern cloud, mobile and cyberthreats.
  • Top 100 MSSP Alert Ranking for 2017: 10

  • Gartner Says: Trustwave, a stand-alone business within Singtel Group Enterprise, is based in Chicago, with regional headquarters in London, Sao Paulo and Sydney. Trustwave has several partnerships with regional telecommunications and service providers (e.g., Rogers Communications in Canada, Optus in Australia, Globe Telecom in the Philippines and TIS in Japan) around the globe to provide MSSs to those partners' customer bases. Trustwave has nine 24/7 SOCs around the globe — three in North America, two in Europe (Warsaw and London), and four in the Asia/Pacific region (Manila, Philippines; Singapore; Sydney; and Tokyo). In the case of its telecom partners, the 24/7 SOCs are operated by Trustwave, some of which are in colocated facilities with the partners. Trustwave has a large portfolio of security technologies — including SIEM, UTM, network access control, application security, WAF and anti-malware — and builds MSSs around those, as well as support for a variety of third-party security products. Threat intelligence and incident response services are provided in- house from the Trustwave SpiderLabs team. Trustwave offers a managed EDR service leveraging Carbon Black and CounterTack as partners. Midmarket and small enterprise organizations, especially those with PCI DSS compliance requirements, make up the majority of Trustwave customers; however, the vendor has increased its focus on large enterprise buyers. Telecommunications customers that have formed strategic partnerships with Trustwave, as well as companies in the retail, hospitality, healthcare and banking vertical industries, should consider Trustwave for MSSs. Trustwave is a good option for customers that need both products and services from a single provider, as the vendor has several competitive security software- and hardware-based platforms.
  • MSSP Alert Says: Trustwave makes the move into Gartner's leadership quadrant -- an impressive endorsement of the company's growing capabilities and solid market reputation. Of the major MSSPs we cover, Trustwave ranks among the most active in terms of company milestones, partner initiatives, and major threat research (via the company's SpiderLabs unit) that pinpoints emerging threats. Among the recent moves: A partnership to push deeper into Canada, new GDPR compliance services, and an online learning system for channel partners.
  • Top 100 MSSP Alert Ranking for 2017: 6

  • Gartner Says: Verizon is a telecommunications company headquartered in Basking Ridge, New Jersey, with regional offices in Reading, U.K., and Singapore, which offers MSSs and security consulting services. Verizon uses a global network of SOCs, with three SOCs in the U.S., four in the Asia/Pacific region (India and Australia), and two in Europe (Luxembourg and Germany). Verizon's Unified Security Portal (USP) provides single portal access across all services and capabilities for customers. Verizon's MSS platform includes log management capabilities allowing clients to search, index and store logs using technology based on Elasticsearch. A mix of proprietary and commercial technology including Splunk is used to analyze security data, which is ingested via Verizon's proprietary Log Event Collector (LEC). Verizon uses regional SOCs and data retention to meet requirements for local data storage and analysis. Network Threat Advanced Analytics, which was added as a service in 2017, is available to both customers on the Verizon backbone network and also through NetFlow analysis capabilities deployed on a customer's site. Malware analysis and network and endpoint forensics are available to buyers. Remote and on-site support for incident and breach response is provided via the Threat Intel and Response Service. Enterprises, including existing Verizon network customers, should consider Verizon if they require well-established global or region-specific MSSs.
  • MSSP Alert Says: As we pointed out last year, Verizon has a well-established partner program. And there are signs that Verizon’s MSSP services will increasingly flow through channel partners. Also, the company is in acquisition mode.Verizon in January 2018 acquired Niddel, security startup whose flagship Magnet platform leverages machine learning to autonomously ferret out contaminated systems inside an organization. However, Verizon's corporate team (not the MSSP team) had at least two embarrassing security setbacks in 2017, twice leaving information exposed on Amazon Web Services.
  • Top 100 MSSP Alert Ranking for 2017: 3
Continue to next page for the Challengers section of the Magic Quadrant.

Gartner Magic Quadrant Managed Security Services Providers (MSSPs): 2018 Challengers

Companies sorted alphabetically in this quadrant include... AT&T
  • Gartner Says: AT&T is a global telecommunications and IT services provider that offers a range of security device management and monitoring services for large enterprises, midsize businesses and governments. Headquartered in the U.S. (Dallas), and with regional offices in the U.K. (London) and Hong Kong, AT&T delivers services from five 24/7 SOCs (one Europe-based, one Asia/Pacific-based and three U.S.-based) and three SOCs operating local business hours (one in the Asia/Pacific region, one in Brazil and another in Europe). Customers served by an SOC operating local business hours and seeking after-hours support are routed to a 24/7 location with local language support. AT&T Threat Manager is its security event monitoring and management service, which is priced by events per day (EPD). Threat correlation and analysis is performed via the AT&T Threat Intellect platform, which leverages both commercial SIEM technologies and big data technologies and analytics, and is delivered to customers as part of AT&T's Threat Management and Intelligence solutions. Device management is available through discrete managed security offerings for network security, data and application security, and mobile and endpoint security. Device management and workflow is handled through the AT&T Business Center portal, which also provides access to the Threat Manager view. The vendor offers threat intelligence via the AT&T Internet Protect service. AT&T supports in- country/customer premises data management in all regions, and can use local partners for device management to meet data residency requirements. AT&T should be considered by organizations with a preference for services to be sourced from a single supplier, particularly managed network services and IT infrastructure security controls that need to be deployed, managed and monitored across the customer's environment (both on-premises and cloud services) and the provider's environment.
  • MSSP Alert Says: AT&T is a giant in the MSSP sector. But frankly, we don't hear much from the company on the partner front. Among the firm's security-related moves in 2017 -- AT&T in September 2017 aligned with Sprint, T-Mobile and Verizon to develop enhanced authentication services for mobile customers.
  • Top 100 MSSP Alert Ranking for 2017: 5

  • Gartner Says: BT is headquartered in London with key offices globally, including London, Hong Kong and Dallas. BT has six European SOCs and four Asia/Pacific region SOCs providing 24/7 service, with an additional four non-24/7 SOCs worldwide. BT provides a range of telecommunications, cloud-enabled hosting, cloud brokering and integration, and collaboration services, in addition to managed security services. BT's MSS offerings have been under the BT Security brand name since 1Q17. BT Security's MSS portfolio includes a range of offerings primarily within the Managed Security Services and Security Intelligence portfolios. Security Intelligence includes services such as Security Log Management (SLM), Security Threat Monitoring (STM), Cyber Security and Security Threat Intelligence. Technology management is under Managed Security Services and includes managed firewalls, DDoS, web, email, PKI and cloud security. Additional offerings include Security Vulnerability Scanning (SVS) for managed vulnerability scanning and Managed SIEM for McAfee ESM, LogRhythm and IBM QRadar customers. BT's strategy for managed security services is evolving to emphasize its Managed SIEM and Cyber Security Platform offerings for existing BT customers and global enterprise buyers that require more one-to-one-oriented services, as opposed to delivery using a shared analytics platform that this research primarily assesses. BT has two separate portals for security technology management (Security Hub) and monitoring services (Security Threat Monitoring), which BT has been revamping over the last 12 months. Consulting services are available to meet a variety of customer demands. Incident response support, available as a retainer, is delivered in partnership with FireEye-Mandiant and other firms. BT can meet requirements for data residency with in-region/in-country service provision and citizenship requirements for SOC staff. Global enterprises seeking global MSS capabilities to satisfy complex security requirements should consider BT.
  • MSSP Alert Says: As we pointed out last year, for U.S.-based MSPs seeking to navigate Brexit, GDPR and security issues across Europe, BT could be worth an exploratory call.
  • Top 100 MSSP Alert Ranking for 2017: 4

DXC Technology
  • Gartner Says: DXC Technology, a newly formed entity as the result of the merger of CSC and Hewlett Packard Enterprise's (HPE's) Enterprise Services business, is headquartered in Tysons, Virginia. The merger formally concluded in March 2017. The vendor has 16 SOCs across the Americas, EMEA and the Asia/Pacific region. DXC offers a range of security implementation and consulting services other than MSSs for enterprise and government customers. In addition to security monitoring and device management, DXC does offer additional standard managed services like managed SIEM, managed EDR, vulnerability assessment and DDoS protection, among others. The vendor differs from many other MSSPs in that it offers a range of managed services around identity and access management, such as Identity Management as a Service and Privileged Account Management. As an MSS provider, DXC is currently in a state of consolidation and change, in terms of both the technology platforms used for MSS delivery and new services that the provider is planning to introduce. Customers requiring globally delivered MSS, especially those looking for a partner that also offers additional IT and security services, should consider DXC for MSSs.
  • MSSP Alert Says: DXC has plenty of MSSP expertise, but the broader company suffered an embarrassing security episode in late 2017. Indeed, the company inadvertently uploaded its private Amazon Web Services (AWS) keys to an unsecured Github repository. The private keys were used to launch 244 AWS virtual machines (VMs) over the course of four days, and DXC paid approximately $64,000 to rectify the issue.
  • Top 100 MSSP Alert Ranking for 2017: 11

  • Gartner Says: NTT brings together the MSS-specific resources and delivery platforms of NTT Com Security, Solutionary, Dimension Data, NTT Communications, NTT DATA and technology from the NTT Innovation Institute. NTT Security has been established as the specialized security company of the NTT Group. NTT is headquartered in Tokyo, with regional headquarters for North America, Europe and the Asia/Pacific region. NTT offers a broad range of security professional services and integration and incident response services. NTT Security has 17 24/7 MSS SOCs globally: six in the Asia/Pacific region, five in Europe and six in North America. In 2017, NTT progressed toward integrating its three separate platforms used for delivering MSS. Its new operating model is similar in nature to a channel-based approach in that NTT Security doesn't directly sell services, instead relying on its group companies, which have varying levels of coverage and support in the different geographies. NTT is actively migrating North American and Japan customers to its new Global Managed Security Services Platform (GMSSP), while EMEA and remaining Asia/Pacific region customers continue to use the existing WideAngle and ArcSight ESM-based platforms. NTT Security MSSs are sold via the NTT Group companies of Dimension Data, NTT Communications and NTT DATA. Customers of NTT operating companies, and enterprises seeking a large global provider, should consider NTT for MSSs.
  • MSSP Alert Says: NTT is active on multiple partner and M&A fronts. The company acquired Secure-24 Intermediate Holdings, a U.S.-based managed services provider (MSP) focused on hosted Oracle, SAP and Microsoft solutions in November 2017. And in early 2018, NTT said it plans to leverage ThreatQuotient for a new threat intelligence services offering.
  • Top 100 MSSP Alert Ranking for 2017: 24
Continue to next page for the Visionaries and Niche Players section of the Magic Quadrant, plus the actual chart with companies plotted.

Gartner Magic Quadrant Managed Security Services Providers (MSSPs): 2018 Visionaries

There are no companies in the Visionaries quadrant. None

Gartner Magic Quadrant Managed Security Services Providers (MSSPs): Niche Players

Companies sorted alphabetically in the niche quadrant include... Atos
  • Gartner Says: Atos is a global IT, digital service and software company with headquarters near Paris and regional offices in the U.S. (Purchase, New York) and Singapore. In addition to the vendor's MSSs under the Cyber Security Services business, Atos provides a wide range of consulting, system integration, managed IT services and other offerings. Atos' MSSs are delivered through a network of 14 24/7 SOCs (three in the U.K., six in continental Europe, two in the U.S., two in India and one in Malaysia). Atos recently acquired Anthelio Healthcare Solutions, providing capabilities in the Internet of Things (IoT)/OT space for managing privacy and compliance risks in the North American market. Atos provides threat intelligence and vulnerability notifications to customers using tools and services from partners like McAfee and Tripwire. Atos offers incident response and remediation activities as part of its core services in the form of forensic analysis and custom malware analysis, as well as offering optional threat hunting services and EDR leveraging CrowdStrike, for example. Advanced threat detection and monitoring services are available as part of Atos' Prescriptive Security SOC offering, which leverages Atos' proprietary big data analytics solution (Atos Codex) as well as technologies like user and entity behavior analytics (UEBA). In addition, IT/OT/IoT SOC services are developed and delivered together with Siemens. Atos' existing IT services customers and European-headquartered organizations with global coverage requirements that want a provider that can deliver end-to-end security management and monitoring services should consider the vendor for MSSs.
  • MSSP Alert Says: ATOS is widely respected, but the company's IT services business took some security heat during the 2018 Winter Olympic Games. The breach, which took place months before, has since led to a number of technical failures at the games in PyeongChang, Consultancy.UK reports.
  • Top 100 MSSP Alert Ranking for 2017: 14

BAE Systems
  • Gartner Says: BAE Systems, headquartered in Farnborough, U.K., offers a range of products and services in areas such as national defense, financial services and cybersecurity to industry and governments. The MSS group is headquartered in Guildford, U.K., with key offices in New York City, Dubai, Singapore and Sydney. Its offerings include Security Event Monitoring (SEM), Complete Security Monitoring (CSM), Managed Detection and Response (MDR), and Security Device Management (SDM). Services are delivered using five 24/7 SOCs — one in the U.K., three in the U.S. and one in the Philippines. Data residency requirements are typically met by retaining data locally and in geospecific cloud infrastructure. In the Asia/Pacific region, a local partner delivers services and cloud storage is not yet available. The BAE analytics platform uses a combination of commercial SIEM technologies and a big data and analytics, Hadoop-based platform. BAE supports common IaaS and security-as-a- service vendors such as Amazon CloudFront, AWS CloudTrail,, Cisco ScanSafe and Proofpoint. On-site and remote incident and breach response services are available via retainer. BAE Systems has a customer base in EMEA of large enterprise businesses, primarily leveraging its CSM and MDR services, and a large small or midsize business (SMB) customer base in North America, primarily leveraging its NSM and SDM services. The vendor delivers its MSS offering using a combination of proprietary and commercial solutions, depending on the customer's region and based on data privacy or residency requirements. Companies in the financial services, legal, healthcare, media, critical infrastructure and defense markets that need a range of security monitoring, device management and advanced threat defense solutions should consider BAE Systems.
  • MSSP Alert Says: BAE Systems in fall 2017 confirmed plans to cut 1,915 jobs -- but also confirmed plans to sharpen its focus on cybersecurity services. The company's Applied Intelligence cybersecurity restructuring “will drive continued growth from a more targeted portfolio of products and services focussed on providing leading cybersecurity, intelligence and financial crime prevention capabilities to government and commercial customers in priority geographic markets,” the company asserted a the time.
  • Top 100 MSSP Alert Ranking for 2017: 13

  Capgemini Managed Security Services
  • Gartner Says: Capgemini, with headquarters in Paris and regional offices located in North America, Europe and the Asia/Pacific region, provides MSS as part of its Cybersecurity Services business. Capgemini delivers services from seven 24/7 SOCs located in India (Mumbai and Bangalore), and regional SOCs in Luxembourg; Toulouse, France; Madrid; and Inverness, Scotland, for customers with data residency and sovereignty requirements. There is one non-24/7 SOC in India. Capgemini provides a variety of MSSs. Log management and security event monitoring are supported via its shared QRadar SIEM solution, with flexible options for dedicated QRadar instances. Support for five SIEM solutions (Huntsman Enterprise SIEM, Micro Focus ArcSight, McAfee ESM, RSA NetWitness and Splunk) based on customer preference or for customers wanting management of their existing SIEM tool. Customer access to services is via the MSS Portal, which provides a basic dashboard, case management and reporting-oriented interface to the services provided to customers. Capgemini provides a tiered service approach (Bronze, Silver and Gold) to MSS buyers based on level of services and support required. Additional services include management and monitoring for vulnerability scanners, firewalls, endpoint protection, NIDS/NIPS, web application firewalls (WAFs), CASB, and data loss prevention. Additional services are available that cover consulting and advisory, identity and access management, and DDoS, among others. MSS buyers looking for flexible options for SIEM tools and a wide portfolio of device management and security monitoring services, as well as existing Capgemini customers, should consider Capgemini for MSS.
  • MSSP Alert Says: Capgemini certainly is a thought leader in the MSSP market, and company executives have contributed to MSSP Alert.
  • Top 100 MSSP Alert Ranking for 2017: 30

  • Gartner Says: CenturyLink is based in Monroe, Louisiana, and has regional offices in Singapore and London. On 1 November 2017, CenturyLink completed the acquisition of Level 3 Communications, expanding its global presence and security service portfolio. CenturyLink provides telecommunications and public and private cloud services, in addition to MSSs. MSS can be acquired as a stand-alone service or as an add-on to other CenturyLink services. With the acquisition of Level 3, CenturyLink now has more than five 24/7 SOCs operating on four continents, including North America, Europe (London), Asia/Pacific (Singapore) and Latin America (Buenos Aires, Argentina, and Sao Paulo, Brazil). There are dedicated North American and U.K. SOCs to support national government contracts. CenturyLink provides a full scope of monitoring and management activities across a broad spectrum of security platforms, including next-gen firewalls, UTM systems, network and host IPS, WAF, VPN, EPP, email and web security, vulnerability scanning, threat intelligence services (from both legacy CenturyLink and Level 3), and advanced threat-oriented capabilities (e.g., network customer traffic analyzed against threat intelligence and advanced analytics for behavioral anomalies). CenturyLink uses a combination of proprietary implementations of big data platforms and other tools (such as from its previous acquisition of Cognilytics) and commercial products to collect, store and analyze customer log data and manage workflow. There are several service tiers available, from basic endpoint security management to advanced threat-oriented capabilities. Incident response, including on-site breach response services, is available with a retainer fee. Some data residency and staff citizenship requirements can be met with in-region SOCs and data storage. The pricing model for MSS depends on the services taken and includes set monthly recurring or usage-based fees; for example, threat monitoring is based on GB-per-day data. Existing network services, infrastructure as a service (IaaS) and cloud service customers, as well as organizations with global service requirements, should consider CenturyLink for MSSs.
  • MSSP Alert Says: CenturyLink extended its Managed Security Services 2.0 suite to the Asia-Pacific (APAC) region in mid-2017. The company also embraced ThreatConnect for threat intelligence-based security. Moreover, CenturyLink has made progress on its overall partner program in the past year.
  • Top 100 MSSP Alert Ranking for 2017: 7

  • Gartner Says: Fujitsu is headquartered in Tokyo, with key offices in London; Munich; Lisbon; Richardson, Texas; and Sunnyvale, California. Fujitsu has a large operational presence in Europe and Japan, with 24/7 SOCs in Japan (nine total), Australia, Singapore, India, Germany, the U.K., Finland and the U.S. Fujitsu's security portal is primarily based on its underlying delivery platform based on LogRhythm's SIEM solution. Fujitsu has an in-house Cyber Threat Intelligence (CTI) capability, which leverages a range of commercial and open-source feeds and partnerships with third parties, that underpins the threat analytics and detection capabilities within its MSSs. The CTI capability is also delivered as a stand- alone offering. Incident response support and consultancy is available as a retainer. Advanced threat detection capabilities for endpoint and networks, as well as sandboxing, leverage technology from partners such as FireEye, Check Point Software Technologies, McAfee, Symantec and others. Malware analysis is available on a range of commercial and open-source toolsets, and forensic analysis is delivered via Fujitsu consulting and partners as needed. Buyers, including existing Fujitsu IT services customers, should consider Fujitsu for MSSs if they are looking for a provider that offers flexibility for service delivery, or if they already have IT services that can be easily integrated and would benefit from security enhancements.
  • MSSP Alert Says: Fujitsu‘s global managed security service in 2017 gained forensic technology designed to help organizations identify cyberattack damage faster than ever before.  Typical forensics require weeks but the Fujitsu technology delivers results within minutes, the company claims.
  • Top 100 MSSP Alert Ranking for 2017: Not Ranked

HCL Technologies
  • Gartner Says: HCL Technologies is a global IT services provider that offers a range of IT and security services aimed at buyers, primarily through broad-scope IT outsourcing engagements. HCL is headquartered in Noida, India (with regional headquarters in London and Sunnyvale, California). MSS is a part of HCL's Cybersecurity and GRC services provided via six 24/7 MSS SOCs worldwide (four in India, and one each in Europe and the U.S.). MSS is delivered using commercially available SIEM technologies (IBM QRadar, Micro Focus ArcSight, RSA NetWitness and Splunk), chosen in consultation with the customer. SIEM solutions are leveraged for log collection and management, and real-time security event monitoring and analysis. HCL also offers dedicated managed SIEM options. The vendor provides managed EDR, with multiple technology options available to customers, in addition to threat hunting services. SecIntAl is HCL's branding for its big-data-based security analytics and threat intelligence capability that underpins the analytics for its threat monitoring services. HCL's portal provides a single dashboard-oriented interface across all supported SIEM tools, vulnerability management, endpoint management and CMDB services. Dedicated views in the portal support both analysts and leader personas. HCL supports a variety of third-party security technologies. In addition to firewalls, IDPSs and secure web gateways (SWGs), it also supports a variety of solutions like EDR, CASB, network traffic analysis (NTA) and vulnerability management. Related services, like incident and breach response, are provided by select partners. Organizations engaged in IT outsourcing and technology transformation projects, buyers looking for providers to use their preferred SIEM tool and broad-based support for security technologies, and existing HCL Technologies customers should consider HCL for MSSs.
  • MSSP Alert Says: As of 2017 HCL had been buying up channel partners, particularly in the Microsoft Dynamics CRM sector. That’s not related to MSSPs, admittedly. But the buyout strategy means HCL is more of a competitor than partner to peer MSPs…
  • Top 100 MSSP Alert Ranking for 2017: 15

Orange Business Services
  • Gartner Says: Orange Business Services (Orange), headquartered in Paris and with regional offices in a wide variety of locations across the Asia/Pacific region, North America and Europe, offers a broad range of telecommunications and cloud-based IT infrastructure services, security consulting services, and MSSs. Orange's MSSs are delivered using commercial and proprietary technologies for log management, event correlation and advanced threat detection, as well as some wider integrations with open-source big data technologies. Security Event Intelligence is the service offering for 24/7 threat detection and response. Threat intelligence is centered around malicious IP/URL/domain names curated by Orange collected from a large number of public and private feeds and sources, discoveries made on the Orange Internet backbone, and intelligence from Orange's in-house CERT team. Services are delivered from seven SOCs (three located in Europe, one in India, one in Malaysia, and one each in Mauritius and Egypt). All SOCs are 24/7 except for the European and Malaysia SOCs, which use a "follow the sun" model. Data residency requirements are addressed on a case-by- case basis, with a majority of non-European clients being serviced from the India and Egypt SOCs. Orange's network and infrastructure service customers and multinational organizations, especially those with a European and Asia/Pacific business focus, seeking network-security-focused MSSs should consider Orange Business Services.
  • MSSP Alert Says: Here again, Orange could be a key partner for MSPs seeking to move into the European market without needing to master Brexit- and GDPR-related issues on their own. Also of note: Check Point Software Technologies and Orange Cyberdefense unveiled a joint mobile managed security service. The new service, Orange Mobile Threat Protection, enables enterprises to safeguard their mobile devices against current and emerging cyber threats, according to a prepared statement.
  • Top 100 MSSP Alert Ranking for 2017: 12

  • Gartner Says: Wipro provides a variety of MSSs, including security threat monitoring, infrastructure security operations and technology management, vulnerability management, incident response, identity and access management, and security consulting services. Wipro is headquartered in Bangalore, India, with offices in London, New York, New Jersey and elsewhere around the globe. MSSs are delivered from 14 24/7 SOCs, with eight in India (Bangalore, Pune, Chennai, Mysore, Bhubaneswar, Kochi, Noida and Gurgaon), two in Europe (Amsterdam and Meerbush, Germany), and four in North America (Houston, Dallas, Phoenix and Edmonton, Canada). Wipro offers security event monitoring via its multitenant ServiceNXT platform, or Wipro can support customers that bring their own SIEM solution or require a specific, dedicated SIEM tool. Wipro currently supports six SIEM platforms. Customers access the Wipro MSSs through the Cyber Defense Center (CDC) portal, which provides a single landing page for accessing services used by customers. Wipro has a broad portfolio of technology partnerships available to buyers. Flexible options are also available to meet local or regional data residency requirements and regulations. Buyers across Europe, the Americas and the Asia/Pacific region considering MSS as part of broader IT outsourcing activities, and enterprises seeking flexible options for managing a range of security controls, including SIEM tools, across a variety of IT environments, should consider Wipro.
  • MSSP Alert Says: Wipro invested in Denim Group, an application security services provider, the day we wrote this article. And earlier this year, WiPro and ThreatModeler announced a partnership to deliver enterprise threat modeling capabilities to MSSPs and other organizations. Another key relationship has WiPro security orchestration software provider Demisto delivering integrated and automated incident response as a managed security service.
  • Top 100 MSSP Alert Ranking for 2017: 8

Gartner Magic Quadrant Managed Security Services Providers (MSSPs): Company Chart

Here's a look at how Gartner plots the 17 MSSPs across the four quadrants for 2018.
Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.