Content, Channel partners, Content, Security Program Controls/Technologies, Channel partner programs

Gartner Magic Quadrant: Intrusion Detection, Prevention Systems 2018 for MSSPs

This year's Gartner Magic Quadrant for Intrusion Detection and Prevention Systems, released in January 2018, tracks and analyzes nine cybersecurity companies in the IDPS sector. But which of those IDPS providers actually offer MSP- and MSSP-friendly partner programs and associated consumption models? MSSP Alert was eager to track down the answers. Scroll through the information below and you'll find IDPS offerings in each of the four Gartner quadrants:
  • Leaders: Cisco Systems, McAfee and Trend Micro
  • Challengers: Alert Logic, FireEye and NSFocus
  • Visionaries: Vectra Networks
  • Niche Players: Venustech and Hillstone Networks
For each of those nine companies, we share some of Gartner's perspectives below. Plus, we inject some of MSSP Alert's views and associated coverage about each company to help managed security services providers formulate their IDPS partner strategies. On the final page of this article, you'll also find the actual Gartner Magic Quadrant 2018 graphic of IDPS offerings.

Gartner Magic Quadrant: Intrusion Detection & Prevention Systems 2018 Leaders

This quadrant includes Cisco Systems, McAfee and Trend Micro (sorted alphabetically). Take a look: Cisco Systems
  • Gartner Says: Cisco has a broad security product portfolio and has had IDPS offerings for many years. The Sourcefire acquisition has continued to be a positive and strong influence on Cisco's network security portfolio, giving the company traction in the firewall market that it would not have garnered otherwise. The Firepower IDPS line also shares a management console with the Cisco firewall offerings, called the Firepower Management Center.
  • MSSP Alert Says: Cisco has a strong reputation with enterprise-class service providers. But the company also is rekindling relationships and building new partnerships in the SMB sector. Recent moves include positioning Cisco's endpoint security portfolio for MSSPs seeking advanced malware protection, Internet security and enterprise mobility management (EMM) capabilities.
  • Gartner Says: McAfee has completed its move out of Intel, creating a stand-alone company -- though Intel retains a 49 percent stake in the firm. The new McAfee company has a significant product portfolio across network, server, cloud, web, security information and event management (SIEM), network analytics, data loss prevention (DLP), and endpoint security. This move to being an independent entity has been a net positive for the company. It has led to better roadmap execution and will allow McAfee to better focus and compete in the security market. Its IDPS, called the Network Security Platform (NSP), is a main element of its network security product offerings, McAfee has focused heavily on roadmap execution and integration of this range into its other portfolio of products. In November 2017, McAfee acquired SkyHigh Networks, a cloud access security broker (CASB) provider.
  • MSSP Alert Says: Some MSPs got burned when Intel mismanaged the former McAfee MXLogic business. But overall there are signs that McAfee is waking up to the MSSP partner opportunity. Among the efforts to watch: McAfee's Managed Services Specialization for partners.
Trend Micro
  • Gartner Says: Headquartered in Japan, Trend Micro is a large, global IT security vendor. It completed its acquisition of TippingPoint from Hewlett Packard Enterprise (HPE) in March 2016. The acquisition has been a net positive for Trend Micro's IDPS product, sales and marketing operations. TippingPoint is well-placed within Trend Micro in the same division as the Deep Discovery products. ... The IDPS also benefis from synergies between TippingPoint's and Trend Micro's research teams on malware, which is enhancing the ability of the IDPS to specifically address the network-based elements of malware threats. Additionally, the Trend Micro advanced threat (sandbox) technology for its IDPS, called Deep Discovery, now has integrations to its IDPS to be able to receive telemetry in real time that can be used for prevention and detection use cases. ... Trend Micro's IDPS platforms have gained native integrated advanced threat capabilities, a significantly larger channel with more expertise in selling security, and access to Trend Micro's significant research resources.
  • MSSP Alert Says: Trend Micro was an early partner and friend to MSPs in the SMB sector. But the company has occasionally scaled back messaging and support to those audiences in recent years. Still, there are signs that Trend Micro has renewed its MSP efforts over the past year, and we're watching the company closely for signs of more progress.

Gartner Magic Quadrant: Intrusion Detection & Prevention Systems 2018 Challengers

This quadrant includes Alert Logic, FireEye and NSFocus (sorted alphabetically). Take a look: Alert Logic:
  • Gartner Says: Alert Logic is a privately held security-as-a-service provider based in Houston, Texas. Services it offers include managed IDS, web application firewall (WAF), log management and vulnerability management. Alert Logic's IDS is built on a Snort foundation with additional anomaly-based signatures, heuristics and supervised machine learning intelligence. It is offered in two packages: Alert Logic Threat Manager is an IDS-only offering and includes vulnerability management capabilities; and Alert Logic Cloud Defender includes out-of-band WAF and log management, along with detection based off of logs. Alert Logic's IDS is offered as a physical on-premises appliance, with new deployments more often in the form of virtual machines deployed in hosting or cloud environments. The vendor has also invested in applying machine learning to the IDS event stream to help reduce the amount of "net events" that need to be reviewed by human analysts. Since Alert Logic's IDS is deployed out of band in detection mode with managed components, it does not offer a wide range of high-performance appliances. Alert Logic adds and subtracts sensors, where it makes sense for the customer's changing network in order to meet high- throughput detection needs by scaling horizontally, not in the appliance.
  • MSSP Alert Says: Alert Logic itself is an MSSP of sorts, ranking No. 9 on our Top 100 MSSPs list for 2017. The company also works closely with third-party MSPs and MSSPs. A key example involves Sinnaker, which leverages Alert Logic's platform to safeguard Oracle and SAP deployments.
  • Gartner Says: FireEye is a U.S.-based cybersecurity company headquartered in Milpitas, California. It is a well- known security vendor specializing in advanced threat protection, security analytics, threat intelligence and incident response. In recent years, it has expanded its product and service portfolio extensively with a mix of organic growth and acquisitions. These additions are with managed services, cloud security analytics, threat intelligence, network forensics and security orchestration, as well as via adding IPS to its most well-known solution, the FireEye Network Security (NX Series) solution, which is available as a physical or virtual appliance. The virtual appliances support a range of hypervisors, including Amazon AWS, but not Microsoft Azure. In the past year, FireEye has improved its architecture by decoupling the IDPS (the NX Series) from the Multi-Vector Virtual Execution (MVX; for ATD/sandboxing) presenting the concept of a "smart node" (the IDPS appliance) and the "smart grid" (MVX/sandbox) with version 7.9 of the solution. Additionally, the "smart grid" MVX now supports bursting from the local instance(s) to the cloud, allowing for better scalability without the need for additional on-premises appliances. These evolutions let the solution scale horizontally for performance, and allow for better support to detect lateral movement of threat use cases (versus just north-south) and also for distributed environments.
  • MSSP Alert Says: FireEye has sometimes alienated partners and MSSPs because the company has its own consulting and managed services capabilities. Still, there are signs that FireEye is making progress with partners -- including MSSPs.
  • Gartner Says: NSFOCUS is headquartered in Beijing and California. It is a large regional security vendor for Asia and is expanding to other geographies. NSFOCUS offers distributed denial of service (DDoS; via its Anti-DDoS System offering), web application scanning (via Web Vulnerability Scanning System ), and WAF and vulnerability management (via Remote Security Assessment System ). The vendor also offers managed security services (MSSs) on a number of its products. The NSFOCUS IDPS has a large range of appliances, models ranging from 300 Mbps to 120 Gbps of throughput and four virtual appliances. This is an improvement over when it was reviewed for the previous Magic Quadrant, with higher-throughput chassis now available. The virtual appliances are certified on VMware, Kernel-Based Virtual Machine (KVM) and OpenStack, but not Xen. Its IDPS includes sandboxing capabilities called Threat Analysis Center (TAC), as well as application control and anti-malware, and it can also utilize reputation-based controls. Additionally, most models support a flexible licensing scheme, allowing clients to buy a chassis from a "range," but then simply increase the inspected throughput with a licensing update — increasing throughput without having to replace the device.
  • MSSP Alert Says: The company appears to be piecing together a partner program but we haven't seen clear, consistent signs of momentum. A 2016 partner program announcement leads to a dead webpage on the company's website.
Continue to page two of two for the Visionaries and Niche Player quadrants. Also, we share the Gartner Magic Quadrant graphic on page two. Welcome to page two of two, featuring the Visionaries and Niche Player quadrants. Also, we share the Gartner Magic Quadrant graphic below.

Gartner Magic Quadrant: Intrusion Detection & Prevention Systems 2018 Visionaries

Vectra Networks is the only company in the Visionaries quadrant. Here are the details. Vectra Networks
  • Gartner Says: Vectra Networks has shipped its Cognito product since 2014 and is a leading example of using advanced analytics (like UEBA) for network IDS use cases. It focuses on detection of threats that have bypassed traditional controls and on detecting lateral movement of threats on the inside of an organization's network. ... Vectra's approach is innovative as it directly addresses some key issues in security operations today. ... This solution excels at the ability to roll up numerous numbers of alerts to create a single incident to investigate that describes a chain of related activities, rather than isolated alerts that an analyst then has to piece together. Second, adversary dwell time today is far too long for organizations, and having different means to detect malicious or unwanted activity is a key value proposition for Vectra. This is especially true for detecting the lateral movement of threats on a network that have already evaded other security controls. While an IDS in terms of deployment, Vectra does have a number of other integrations with existing tools for further response actions. Example categories are firewalls, network access control (NAC), endpoint, ticketing systems and SIEM.
  • MSSP Alert Says: Vectra positions its partner program for "channel" partners but certainly mentions recurring revenues and managed security services as part of that overall effort. The company raised $36 million in Series D funding in February 2018, but the news made no mention of accelerated partner or channel investments. A separate growth-related press release in February 2018 celebrated 181 percent annual revenue growth but once again made no mention of partners or MSSPs.

Gartner Magic Quadrant: Intrusion Detection & Prevention Systems 2018 Niche Players

The niche quadrant includes Hillstone Networks and Venustech. Here's a closer look at each company, sorted alphabetically. Hillstone Networks
  • Gartner Says: Headquartered in Beijing and Santa Clara, California, Hillstone Networks is a network security provider that offers NGFWs along with IDPSs. Hillstone has been shipping IDPS devices since 4Q13. At present, its IDPS customer base is predominantly located in China. The vendor offers a total of 23 IDPS models; however, only five are available to the global market — the S-series models of appliances. ... Hillstone does not offer a virtual IDPS model, but it does support on-box virtual instances, including the ability to apply performance constraints on each virtual instance. IDPS signatures are developed internally and obtained from other partners. During the evaluation period, Hillstone introduced several new models. New enhancements introduced in that period include improved antivirus efficacy, HTTPS flood request protection and better IDPS reporting. Additionally it has three new features, Abnormal Behavior Detection (ABD) engine, Advanced Threat Detection (ATD) and a cloud sandbox. ABD is Hillstone's analytics approach that does network baselining looking for abnormal behavior. The sandbox is also interesting for the IDPS market because it allows for "fuzzy" malware behavior signatures to be used to help convict new iterations of existing families of malware.
  • MSSP Alert Says: Hillstone works with MSPs, resellers, systems integrators and distributors to deliver its network security solutions to customers around the globe. The company also offers a channel partner program that provides members with marketing tools, training and certification and other features.
  • Gartner Says: Venustech is a security vendor headquartered in Beijing. It was founded in 1996, and has been shipping IDPSs since 2003 and dedicated IPSs since 2007. In addition to its IDPS, Venustech has a range of security product offerings covering SIEM, firewall, UTM, WAF, database compliance and audit (DCAP), vulnerability assessment, application delivery controller, and an endpoint security solution. Venustech has a virtual IPS edition available that supports VMware and OpenStack. It also has support for the Alibaba, Tencent and Huawei clouds as deployment options. Venustech is a good option for its existing clients consuming its other products, and large and midmarket organizations in South East Asia that need to augment existing controls with an IDPS that covers a range of threats.
  • MSSP Alert Says: Venustech is best known in China, and the company’s partner program focuses mostly on more traditional distributors and resellers.

Gartner Magic Quadrant: Intrusion Detection & Prevention Systems 2018 Graphic

Here's a look at the entire Magic Quadrant and all companies within...
Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.