- Segmenting and securing the network across locations and hosting models; and
- preaching the Zero Trust gospel — the need to challenge and eliminate the inherent trust assumptions in our security strategies that made us vulnerable to external and internal attacks.
Dig a little deeper, and Forrester recently evaluated 14 security companies and their capabilities as so-called Zero Trust eXtended ecosystem providers. To be considered for the Forrester research for 2018, each vendor had to have:
- at least $75 million in annual revenues;
- technical capabilities in at least three of seven areas: 1) network security; 2) device security; 3) people/identity security; 4) workload/application security; 5) data security; 6) security visibility and analytics; and 7) security automation and orchestration.
- APIs for integration; and
- alignment with Forrester's ZTX framework and overall Zero Trust concepts, among other things.
The complete Forrester report is here for 2018.
Managed Security Services and Zero Trust
Now, let's connect the dots between Forrester's report and the MSSP industry. Of the 14 companies on the Forrester list -- four more than the 10 we promised in the headline -- here's a look at each security firm and their MSSP focus heading into 2019. Note: MSSP Alert has sorted the 14 companies alphabetically rather than by the Forrester Wave ranking.
1. Akamai: The network security company offers DDoS, botnet mitigation, malware protection, and application microsegmentation capabilities. MSSP Alert says: Akamai has a long-established partner program and works with well-known Top 100 MSSPs like Trustwave.
2. Centrify: The company specializes in privileged identity management (PIM) and identity-as-a-service) IDaaS. MSSP Alert says: Private equity firm Thoma Bravo acquired Centrify in mid-2018. Shortly ahead of the deal, Centrify in June 2018 launched a partner program called Centrify Zero Trust Security Network. The effort was previously know as the Centrify Alliance Partner Program (CAPP). The Thoma Bravo deal could allow Centrify to strengthen its MSP and MSSP partner engagements, MSSP Alert believes.
3. Cisco Systems: Security has been a key focus area for Cisco Systems CEO Chuck Robbins, and the company has well-known offerings across endpoint, network and cloud security services. MSSP Alert says: Cisco's $2.35 billion buyout of Duo Security in August 2018 furthers the company's zero trust effort. Plus, Cisco is taking steps to engage MSPs in the SMB sector, and the company in September 2018 named Ruba Borno as VP and GM, Cisco Managed Services. Roll all those efforts together, and it's clear the MSP and MSSP push continues.
4. Cyxtera Technologies: The company is a secure infrastructure and colocation provider -- supporting more than 3,500 enterprises, government agencies and service providers. MSSP Alert says: Cyxtera works with numerous MSSPs and Managed Detection and Response (MDR) providers. An example partnership involves eSentire integrating its MDR service with the Cyxtera's AppGate SDP zero-trust network solution. And earlier this year, Cyxtera acquired Immunity, a Miami-based threat assessment and penetration services provider.
5. Forcepoint: Formerly known as Websense/Raytheon, the company's focus areas include the federal space, and the company's technologies address security user behavior analytics (SUBA) and data security, Forrester notes. MSSP Alert says: Parent Raytheon itself is an MDR and MSSP provider. But Forcepoint also has relationships with numerous MSSPs -- including Calian Group.
6. Fortinet: Fortinet is best-known as a network security provider, but don't overlook the company's application, cloud, identity, threat detection and prevention offerings. MSSP Alert says: Fortinet pioneered MSSP partner programs. and in mid-2018 aligned its MSSP efforts with the company's broader channel program.
7. Illumio: The company specializes in micro-segmentation solutions, while also offering customers application dependency maps and vulnerability maps. MSSP Alert says: . An integration between Illumio and Qualys Cloud Platform shows potential attack paths in real time. We have not, however, heard a specific MSSP partner strategy from Illumio as of December 2018.
Visit page two of two for companies eight through 14, sorted alphabetically.
Welcome to page two of two. Here are companies eight through 14, sorted alphabetically, in our Zero Trust security list.
8. Microsoft: Much of the company's Zero Trust push involves Office 365 users and associated security offerings to safeguard the cloud productivity suite, Forrester notes. MSSP Alert says: No doubt, most major MSSPs offer security services that safeguard Microsoft's system software and applications. But it's only over the past year or so that Microsoft has truly started to understand and target MSPs in the SMB sector. That effort includes a long-overdue Azure Expert MSP push, which surfaced in July 2018.
9. Okta: The company is best-known for its identity and access management (IAM) and single sign-on solutions. But a Zero Trust push is accelerating. MSSP Alert says: Okta in September 2018 launched Partner Connect, a program that enables solution and technology providers to add identity management and security offerings to their portfolios. Also, Okta in July 2018 acquired ScaleFT -- a Zero Trust security platform -- for an undisclosed sum.
10. Palo Alto Networks: The cloud, endpoint and network security company aggressively promotes a Zero Trust architecture to its customers and partners. MSSP Alert says: Palo Alto is well-known within the MSSP market, and continues to promote its wares to such partners. The company's partner program now includes an MSSP specialization.
11. Sophos: The company has expanded beyond traditional anti-virus conversations by promoting various endpoint, firewall and unified threat management offerings. MSSP Alert says: Sophos has one of the most widely deployed multi-tenant security platforms for MSPs and MSSPs, and the company's anti-phishing security training tools provide a natural first-step sales option for emerging partners.
12. Symantec: Still one of the best-known names in endpoint and network security, but the Zero Trust push is somewhat newer for Symantec. MSSP Alert says: Symantec also is a Top 100 MSSP in its own right, is shrinking in some ways but growing in others.
13. Trend Micro: The company specializes in anti-malware and endpoint security, cloud workload security, as well as significant capability in the network security pillar of ZTX, Forrester notes. MSSP Alert says: Trend Micro was one of the security industry's first-movers with MSP- and SaaS-centric partner programs nearly a decade ago. More recently, Trend Micro has partnered to launch its own MSSP along with an MDR service for partners.
14. VMware: The company's Zero Trust effort focuses most on NSX -- the software-defined networking (SDN) offering that offers network micro segmentation. MSSP Alert says: The NSX partner ecosystem is growing rapidly -- but relatively small compared to the company's more traditional server virtualization channel. VMware has also been helping hosting providers to transform into MSPs and MSSPs. And we're curious to see how VMware Cloud on AWS along with the company's desktop virtualization options will fit into the Zero Trust strategy.
