Not surprisingly, managed security has become big business. Giants such as IBM, BT and Verizon are among the leading lights in this field. These vendors charge an upfront fee and require an ongoing subscription to augment internal security measures or take over many of the functions of IT security.
This guide covers the top managed service providers for security. They were chosen based on their ratings in analyst reports, such as the most recent Gartner Magic Quadrant (MQ) for Managed Security Service Providers and the IDC MarketScape: Worldwide Managed Security Services 2017 Vendor Assessment.
Gartner analyst Toby Bussa said that although the security offerings from managed security services companies vary, the following features are common to most of them:
- Distributed denial of service (DDoS) protection
- Advanced threat intelligence services (e.g., dark web monitoring)
- Secure messaging gateways, secure web gateways and web application firewalls delivered “as a service”
- Managed vulnerability management (e.g., end-to-end management that includes scanning, prioritization and patching on behalf of the customer)
- Identity and access management
Managed security services pricing
MSSPs use many different pricing models. Most charge based on the type and size of the security technology to be managed. For example, they might collect log data and charge fees based on the number and types of sources, or by events per time period. Alternatively, they might price their services based on data volume or velocity, the total number of sources sending data to the MSSP, the number of incidents that are detected, number of alerts notified, the number of users, or the number of assets.
For those in the market for an MSSP, here are some of the top choices. Each summary links to an in-depth article on each vendor, and we’ve included a chart at the end of this article highlighting some of the top features of each solution provider.
- MSSP vendors comparison chart
- DXC Technology
Symantec provides monitoring services, intrusion detection and prevention system (IDPS) management, hosted log retention, intelligence services and advanced threat protection, in addition to incident response and cyber skills development. Symantec performs the monitoring and management of the customers’ security environment – everything from data collection to incident identification and interactive alerting, with dedicated security analysts to prepare and provide details and recommendations on incidents.
See our in-depth look at Symantec
DXC has a portfolio of integrated solutions that includes security advisory, risk management, intelligent security operations infrastructure, endpoint security, identity and access management, threat and vulnerability management, data protection and cloud security.
See our in-depth look at DXC Technology
IBM provides a wide range of MSSP services including network protection, firewall management, vulnerability scanning, information event management, intelligent log management in the cloud, IDPS, data protection, security intelligence analysis, web gateway management, unified threat management (UTM), secure software-defined wide area network (SD-WAN), adaptive security for hybrid cloud, endpoint security and Amazon GuardDuty services.
See our in-depth look at IBM
Verizon Enterprise cybersecurity solutions include security professional services, network and gateway security, security monitoring and operations, and incident response. Its analytics platform also includes a customer portal.
See our in-depth look at Verizon Enterprise
BT offers next-generation firewall (NGFW), IDPS, UTM, secure web gateway (SWG), managed distributed denial of service (DDoS) protection, endpoint protection, application security, network access control, public key infrastructure (PKI) security, vulnerability scanning, patch management, email security, threat monitoring and intelligence, security information and event management (SIEM), and more. It has an incident response partnership with Mandiant, as well as partnerships with Trend Micro’s Deep Security and Symantec SSL decryption.
See our in-depth look at BT MSSP
Services include CenturyLink’s professionally managed, next-generation network-based firewall solution, adaptive network security and threat intelligence. CenturyLink has deployed security operations centers (SOCs) to respond to physical and logical alarms, attacks and suspicious or abnormal network activity, as well as to assist with customer security inquiries.
See our in-depth look at CenturyLink
Trustwave services include network firewalls, IDPS, UTM, rogue device detection and internal vulnerability scanning, all consolidated into a single appliance and delivered by Trustwave as a fully managed service. Trustwave SWG blocks new malware in real-time. It decrypts, unpacks and assembles web pages and exposes any malicious behavior.
See our in-depth look at Trustwave
AT&T Threat Manager is the company’s security event monitoring and management service. Threat correlation and analysis is performed via the AT&T Threat Intellect platform, which includes SIEM, big data and analytics. It is delivered as part of AT&T’s Threat Management and Intelligence solutions. Device management is available for network security, data and application security, endpoint and mobile security. Service options include Internet and Intranet protection, mobile security, DDoS defense, firewalls, Web application protection, IDPS, email gateway, endpoint security, encryption, device management, and token authentication.
See our in-depth look at AT&T MSSP
NTT offers professional services as well as integration and incident response services. Services include enterprise security monitoring, device management and vulnerability management. A managed endpoint detection and response (EDR) offering is available via partnerships with Carbon Black, FireEye and CounterTack. It has 17 global SOCs with 24/7 service.
See our in-depth look at NTT MSSP
Secureworks offers security services through its Counter Threat Appliance (CTA) and Counter Threat Platform (CTP). Services are accessed via the Secureworks Client Portal. Host and network-based advanced threat detection are via Secureworks’ Advanced Endpoint Threat Detection (AETD) service. It also offers Advanced Malware Protection and Detection (AMPD) in partnership with Lastline. Additional services, such as vulnerability scanning and advanced threat intelligence services, are also available.
See our in-depth look at Secureworks
Wipro provides security threat monitoring, infrastructure security operations and technology management, vulnerability management, incident response, identity and access management, security consulting and other services. Security event monitoring is delivered via its ServiceNXT platform. The company can also deliver it via a customer’s SIEM (with six SIEM platforms supported).
See our in-depth look at Wipro
Top Managed Security Services Providers
|Vendor||Use Cases||Metrics||Intelligence||Delivery||Gartner MQ Position|
|Symantec||Globalmarkets and all company sizes;service delivery tailored
to industries and customers of different sizes
|125 billion security
logs processed daily, 700,000+ adversaries
tracked, 98 million attack sensors worldwide
|Machine learning, analytics and analysts
eliminate false positives and escalate critical
incidents that need attention within 10 minutes of identification
|Log Collection Platform can be deployed on- premises or in the cloud||Leader|
|More than 40 percent of the Fortune Global 500, and security services in every industry segment||DXC manages the security services for more than 1.8 million devices||Global threat
intelligence,advanced threat detection and
integrated incident response
|Via dedicated solutions that can be managed onsite,in a hosted environment, or in
|IBM||Large enterprises||Monitors 35 billion security events daily in more than 130 countries||Threat intelligence and incident response
services are available under IBM X-Force IRIS
|Shared multi-tenant, on- premises or as a service||Leader|
|Verizon Enterprise||SMBs to large enterprises||More than 1 million security events analyzed daily||RISK team provides threat intelligence and incident response
|Via SOCs that monitor the network||Leader|
|BT||Companies and governments in UK, Europe,the Americas and AMEA||BT handles 4,000 cyberattacks a day against its network||BT Cyber Operations provides shared and customer-dedicated socs globally||Several delivery models, primarily cloud or
|Centurylink||Mid-sized to multinational enterprises and
|Monitors 1.3 billion security events and 99 billion NetFlow sessions daily, and mitigates 120 DDoS attacks per day||Adaptive Threat
Intelligence network- based,real-time
monitoring, threat correlation and
|Delivered through a central portal,or directly to the organization’s
SIEM,without requiring management of on-site equipment
|Trustwave||SMBs to large enterprises,primarily in financial services,
payment services, government, education, hotels,restaurants
|More than three million businesses enrolled in the Trustwave
TrustKeeper cloud platform
|Threat intelligence is delivered by Trustwave SpiderLabs||From drop-ship and appliance to cloud and hybrid||Leader|
|AT&T||SMBs to large enterprises,mostly in
|Network availability guarantees of up to 99.999%||Monitors over 19 PB IP traffic on its core network each business day for suspicious activity||On-premises and cloud||Challenger|
|NTT||Companies of all sizes and industries||Global Threat Intelligence Platform (GTIP) has visibility into 40% of global internet traffic||Combines machine
learning, big data,and complex event processing analysis
|On-premises,cloud- based or hybrid services||Challenger|
|Secureworks||Mid-size,enterprise and government organizations||4,400 clients in 55 countries;250 billion security events processed daily||Provides threat research and threat intelligence, malware analysis,and analytics support to SOCs||Hosted by Secureworks or delivered on customer networks||Leader|
|Wipro||Global presence,but is strongest in Asia and Europe||More than 160,000 employees serving clients across six continents||Machine learning is used for threat detection||Its Cyber Defense Center (CDC) portal is the landing page for accessing services||Niche Player|