As threats mount from ransomware gangs, Russian-backed hacker groups, and other nation-sponsored attackers and as the growth in remote work makes security management increasingly complicated, many companies are finding it makes sense to turn to a managed security service provider (MSSP) for help with handling an extremely complex threat landscape.
In response, the market is growing fast. According to a recent MarketsandMarkets report, the global MSSP market is expected to nearly double from $22.8 billion in 2021 to $43.7 billion by 2026, driven not only by remote working and growing cyber threats but also by a massive cybersecurity skills shortage, the demands of government regulations, and the simple cost benefits of outsourcing.
How to Choose the Right MSSP for Your Company
A wider range of providers are offering MSSP services today than ever before, and selecting the right vendor in such a heavily populated market can be a challenge. Gartner analyst Pete Shoard advised that being as clear as possible about your needs is key to selecting the right service, noting that offerings can range from managing a single technology to sharing the responsibility for operating a security platform to full outsourcing of security operations.
Trustwave similarly recommends evaluating vendors “by the capabilities they offer and how they are structured to serve as an extension of your team,” suggesting three key questions to ask in doing so:
- How do the provider’s threat intelligence capabilities stack up?
- What are the strategies and processes behind the vendor’s managed services?
- What are your own organization’s specific needs?
There are a number of cybersecurity services to choose from, ranging from managed SIEM to managed detection and response (MDR), managed firewalls, incident response, and more.
Read more: Choosing a Managed Security Service: MDR, Firewalls & SIEM
11 Leading MSSPs
To help you find the right provider, we evaluated a number of MSSPs to come up with this list of top security service providers. Each summary highlights some of the vendor’s key features and links to a separate, in-depth article for more details.
Accenture acquired Symantec’s MSSP services in 2020. The company’s MSSP portfolio, supported by over 3,400 security professionals, includes managed application security, managed cloud security, managed digital identity, managed security risk, vulnerability management, managed SIEM, and managed extended detection and response (MxDR).
Use Cases: Global markets and all company sizes
Metrics: More than 224 billion logs processed daily
Intelligence: Services leverage machine learning (ML), advanced analytics, cryptography, distributed ledgers, cognitive computing, and automation
Delivery: Can be deployed on-premises or in the cloud
See our previous look at Accenture/Symantec.
AT&T’s 2018 acquisition of AlienVault significantly expanded its cybersecurity offerings, which now includes managed vulnerability services, strategy and roadmap planning, risk-based cyber posture assessments, penetration testing services, secure remote access, secure web gateway (SGW), network-based firewall, distributed denial of service (DDoS) defense, managed threat detection and response, SentinelOne managed endpoint security, MobileIron mobile security, and Lookout mobile endpoint security. AT&T was named as a Niche Player in Gartner’s most recent Magic Quadrant for MSSPs.
Use Cases: Small and medium businesses (SMBs) to large enterprises, mostly in North America
Metrics: Network availability guarantees of up to 99.999%
Intelligence: Monitors well over 19PB of IP traffic on its core network each business day
Delivery: On-premises and cloud
See our in-depth look at AT&T MSSP.
BT’s 3,000 security experts and 16 global security operation centers support a portfolio that includes next-generation firewall (NGFW), Intrusion Detection and Prevention System (IDPS), unified threat management (UTM), SWG, managed DDoS mitigation, managed endpoint detection and response (EDR), managed embedded security controls, application security, network access control, public key infrastructure (PKI) security, vulnerability scanning, patch management, email security, threat monitoring and intelligence, cloud security information and event management (SIEM), MobileIron mobile security, and more.
Use Cases: Companies and governments in U.K., Europe, the Americas, and AMEA (Asia, the Middle East, and Africa)
Metrics: Blocks 6,500 potential cyberattacks a day, and serves 98% of FTSE (Financial Times Stock Exchange) 100 companies
Intelligence: Provides shared and customer-dedicated security operation centers globally
Delivery: Several delivery models—primarily cloud or appliance based, co-managed, or fully managed
See our in-depth look at BT MSSP.
DXC’s more than 3,000 security professionals support a portfolio of integrated solutions that includes advisory services, security risk management, intelligent security operations infrastructure, endpoint security, identity and access management, threat and vulnerability management, incident response, data protection, and cloud security.
Use Cases: Serves over 40% of the Fortune Global 500
Metrics: Manages security services for more than 1.8 million devices
Intelligence: Global threat intelligence, advanced threat detection, and integrated incident response
Delivery: Dedicated solutions can be managed on-site, in a hosted environment or in cloud environments
See our in-depth look at DXC Technology.
IBM provides a wide range of MSSP services, including network protection, managed firewall services, vulnerability scanning, information event management, intelligent log management in the cloud, IDPS, data protection, security intelligence analysis, web gateway management, UTM, secure software-defined wide area network (SD-WAN), adaptive security for hybrid cloud, managed endpoint security, managed identity services, and managed detection and response. IBM was identified as a Leader in Gartner’s most recent Magic Quadrant for MSSPs.
Use Cases: Large enterprises
Metrics: Monitors more than 150 billion security events per day in more than 130 countries
Intelligence: Threat intelligence and incident response services supported by IBM Security X-Force
Delivery: Shared multi-tenant, on-premises, or as a service
See our in-depth look at IBM.
Lumen, rebranded from CenturyLink in 2020, offers a broad range of services, including a professionally managed next-generation network-based firewall, IDPS, adaptive network security, UTM, DDoS mitigation, and threat intelligence. Lumen’s eight SOCs worldwide respond to physical and logical alarms, mitigate attacks and suspicious or abnormal network activity, and assist with customer security inquiries. Prior to the rebranding, CenturyLink was named as a Visionary in Gartner’s most recent Magic Quadrant for MSSPs.
Use Cases: Mid-sized to multinational enterprises and government customers in more than 60 countries
Metrics: Monitors more than 195 billion NetFlow sessions daily, and mitigates 120 DDoS attacks per day
Intelligence: Lumen Adaptive Threat Intelligence (ATI), powered by Black Lotus Labs, delivers high-fidelity threat intelligence in near-real time
Delivery: Delivered through a central portal or directly to the organization’s SIEM without requiring on-site equipment or installation
See our in-depth look at Lumen/CenturyLink.
NTT’s MSSP offering includes threat detection, compliance monitoring, security device management, vulnerability management, managed detection and response, enterprise security monitoring, web application firewall-as-a-service, and managed SOC as a service. NTT was named as a Niche Player in Gartner’s most recent Magic Quadrant for MSSPs.
Use Cases: Companies of all sizes and across all industries
Metrics: Six global SOCs analyze two billion events per day
Intelligence: Combines ML, big data, and complex event processing analysis
Delivery: On-premises, cloud-based, or hybrid services
See our in-depth look at NTT MSSP.
Secureworks’ wide range of services includes managed firewall, managed IDPS, managed iSensor IPS, managed NGFW, advanced endpoint threat detection (AETD), advanced endpoint threat prevention, advanced remediation management, log management and compliance reporting, security event monitoring, vulnerability program management, vulnerability scanning, payment card industry (PCI) scanning, web application scanning, and policy compliance. Secureworks’ Taegis ManagedXDR service includes advanced threat hunting, detection, and rapid response. Secureworks was named a Leader in Gartner’s most recent Magic Quadrant for MSSPs.
Use Cases: Mid-sized, enterprise, and government organizations
Metrics: 300 billion security events processed daily
Intelligence: Provides threat research, threat intelligence, malware analysis, and analytics support to SOCs
Delivery: Hosted by Secureworks or delivered on customer networks
See our in-depth look at Secureworks.
Trustwave’s MSSP services include managed detection and response, managed security and compliance, managed application control, managed database security, proactive threat hunting, security testing, security technology management, and threat monitoring and detection. Data and reports are available 24/7 via the Trustwave TrustKeeper portal. Trustwave was named as a Leader in Gartner’s most recent Magic Quadrant for MSSPs.
Use Cases: SMBs to large enterprises primarily in financial services, retail, hospitality, healthcare, payment services, government, and education
Metrics: More than three million businesses leverage the Trustwave TrustKeeper cloud platform
Intelligence: Global threat intelligence is delivered by Trustwave SpiderLabs
Delivery: From appliance to cloud and hybrid
See our in-depth look at Trustwave.
Verizon Managed Security Services encompasses a wide range of offerings to help companies detect security incidents and threats, including incident response and investigation, security and protection services, cyber risk management, and secure gateway services. A separate MDR offering provides security as a service by combining SIEM technology, user and entity behavior analytics (UEBA), and integrations with network detection and response (NDR) and EDR. Verizon was named as a Leader in Gartner’s most recent Magic Quadrant for MSSPs.
Use Cases: SMBs to large enterprises
Metrics: Verizon’s nine SOCs process over 61 billion events a year
Intelligence: Verizon Research, Investigations, Solutions, Knowledge (RISK) team provides threat intelligence and incident response
Delivery: Via SOCs that monitor the network
See our in-depth look at Verizon Enterprise.
Wipro’s managed security services include MDR, managed application security, managed digital trust, managed cloud and infra security, and managed security risk and compliance. Wipro was identified as a Niche Player in Gartner’s most recent Magic Quadrant for MSSPs.
Use Cases: Global presence but strongest in Asia and Europe
Metrics: More than 200,000 employees serving clients across six continents
Intelligence: ML-leveraged for threat detection
Delivery: Its Cyber Defense Center (CDC) portal is the landing page for accessing services
See our in-depth look at Wipro.