Best Managed Security Service Providers (MSSPs)

Not surprisingly, managed security has become big business. Giants such as IBM, BT and Verizon are among the leading lights in this field. These vendors charge an upfront fee and require an ongoing subscription to augment internal security measures or take over many of the functions of IT security.

This guide covers the top managed service providers for security. They were chosen based on their ratings in analyst reports, such as the most recent Gartner Magic Quadrant (MQ) for Managed Security Service Providers and the IDC MarketScape: Worldwide Managed Security Services 2017 Vendor Assessment.

Gartner analyst Toby Bussa said that although the security offerings from managed security services companies vary, the following features are common to most of them:

Managed security services pricing

MSSPs use many different pricing models. Most charge based on the type and size of the security technology to be managed. For example, they might collect log data and charge fees based on the number and types of sources, or by events per time period. Alternatively, they might price their services based on data volume or velocity, the total number of sources sending data to the MSSP, the number of incidents that are detected, number of alerts notified, the number of users, or the number of assets.

For those in the market for an MSSP, here are some of the top choices. Each summary links to an in-depth article on each vendor, and we’ve included a chart at the end of this article highlighting some of the top features of each solution provider.


Symantec provides monitoring services, intrusion detection and prevention system (IDPS) management, hosted log retention, intelligence services and advanced threat protection, in addition to incident response and cyber skills development. Symantec performs the monitoring and management of the customers’ security environment – everything from data collection to incident identification and interactive alerting, with dedicated security analysts to prepare and provide details and recommendations on incidents.

See our in-depth look at Symantec

DXC Technology

DXC has a portfolio of integrated solutions that includes security advisory, risk management, intelligent security operations infrastructure, endpoint security, identity and access management, threat and vulnerability management, data protection and cloud security.

See our in-depth look at DXC Technology


IBM provides a wide range of MSSP services including network protection, firewall management, vulnerability scanning, information event management, intelligent log management in the cloud, IDPS, data protection, security intelligence analysis, web gateway management, unified threat management (UTM), secure software-defined wide area network (SD-WAN), adaptive security for hybrid cloud, endpoint security and Amazon GuardDuty services.

See our in-depth look at IBM 


Verizon Enterprise cybersecurity solutions include security professional services, network and gateway security, security monitoring and operations, and incident response. Its analytics platform also includes a customer portal.

See our in-depth look at Verizon Enterprise


BT offers next-generation firewall (NGFW), IDPS, UTM, secure web gateway (SWG), managed distributed denial of service (DDoS) protection, endpoint protection, application security, network access control, public key infrastructure (PKI) security, vulnerability scanning, patch management, email security, threat monitoring and intelligence, security information and event management (SIEM), and more. It has an incident response partnership with Mandiant, as well as partnerships with Trend Micro’s Deep Security and Symantec SSL decryption.

See our in-depth look at BT MSSP


Services include CenturyLink’s professionally managed, next-generation network-based firewall solution, adaptive network security and threat intelligence. CenturyLink has deployed security operations centers (SOCs) to respond to physical and logical alarms, attacks and suspicious or abnormal network activity, as well as to assist with customer security inquiries.

See our in-depth look at CenturyLink


Trustwave services include network firewalls, IDPS, UTM, rogue device detection and internal vulnerability scanning, all consolidated into a single appliance and delivered by Trustwave as a fully managed service. Trustwave SWG blocks new malware in real-time. It decrypts, unpacks and assembles web pages and exposes any malicious behavior.

See our in-depth look at Trustwave


AT&T Threat Manager is the company’s security event monitoring and management service. Threat correlation and analysis is performed via the AT&T Threat Intellect platform, which includes SIEM, big data and analytics. It is delivered as part of AT&T’s Threat Management and Intelligence solutions. Device management is available for network security, data and application security, endpoint and mobile security. Service options include Internet and Intranet protection, mobile security, DDoS defense, firewalls, Web application protection, IDPS, email gateway, endpoint security, encryption, device management, and token authentication.

See our in-depth look at AT&T MSSP


NTT offers professional services as well as integration and incident response services. Services include enterprise security monitoring, device management and vulnerability management. A managed endpoint detection and response (EDR) offering is available via partnerships with Carbon Black, FireEye and CounterTack. It has 17 global SOCs with 24/7 service.

See our in-depth look at NTT MSSP


Secureworks offers security services through its Counter Threat Appliance (CTA) and Counter Threat Platform (CTP). Services are accessed via the Secureworks Client Portal. Host and network-based advanced threat detection are via Secureworks’ Advanced Endpoint Threat Detection (AETD) service. It also offers Advanced Malware Protection and Detection (AMPD) in partnership with Lastline. Additional services, such as vulnerability scanning and advanced threat intelligence services, are also available.

See our in-depth look at Secureworks


Wipro provides security threat monitoring, infrastructure security operations and technology management, vulnerability management, incident response, identity and access management, security consulting and other services. Security event monitoring is delivered via its ServiceNXT platform. The company can also deliver it via a customer’s SIEM (with six SIEM platforms supported).

See our in-depth look at Wipro 

Top Managed Security Services Providers

Vendor Use Cases Metrics Intelligence Delivery Gartner MQ Position
Symantec Globalmarkets and all company sizes;service delivery tailored
to industries and customers of different sizes
125 billion security
logs processed daily, 700,000+ adversaries
tracked, 98 million attack sensors worldwide
Machine learning, analytics and analysts
eliminate false positives and escalate critical
incidents that need attention within 10 minutes of identification
Log Collection Platform can be deployed on- premises or in the cloud Leader
More than 40 percent of the Fortune Global 500, and security services in every industry segment DXC manages the security services for more than 1.8 million devices Global threat
intelligence,advanced threat detection and
integrated incident response
Via dedicated solutions that can be managed onsite,in a hosted environment, or in
cloud environments
IBM Large enterprises Monitors 35 billion security events daily in more than 130 countries Threat intelligence and incident response
services are available under IBM X-Force IRIS
Shared multi-tenant, on- premises or as a service Leader
Verizon Enterprise SMBs to large enterprises More than 1 million security events analyzed daily RISK team provides threat intelligence and incident response
Via SOCs that monitor the network Leader
BT Companies and governments in UK, Europe,the Americas and AMEA BT handles 4,000 cyberattacks a day against its network BT Cyber Operations provides shared and customer-dedicated socs globally Several delivery models, primarily cloud or
appliance based
Centurylink Mid-sized to multinational enterprises and
government customers
Monitors 1.3 billion security events and 99 billion NetFlow sessions daily, and mitigates 120 DDoS attacks per day Adaptive Threat
Intelligence network- based,real-time
monitoring, threat correlation and
alerting service
Delivered through a central portal,or directly to the organization’s
SIEM,without requiring management of on-site equipment
Niche Player
Trustwave SMBs to large enterprises,primarily in financial services,
payment services, government, education, hotels,restaurants
More than three million businesses enrolled in the Trustwave
TrustKeeper cloud platform
Threat intelligence is delivered by Trustwave SpiderLabs From drop-ship and appliance to cloud and hybrid Leader
AT&T SMBs to large enterprises,mostly in
North America.
Network availability guarantees of up to 99.999% Monitors over 19 PB IP traffic on its core network each business day for suspicious activity On-premises and cloud Challenger
NTT Companies of all sizes and industries Global Threat Intelligence Platform (GTIP) has visibility into 40% of global internet traffic Combines machine
learning, big data,and complex event processing analysis
On-premises,cloud- based or hybrid services Challenger
Secureworks Mid-size,enterprise and government organizations 4,400 clients in 55 countries;250 billion security events processed daily Provides threat research and threat intelligence, malware analysis,and analytics support to SOCs Hosted by Secureworks or delivered on customer networks Leader
Wipro Global presence,but is strongest in Asia and Europe More than 160,000 employees serving clients across six continents Machine learning is used for threat detection Its Cyber Defense Center (CDC) portal is the landing page for accessing services Niche Player


Drew Robb
Drew Robb has been a full-time professional writer and editor for more than twenty years. He currently works freelance for a number of IT publications, including ServerWatch and CIO Insight. He is also the editor-in-chief of an international engineering magazine.

Top Products

Top Cybersecurity Companies

Related articles