11 Top Managed Security Service Providers (MSSPs)


With so many security breaches in the news and a seemingly endless supply of threats and cyber criminals, many enterprise IT departments feel outgunned by cybercriminals. For help, they're turning to managed security service providers (MSSPs).

Not surprisingly, managed security has become big business. Giants such as IBM, BT and Verizon are among the leading lights in this field. These vendors charge an upfront fee and require an ongoing subscription to augment internal security measures or take over many of the functions of IT security.

This guide covers the top managed service providers for security. They were chosen based on their ratings in analyst reports, such as the most recent Gartner Magic Quadrant (MQ) for Managed Security Service Providers and the IDC MarketScape: Worldwide Managed Security Services 2017 Vendor Assessment.

Gartner analyst Toby Bussa said that although the security offerings from managed security services companies vary, the following features are common to most of them:

Managed security services pricing

MSSPs use many different pricing models. Most charge based on the type and size of the security technology to be managed. For example, they might collect log data and charge fees based on the number and types of sources, or by events per time period. Alternatively, they might price their services based on data volume or velocity, the total number of sources sending data to the MSSP, the number of incidents that are detected, number of alerts notified, the number of users, or the number of assets.

For those in the market for an MSSP, here are some of the top choices. Each summary links to an in-depth article on each vendor, and we've included a chart at the end of this article highlighting some of the top features of each solution provider.


Symantec provides monitoring services, intrusion detection and prevention system (IDPS) management, hosted log retention, intelligence services and advanced threat protection, in addition to incident response and cyber skills development. Symantec performs the monitoring and management of the customers' security environment – everything from data collection to incident identification and interactive alerting, with dedicated security analysts to prepare and provide details and recommendations on incidents.

See our in-depth look at Symantec

DXC Technology

DXC has a portfolio of integrated solutions that includes security advisory, risk management, intelligent security operations infrastructure, endpoint security, identity and access management, threat and vulnerability management, data protection and cloud security.

See our in-depth look at DXC Technology


IBM provides a wide range of MSSP services including network protection, firewall management, vulnerability scanning, information event management, intelligent log management in the cloud, IDPS, data protection, security intelligence analysis, web gateway management, unified threat management (UTM), secure software-defined wide area network (SD-WAN), adaptive security for hybrid cloud, endpoint security and Amazon GuardDuty services.

See our in-depth look at IBM 


Verizon Enterprise cybersecurity solutions include security professional services, network and gateway security, security monitoring and operations, and incident response. Its analytics platform also includes a customer portal.

See our in-depth look at Verizon Enterprise


BT offers next-generation firewall (NGFW), IDPS, UTM, secure web gateway (SWG), managed distributed denial of service (DDoS) protection, endpoint protection, application security, network access control, public key infrastructure (PKI) security, vulnerability scanning, patch management, email security, threat monitoring and intelligence, security information and event management (SIEM), and more. It has an incident response partnership with Mandiant, as well as partnerships with Trend Micro's Deep Security and Symantec SSL decryption.

See our in-depth look at BT MSSP


Services include CenturyLink's professionally managed, next-generation network-based firewall solution, adaptive network security and threat intelligence. CenturyLink has deployed security operations centers (SOCs) to respond to physical and logical alarms, attacks and suspicious or abnormal network activity, as well as to assist with customer security inquiries.

See our in-depth look at CenturyLink


Trustwave services include network firewalls, IDPS, UTM, rogue device detection and internal vulnerability scanning, all consolidated into a single appliance and delivered by Trustwave as a fully managed service. Trustwave SWG blocks new malware in real-time. It decrypts, unpacks and assembles web pages and exposes any malicious behavior.

See our in-depth look at Trustwave


AT&T Threat Manager is the company's security event monitoring and management service. Threat correlation and analysis is performed via the AT&T Threat Intellect platform, which includes SIEM, big data and analytics. It is delivered as part of AT&T's Threat Management and Intelligence solutions. Device management is available for network security, data and application security, endpoint and mobile security. Service options include Internet and Intranet protection, mobile security, DDoS defense, firewalls, Web application protection, IDPS, email gateway, endpoint security, encryption, device management, and token authentication.

See our in-depth look at AT&T MSSP


NTT offers professional services as well as integration and incident response services. Services include enterprise security monitoring, device management and vulnerability management. A managed endpoint detection and response (EDR) offering is available via partnerships with Carbon Black, FireEye and CounterTack. It has 17 global SOCs with 24/7 service.

See our in-depth look at NTT MSSP


Secureworks offers security services through its Counter Threat Appliance (CTA) and Counter Threat Platform (CTP). Services are accessed via the Secureworks Client Portal. Host and network-based advanced threat detection are via Secureworks' Advanced Endpoint Threat Detection (AETD) service. It also offers Advanced Malware Protection and Detection (AMPD) in partnership with Lastline. Additional services, such as vulnerability scanning and advanced threat intelligence services, are also available.

See our in-depth look at Secureworks


Wipro provides security threat monitoring, infrastructure security operations and technology management, vulnerability management, incident response, identity and access management, security consulting and other services. Security event monitoring is delivered via its ServiceNXT platform. The company can also deliver it via a customer's SIEM (with six SIEM platforms supported).

See our in-depth look at Wipro 

Top Managed Security Services Providers
VendorUse CasesMetricsIntelligenceDeliveryGartner MQ Position
SymantecGlobalmarkets and all company sizes;service delivery tailored to industries and customers of different sizes125 billion security logs processed daily, 700,000+ adversaries tracked, 98 million attack sensors worldwideMachine learning, analytics and analysts eliminate false positives and escalate critical incidents that need attention within 10 minutes of identificationLog Collection Platform can be deployed on- premises or in the cloudLeader
DXC TechnologyMore than 40 percent of the Fortune Global 500, and security services in every industry segmentDXC manages the security services for more than 1.8 million devicesGlobal threat intelligence,advanced threat detection and integrated incident responseVia dedicated solutions that can be managed onsite,in a hosted environment, or in cloud environmentsChallenger
IBMLarge enterprisesMonitors 35 billion security events daily in more than 130 countriesThreat intelligence and incident response services are available under IBM X-Force IRISShared multi-tenant, on- premises or as a serviceLeader
Verizon EnterpriseSMBs to large enterprisesMore than 1 million security events analyzed dailyRISK team provides threat intelligence and incident response servicesVia SOCs that monitor the networkLeader
BTCompanies and governments in UK, Europe,the Americas and AMEABT handles 4,000 cyberattacks a day against its networkBT Cyber Operations provides shared and customer-dedicated socs globallySeveral delivery models, primarily cloud or appliance basedChallenger
CenturylinkMid-sized to multinational enterprises and government customersMonitors 1.3 billion security events and 99 billion NetFlow sessions daily, and mitigates 120 DDoS attacks per dayAdaptive Threat Intelligence network- based,real-time monitoring, threat correlation and alerting serviceDelivered through a central portal,or directly to the organization's SIEM,without requiring management of on-site equipmentNiche Player
TrustwaveSMBs to large enterprises,primarily in financial services, retail,healthcare, payment services, government, education, hotels,restaurantsMore than three million businesses enrolled in the Trustwave TrustKeeper cloud platformThreat intelligence is delivered by Trustwave SpiderLabsFrom drop-ship and appliance to cloud and hybridLeader
AT&TSMBs to large enterprises,mostly in North America.Network availability guarantees of up to 99.999%Monitors over 19 PB IP traffic on its core network each business day for suspicious activityOn-premises and cloudChallenger
NTTCompanies of all sizes and industriesGlobal Threat Intelligence Platform (GTIP) has visibility into 40% of global internet trafficCombines machine learning, big data,and complex event processing analysisOn-premises,cloud- based or hybrid servicesChallenger
SecureworksMid-size,enterprise and government organizations4,400 clients in 55 countries;250 billion security events processed dailyProvides threat research and threat intelligence, malware analysis,and analytics support to SOCsHosted by Secureworks or delivered on customer networksLeader
WiproGlobal presence,but is strongest in Asia and EuropeMore than 160,000 employees serving clients across six continentsMachine learning is used for threat detectionIts Cyber Defense Center (CDC) portal is the landing page for accessing servicesNiche Player