With so many security breaches in the news and a seemingly endless supply of threats and cyber criminals, many enterprise IT departments feel outgunned by cybercriminals. For help, they're turning to managed security service providers (MSSPs).
Not surprisingly, managed security has become big business. Giants such as IBM, BT and Verizon are among the leading lights in this field. These vendors charge an upfront fee and require an ongoing subscription to augment internal security measures or take over many of the functions of IT security.
This guide covers the top managed service providers for security. They were chosen based on their ratings in analyst reports, such as the most recent Gartner Magic Quadrant (MQ) for Managed Security Service Providers and the IDC MarketScape: Worldwide Managed Security Services 2017 Vendor Assessment.
Gartner analyst Toby Bussa said that although the security offerings from managed security services companies vary, the following features are common to most of them:
- Distributed denial of service (DDoS) protection
- Advanced threat intelligence services (e.g., dark web monitoring)
- Secure messaging gateways, secure web gateways and web application firewalls delivered "as a service"
- Managed vulnerability management (e.g., end-to-end management that includes scanning, prioritization and patching on behalf of the customer)
- Identity and access management
MSSPs use many different pricing models. Most charge based on the type and size of the security technology to be managed. For example, they might collect log data and charge fees based on the number and types of sources, or by events per time period. Alternatively, they might price their services based on data volume or velocity, the total number of sources sending data to the MSSP, the number of incidents that are detected, number of alerts notified, the number of users, or the number of assets.https://o1.qnsr.com/log/p.gif?;n=203;c=204660767;s=9477;x=7936;f=201812281314300;u=j;z=TIMESTAMP;a=20392941;e=i
For those in the market for an MSSP, here are some of the top choices. Each summary links to an in-depth article on each vendor, and we've included a chart at the end of this article highlighting some of the top features of each solution provider.
- MSSP vendors comparison chart
- DXC Technology
Symantec provides monitoring services, intrusion detection and prevention system (IDPS) management, hosted log retention, intelligence services and advanced threat protection, in addition to incident response and cyber skills development. Symantec performs the monitoring and management of the customers' security environment – everything from data collection to incident identification and interactive alerting, with dedicated security analysts to prepare and provide details and recommendations on incidents.
See our in-depth look at Symantec Managed Security Services
DXC has a portfolio of integrated solutions that includes security advisory, risk management, intelligent security operations infrastructure, endpoint security, identity and access management, threat and vulnerability management, data protection and cloud security.
See our in-depth look at DXC Managed IT Services
IBM provides a wide range of MSSP services including network protection, firewall management, vulnerability scanning, information event management, intelligent log management in the cloud, IDPS, data protection, security intelligence analysis, web gateway management, unified threat management (UTM), secure software-defined wide area network (SD-WAN), adaptive security for hybrid cloud, endpoint security and Amazon GuardDuty services.
See our in-depth look at IBM Managed Security Services
Verizon Enterprise cybersecurity solutions include security professional services, network and gateway security, security monitoring and operations, and incident response. Its analytics platform also includes a customer portal.
See our in-depth look at Verizon Enterprise MSP services
BT offers next-generation firewall (NGFW), IDPS, UTM, secure web gateway (SWG), managed distributed denial of service (DDoS) protection, endpoint protection, application security, network access control, public key infrastructure (PKI) security, vulnerability scanning, patch management, email security, threat monitoring and intelligence, security information and event management (SIEM), and more. It has an incident response partnership with Mandiant, as well as partnerships with Trend Micro's Deep Security and Symantec SSL decryption.
See our in-depth look at BT Managed Security Services
Services include CenturyLink's professionally managed, next-generation network-based firewall solution, adaptive network security and threat intelligence. CenturyLink has deployed security operations centers (SOCs) to respond to physical and logical alarms, attacks and suspicious or abnormal network activity, as well as to assist with customer security inquiries.
See our in-depth look at CenturyLink managed IT services for security
Trustwave services include network firewalls, IDPS, UTM, rogue device detection and internal vulnerability scanning, all consolidated into a single appliance and delivered by Trustwave as a fully managed service. Trustwave SWG blocks new malware in real-time. It decrypts, unpacks and assembles web pages and exposes any malicious behavior.
See our in-depth look at Trustwave MSP services
AT&T Threat Manager is the company's security event monitoring and management service. Threat correlation and analysis is performed via the AT&T Threat Intellect platform, which includes SIEM, big data and analytics. It is delivered as part of AT&T's Threat Management and Intelligence solutions. Device management is available for network security, data and application security, endpoint and mobile security. Service options include Internet and Intranet protection, mobile security, DDoS defense, firewalls, Web application protection, IDPS, email gateway, endpoint security, encryption, device management, and token authentication.
See our in-depth look at AT&T managed IT services for security
NTT offers professional services as well as integration and incident response services. Services include enterprise security monitoring, device management and vulnerability management. A managed endpoint detection and response (EDR) offering is available via partnerships with Carbon Black, FireEye and CounterTack. It has 17 global SOCs with 24/7 service.
See our in-depth look at NTT MSP services
Secureworks offers security services through its Counter Threat Appliance (CTA) and Counter Threat Platform (CTP). Services are accessed via the Secureworks Client Portal. Host and network-based advanced threat detection are via Secureworks' Advanced Endpoint Threat Detection (AETD) service. It also offers Advanced Malware Protection and Detection (AMPD) in partnership with Lastline. Additional services, such as vulnerability scanning and advanced threat intelligence services, are also available.
See our in-depth look at Secureworks managed security services
Wipro provides security threat monitoring, infrastructure security operations and technology management, vulnerability management, incident response, identity and access management, security consulting and other services. Security event monitoring is delivered via its ServiceNXT platform. The company can also deliver it via a customer's SIEM (with six SIEM platforms supported).
See our in-depth look at Wipro MSP services