Managed Security Services

Transcription

1 NEAT EVALUATION FOR UNISYS: Managed Security Services Market Segment: Overall This document presents Unisys with the NelsonHall NEAT vendor evaluation for Managed Security Services (MSS) for the Overall market segment. It contains the NEAT graph of vendor performance, a summary vendor analysis of Unisys in MSS, and the latest market analysis summary for MSS. An explanation of the NEAT methodology is included at the end of the document. The vendors evaluated are: Cognizant, CGI, CSC, CSS Corp, Dell SecureWorks, Dimension Data, HP, Mindtree, Symantec, Tata Consultancy Services (TCS), Unisys, and Wipro. Introduction NelsonHall has assessed and evaluated Unisys proposition against demand for Managed Security Services (MSS), and has identified Unisys as a Leader in the Overall market segment, demonstrating its ability both to deliver immediate benefit to clients and meet future client requirements in MSS. The Overall NEAT graph for MSS is shown on page 2. NelsonHall November 2015

2 NEAT Evaluation: Managed Security Services (MSS) Buy-side organizations can access the MSS NEAT tool here. NelsonHall November 2015

3 Vendor Analysis Summary for Unisys Overview In 2009, Unisys relaunched its entire portfolio around a number of key capabilities; cyber and physical security was one of four key pillars of the revamped portfolio. Unisys operates its security operations from its eight security operations centers (SOCs), primarily via a follow the sun methodology and with onsite operations. Unisys uses HP ArcSight in conjunction with its Unisys Noise Cancellation Advanced Analytics Platform (UNCAAP) for security information and event management. In November 2008, Unisys launched its Stealth solution (initially developed for the U.S. defense sector with partner Security First) for government and commercial organizations. Stealth encrypts data across networks using bit splitting. Since its introduction Unisys has expanded the Stealth offering to include Stealth for mobile, the virtual terminal and AWS as well as introducing a reseller channel. Financials Unisys' global revenues in 2014 were $3,356m of which: $2,786m was from services, and IT infrastructure outsourcing accounted for $1,705m $571m was from technology. Q1-Q service revenues were $1,957m, down 6.7% y/y, with IT infrastructure outsourcing revenues up 1% to $1,147m. Full year 2015 services revenues are likely to be in the region of $2.7bn, with IT infrastructure outsourcing revenues around $1.65bn. NelsonHall estimates that 2015 managed security services will be ~13% of the IM business, or ~$175m. Of this, NelsonHall estimates that Unisys' managed security services revenue split, by activity, will be: Security information and event management: 35% (~$61m) Security monitoring and management: 30% (~$53m) Threat and risk intelligence: 20% (~$35m) Content filtering: 5% (~$9m) Security as a service (a SaaS offering): 10% (~$18m). NelsonHall November 2015

4 Strengths The Unisys Noise Cancellation Advanced Analytics Platform (UNCAAP) correlates events, reduces the number of events that need to be processed and increases true positive rate. Combined with its strong presence in Bangalore, operational costs are reduced Unisys is also in a position to provide a client's infrastructure and security services. This should benefit the client and enable Unisys to enact threat resolutions more quickly and with more knowledge of the infrastructure Unisys' Stealth solutions offer a different type of cyber security; rather than protecting against threats across a client's network, important data is safeguarded by making it effectively undetectable. Besides the benefit to the client that Stealth brings, with its increased security, it also requires the client to assess the sensitivity of each of its end points, a useful practice when considering cyber security Value added services like the SIR report give clients a more in depth view of the vulnerabilities and malware that they could be affected by, in relation to their own infrastructure, software, and policies. Challenges Due to the large amount of automation with event management processes using ArcSight and UNCAAP, a number of events marked as low level occasionally slip through analysis; this can sometimes lead to a delay in detecting events Unisys is reliant on a number of large contracts, for example the contract with the large banking group (see Target Markets section) The expansion of its reseller program for its IP adds competition for its Stealth offerings. Strategic Direction In addition to continuing to develop its existing security clients, Unisys is looking to cross-sell its security services to systems integration and infrastructure services clients. It is also looking to increase take up of its security-as-a-service offerings, including SIEM and DLP services, both by existing clients and also by new logos. There has been a recent push for security services leveraging Stealth around mobile, including its 'get to zero' initiative, which aims to reduce to zero the number of cyber security incidents affecting a client. Unisys sees the Stealth solution as the most current cybersecurity solution in its portfolio, and will be looking to expand research and development from more standard cybersecurity solutions. Unisys will also be looking to continue to develop partnerships and expand the security ecosystem around the Stealth offerings, such as the partnership with Capgemini to act as a reseller, and expanding the scope for the Stealth for Mobile or for AWS. NelsonHall November 2015

5 Outlook Unisys positions as a full service IT service vendor, with its managed security services being cross-sold by its data center and SI clients. One of Unisys' core areas is cyber and physical security across its portfolio; the company's ClearPath systems boast a low number of vulnerabilities. Unisys is likely to continue growing its managed security services as a proportion of its overall Services revenues. NelsonHall expects revenues from the Unisys managed security services to reach ~$300m by 2018, a CAGR of over 16%, in line with global market growth for managed security services. In 2016, expect: Further investment in expanding the Unisys Stealth offering, and for adoption of recently enhanced areas to increase, for example in Stealth for mobile/iot and AWS. Unisys' managed Stealth offering to grow as clients move from a traditional managed security offering, and despite competition within its own reseller channel. NelsonHall November 2015

6 MSS: Market Summary Buy-Side Dynamics Key challenges for organizations looking to outsource managed security services include: Increasing cost of cybersecurity, while demonstrating ROI Access to cybersecurity skills and up to date information Ability to respond quickly to threats Ability to gain a holistic view of cybersecurity Strengthening social engineering around security Uneven workloads. Market Size & Growth The global managed security service market is currently estimated by NelsonHall at $6.8bn, and is expected to grow at 16.5% CAAGR through to North America is the largest region in managed security services, with an estimated ~43% of market share, and is expected to account for $6.3bn in EMEA is estimated to have ~38% of the market and is expected to grow at 16.9% CAAGR to 2019, led by the U.K. with 17.6%. A portion of the growth will be attributable to the introduction and enforcement of the EU General Data Protection Regulation. The Asia Pacific managed security services market is estimated to be worth $1.1bn, and will have growth driven by IP DLP in defense of corporate espionage. In Latin America growth will be driven by the defense of organized crime, particularly in Brazil. Success Factors Critical success factors for vendors within the managed security services market are: A strong understanding of the entire IT security landscape, typically through a high level of security research An understanding of IT security in the context of the organization's security needs and industry Access to expertise for best of breed tools that the client organization lacks, and willingness to work with existing security tools while offering best of breed tools Well defined responsibility for the contract with service expectations, escalation procedures and incident response plans clearly established at the start of contracts Through research into emerging technologies, the ability to provide security in support of emerging types of IT (cloud, mobile, IoT) The ability to not only take over existing security processes but to maximize the coverage of security NelsonHall November 2015

7 Increasing the detection rate of cyber threats while increasing the reliability and speed of detection and response to threats, by reducing the number of false positives and negatives found 24/7/365 full service availability. Outlook Over the next few years: MSSP R&D spend on automation will increase to handle an increased number of events from IoT and BYOD To speed up incident resolution, vendors will move to automatic remediation for low level events, transferring people to event research As the speed of resolution of events becomes more critical, more contracts will include incident management More contracts will involve incident response planning and ancillary services including legal services and cyber insurance As collaborative threat databases become the norm, vendors will shift man hours from penetration testing to building advanced automated scanning tools, while focusing on advanced scanning methods such as building visual representations to increase the speed of vulnerability scans with pattern recognition The construction of RASP technologies to self-protect applications Skills shortages and an increasing number of events will hamper growth in onshore services. NelsonHall November 2015

8 NEAT Evaluations for MSS NelsonHall s (vendor) Evaluation & Assessment Tool (NEAT) is a method by which strategic sourcing managers can evaluate outsourcing vendors and is part of NelsonHall's Speed-to- Source initiative. The NEAT tool sits at the front-end of the vendor screening process and consists of a two-axis model: assessing vendors against their ability to deliver immediate benefit to buy-side organizations and their ability to meet client future requirements. The latter axis is a pragmatic assessment of the vendor's ability to take clients on an innovation journey over the lifetime of their next contract. The ability to deliver immediate benefit assessment is based on the criteria shown in Exhibit 1, typically reflecting the current maturity of the vendor s offerings, delivery capability, benefits achievement on behalf of clients, and customer presence. The ability to meet client future requirements assessment is based on the criteria shown in Exhibit 2, and provides a measure of the extent to which the supplier is well-positioned to support the customer journey over the life of a contract. This includes criteria such as the level of partnership established with clients, the mechanisms in place to drive innovation, the level of investment in the service, and the financial stability of the vendor. The vendors covered in NelsonHall NEAT projects are typically the leaders in their fields. However, within this context, the categorization of vendors within NelsonHall NEAT projects is as follows: Leaders: vendors that exhibit both a high ability relative to their peers to deliver immediate benefit and a high capability relative to their peers to meet client future requirements High Achievers: vendors that exhibit a high ability relative to their peers to deliver immediate benefit but have scope to enhance their ability to meet client future requirements Innovators: vendors that exhibit a high capability relative to their peers to meet client future requirements but have scope to enhance their ability to deliver immediate benefit Major Players: other significant vendors for this service type. The scoring of the vendors is based on a combination of analyst assessment, principally around measurements of the ability to deliver immediate benefit; and feedback from interviewing of vendor clients, principally in support of measurements of levels of partnership and ability to meet future client requirements. NelsonHall November 2015

9 Exhibit 1 Ability to deliver immediate benefit : Assessment criteria Assessment Category MSS Offerings MSS Delivery MSS Presence Benefits achieved Assessment Criteria SIEM Application Security Endpoint Security IAM Threat Database Maturity Penetration Testing Event Throughput Ability to Offer as Part of Larger IT Infrastructure Deal Firewall Overall MSS Offerings Ability to Offer Dedicated Delivery Delivery in Support of North America Delivery in Support of U.K. Delivery in Support of Rest of EMEA Delivery in Support of APAC Delivery in Support of LATAM Languages Supported Scale of FTE support Security IP Single Touch Point Offshore Focus Scale of Delivery to Financial Services Scale of Delivery to Government Scale of Delivery to Manufacturing Scale of Delivery to Retail Scale of Delivery to Energy & Utilities Automation of Security Dashboard or Portal Offered SLA Flexibility Detection and Response Time Cost Reduction Introduction of Security Frameworks Staff Training Offered Recovery/Damage Control Demonstrated NelsonHall November 2015

10 Exhibit 2 Ability to meet client future requirements : Assessment criteria Assessment Category Suitability to Deliver Future Benefits Investment in MSS Assessment Criteria Area of Investment in Centers: Onshore Area of Investment in Centers: Offshore Investment in Automation Investment in Threat Database Additional Security Research Conducted Industry Specific Security Research FTE Growth Security Roadmap Detailed Financial Rating Partnerships for MSS For more information on other NelsonHall NEAT evaluations, please contact the NelsonHall relationship manager listed below. research.nelson-hall.com Sales Enquiries NelsonHall will be pleased to discuss how we can bring benefit to your organization. You can contact us via the following relationship manager: Guy Saunders at guy.saunders@nelson-hall.com Important Notice Copyright 2015 by NelsonHall. All rights reserved. No part of the publication may be reproduced or distributed in any form, or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher. The information provided in this report shall be used only by the employees of and within the current corporate structure of NelsonHall s clients, and will not be disclosed to any other organization or person including parent, subsidiary, or affiliated organization without prior written consent of NelsonHall. NelsonHall exercises its best efforts in preparation of the information provided in this report and believes the information contained herein to be accurate. However, NelsonHall shall have no liability for any loss or expense that may result from incompleteness or inaccuracy of the information provided. NelsonHall November 2015