1 FOR: Security & Risk Professionals The Forrester Wave : Emerging Managed Security Service Providers, Q by Ed Ferrara and nick Hayes, January 8, 2013 Key TaKeaWays emerging Mssps have laudable Capabilities, Forward-Thinking strategies, and surprising Client lists These emerging players deserve a hard look. They offer comprehensive, professionally delivered security services. Some are pioneering cloud-based delivery, and others resell their services through a growing MSSP reseller channel. All are growing at rates of 30% to 40% per year and have great technical depth and flexibility. Being a Big Fish in a small pond Can Be a good Thing CISOs interviewed for this research indicated they liked being the vendor s biggest customer. This offers better value. One CISO at a financial services company said, I don t need an MSSP with 10 SOCs and analysts fluent in 12 languages. When I call I want to know the name of the person on the other end of the phone and how they will help me. Cloud, saas security, and Customer satisfaction are Key differentiators The Leaders in this Forrester Wave want to grow their businesses. Some aspire to serve enterprise-class clients, while a few others think their future lies is serving small and midsize businesses. The cloud, software, and hardware-as-a-service play a big role with two of the Leaders differentiating them from the pack and other MSSPs as well. Forrester Research, Inc., 60 Acorn Park Drive, cambridge, MA USA Tel: Fax:
2 January 8, 2013 The Forrester Wave : Emerging Managed Security Service Providers, Q Ten Emerging Service Providers That Have The Chops To Be Your Managed Security Service Provider by Ed Ferrara and Nick Hayes with Laura Koetzle, Chris McClean, and Kelley Mak Why Read This Report In Forrester s 15-criteria evaluation of the emerging managed security services provider (MSSP) market, we identified the 10 most significant providers in this category Alert Logic; CompuCom; Integralis; Network Box; Perimeter E-Security; Savvis, A CenturyLink Company; Secure Designs; StillSecure; Tata Communications; and Vigilant and researched, analyzed, and scored them. These 10 providers have less revenue, smaller physical plants, and fewer staff than the nine North American MSSP firms covered in our Forrester Wave published in March 2012, but they are growing rapidly. To help security and risk (S&R) professionals select the right managed security services partner, this report uses our criteria to evaluate each service provider and plots where they stand in relation to each other. Table Of Contents 2 CISOs Now Have Multiple Options For Managed Security Services What It Means To Be Emerging Emerging MSSPs Address Security Complexity And Contain Costs Managed Security Services: Emerging Player Evaluation Overview Evaluation Focused On Breadth Of Capabilities, Flexibility, And Customer Satisfaction Evaluated Vendors Offer A Full Suite Of Managed Security Services Evaluation Analysis Vendor Profiles Supplemental Material Notes & Resources Forrester conducted services evaluations in Q and interviewed 10 managed security service providers: Alert Logic; CompuCom; Integralis; Network Box; Perimeter E-Security; Savvis, A CenturyLink Company; Secure Designs; StillSecure; Tata Communications; and Vigilant. Related Research Documents Source Your Security Services April 25, 2012 The Forrester Wave : Managed Security Services: North America, Q March 26, Budget And Planning Guide For CISOs December 15, , Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. Forrester, Technographics, Forrester Wave, RoleView, TechRadar, and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies. To purchase reprints of this document, please For additional information, go to
3 The Forrester Wave : Emerging Managed Security Service Providers, Q CISOs now have multiple options for managed security services Although information security is a critical function, it s no longer necessary to do it all in-house. Thus, 21% of those surveyed in Forrester s Forrsights Security Survey, Q planned to spend more of their budget with managed security service providers (MSSP) in the coming year. 1 This growth percentage was the same in our 2011 survey, and MSSPs are currently reporting between 18% and 21% growth on an annualized basis. The numbers show a clear trend, and there s a growing consensus that outsourcing security is a viable option for many companies. In response to this new demand, MSSPs are expanding and new firms are entering the managed security services (MSS) market. This is good news for security and risk (S&R) professionals because it increases choice and makes services pricing more competitive. It also makes provider selection more challenging because of the increased number of choices. WHAT IT MEANS TO BE EMERGING The companies in this Forrester Wave represent some of the best emerging players in the market. Forrester uses the term emerging to distinguish this group of MSSPs from the larger, more established players in the market we covered in our March 2012 Wave. 2 Forrester divides the MSSP market into three categories or divisions (see Figure 1). 3 Division 1 includes the largest enterpriseclass providers. These MSSPs offer multiple security operations centers (SOCs) in multiple geographies, employ from 100 to more than 1,500 engineers, and have revenues between $70 million and $400 million. Division 2 includes the emerging MSSPs. These companies have from 20 to 100 engineers, one or two SOCs, and revenues between $25 million and $70 million. Division 3 includes many smaller firms that serve the small business market. These companies have a single SOC and a small staff of security analysts numbering no more than 10. Revenues for these firms are less than $25 million. This Forrester Wave evaluates nine Division 2 and one Division 3 emerging MSSPs. These firms offer: Competent security technology skills. These firms use both proprietary and licensed technology for their service offerings. In some cases, these firms will extend licensed technology to improve the licensed technology s capabilities, and some firms resell other firms services. 4 These MSSPs support a variety of different technologies, including firewalls (current, nextgeneration, and web application); intrusion detection; endpoint and server antivirus; host intrusion and detection and protection; log management, archival, and maintenance; systems management; threat intelligence; intrusion protection; proxies; security incident and event management; and web application monitoring technology. Effective pricing. The firms evaluated in this Wave don t have the same cost structures as larger firms. They have smaller physical plants, lower marketing costs, and lower cost structures overall. These lower costs allow them to offer services that are similar to those provided by the Division 1 MSSPs but with lower overall cost.
4 The Forrester Wave : Emerging Managed Security Service Providers, Q Excellent customer service. Clients of the emerging MSSPs gave their providers very positive feedback on their pricing and quality of service. There was variability in the client responses, but overall, the MSSPs in this Wave did well in the customer satisfaction category. When the clients needed help, the best MSSPs didn t simply point to a contract but demonstrated flexibility and worked with their clients to resolve the issue. Experienced and trained staff. The firms reviewed here, in general, have very capable staffs that know the technologies they support. All the firms have formal training programs and apprentice programs, to provide staff necessary skills and experience. These firms use their experience to detect network, application, and server intrusions. The firms also have the necessary experience to identify and address cyberthreats in a number of modes, ranging from simple monitor and alert all the way to complete incident response management. 5 Although the number of staff for these firms is not large the smallest has a staff of 10 and the largest a staff of 200 these companies are able to demonstrate effective technical and operational competence. Flexibility. Clients praised these emerging MSSPs for their operational flexibility and appreciated their response during security incidents: Rather than spending time analyzing the SLAs and the contract to determine whether the incident was covered, the emerging MSSPs jumped in and worked with their customers to resolve the problems.
5 The Forrester Wave : Emerging Managed Security Service Providers, Q Figure 1 MSSP Market Segmentation MSS revenue $70M to $400M SOCs Analysts/engineers Division 1 Technology Portfolio Language support More than two, with significant redundancy and BCP-DR More than 100 analysts, engineers, and advanced threat engineers Proprietary or significantly enhanced technology Full portfolio of standard services (some OEM and white-label possible, but a low percentage) Multilanguage support Average client profile More than 2,000 employees MSS revenue Greater than $25M and less than $70M SOCs Analysts/engineers Division 2 Technology Portfolio Language support One to two SOCs More than 10 and fewer than 100 analysts, engineers, and advanced threat engineers Significantly enhanced licensed technology Full portfolio of services (more white-label relationships than in Division 1) One to two languages Average client profile More than 100 but usually fewer than 2,000 employees MSS revenue Less than $25M SOCs Analysts/engineers Division 3 Technology Portfolio Language support One, with limited redundancy Fewer than 10 analysts, engineers, and advanced threat engineers No threat intelligence services, unless reselling another company s service Narrow portfolio of services One Average client profile Fewer than 100 employees; 20 to 50 employees is most common Source: Forrester Research, Inc. EMERGING MSSPs ADDReSS SECURITY COMPLEXITY AND CONTAIN COSTS Historically, MSSPs offered a series of point solutions without much integration. S&R professionals today want to simplify security operations and lower their costs, which they can do by sourcing their tools and processes for network and application security from an MSSP. This also allows the S&R pros to focus on other security issues. 6 The MSSP s ability to reduce complexity and provide great situational awareness separates the Leader from the Strong Performer and the Strong Performer from the Contender. The MSSPs in this Wave vary in their ability to deliver consistently. S&R pros should focus on these elements when doing due diligence on emerging MSSPs:
6 The Forrester Wave : Emerging Managed Security Service Providers, Q Advanced delivery models security software- and hardware-as-a-service. The economy of scale that encourages companies to move other workloads to the cloud also applies to security. Several of the emerging MSSPs offer cloud-based solutions for activity monitoring, log management, and distributed denial of service (DDoS) protection including CompuCom, Network Box, Savvis/Century Link, and Tata Communications. Alert Logic, Perimeter e-security, and Savvis/Century Link provide log management as a cloud-based service, and Network Box provides both hardware and software as part of its unified threat management (UTM) service, providing the hardware as part of the company s security protection services. Different value propositions. Information security is an activity built on trust. If an MSSP is a good fit for your company it will become immediately obvious, and trust soon follows. The MSSP market is very broad and dynamic, with players offering similar services. Security and risk pros should consider a potential provider s value proposition. For example, some MSSPs offer low cost, others service bundles, all have different pricing models. Not all companies need an MSSP that operates seven SOCs and supports 10 languages. What they do need is excellent technical competence, responsiveness, and flexibility. White-label reselling of services. The MSSP market is fast becoming a bazaar of OEM services resold by various providers. Alert Logic, for example, resells its Threat Manager and Log Manager services to other MSSPs. 7 You ll need to know the integration points between providers in the service you ve contracted for so that you can ensure you re protected from any integration failures. Security and risk professionals should also be careful of third-party carve-outs in cases where information security compliance is an issue. 8 A carve-out is a clause in the service provider s contract that says they will provide some level of certainty regarding the security of client data, except when they are reselling a service from another third party. Licensed technology. Licensed technology is at the core of these MSSPs offerings. The emerging MSSPs we analyze all deliver services using licensed technology from security solution vendors such as EMC-RSA, Fortinet, HP-ArcSight, Kaspersky, McAfee, SonicWall, and Symantec, to name just a few. Depending on the technology, the MSSPs either enhance or configure the technology to meet client requirements. A broad portfolio of services. All the MSSPs in this Forrester Wave provide what we consider to be a core set of services the most important services an MSSP should offer (see Figure 2). These providers all provide good coverage of these core services. Service line importance. We asked the MSSPs what percentage of their customers use a particular service. Depending on the service, the answers varied from as little as 2% to as high as 80%. Unless the service is new and targeted for growth, the firm may just offer the service as a sideline. This is a good indicator of the MSSP s ability to provide the service.
7 The Forrester Wave : Emerging Managed Security Service Providers, Q Figure 2 Core MSSP Services List APT detection and remediation Distributed/denial of service (DDoS) filtering (spam, AV, etc.) Emergency response services Endpoint antivirus Endpoint patch management Firewall management Governance, risk, and, compliance consulting Host intrusion detection/protection system management Identity and access management services Log management, monitoring, and archive Network intrusion detection/protection systems management Server patch management SIEM (security information and event management) Threat intelligence Vulnerability testing Web application firewall Web application monitoring Source: Forrester Research, Inc. Managed security services: emerging Player evaluation overview To assess the state of the North American market for emerging managed security services players and see how the vendors stack up against each other, Forrester evaluated the strengths and weaknesses of top emerging MSSPs with a substantial client base. Evaluation Focused On Breadth Of Capabilities, Flexibility, And Customer Satisfaction After examining past research, user need assessments, and vendor and expert interviews, we developed a comprehensive set of evaluation criteria. We evaluated vendors against 15 criteria, which we grouped into three high-level categories: Current offering. Each vendor s position on the vertical axis of the Forrester Wave graphic indicates the strength of its current MSS product offering. The sets of capabilities evaluated in this category are value proposition, customer satisfaction, delivery capabilities, cloud and hosted services, infrastructure and perimeter, value-added services, content and application security, and staff dedication to MSS. Strategy. A vendor s position on the horizontal access indicates the strength of its MSS strategy, specifically focused on innovation and thought leadership, and company growth plans. This includes plans for new service offerings and capabilities such as threat intelligence.
8 The Forrester Wave : Emerging Managed Security Service Providers, Q Market presence. The size of the vendor s bubble on the chart indicates its market presence, which Forrester measured based on the company s overall presence in the marketplace, its North American market presence, and its overall and MSS-specific financials. Evaluated Vendors Offer A Full Suite Of Managed Security Services Forrester included 10 vendors in the assessment: Alert Logic, CompuCom, Integralis, Network Box, Perimeter E-Security, Savvis/CenturyLink, Secure Designs, Still Secure, Tata Communications, and Vigilant. Each of these vendors has (see Figure 3): A focus on managed security services. All of the participants in this Wave have a focused MSS business. However, Savvis/CenturyLink, Integralis, and Tata Communications are business units of larger companies that offer other products services in addition to managed security. 9 CompuCom is a large IT services company that offers other IT services in addition to managed security. This Wave, however, focuses solely on the vendors managed security service capabilities. Significant interest from Forrester customers. Forrester considered the level of interest from our clients based on our various interactions, including inquiries, advisories, and consulting engagements. A comprehensive set of service offerings. A comprehensive suite of offerings means more than having multiple SOCS. It also means having a portfolio of services. This portfolio should include services such as distributed denial of service protection; security event analysis and correlation; firewall management; intrusion detection and protection management; log monitoring, management, and retention; security incident and event monitoring and management (SIEM); web filtering and monitoring; virus, spyware; and instant messaging protection. Experienced SOC analysts. The provider has 10 or more analysts or engineers that spend at least 80% of their time dedicated to the provider s managed security services. Junior analysts should have one to two years of experience; mid-level analysts should have three to five years of experience, and senior analysts should have more than five years of experience.
9 The Forrester Wave : Emerging Managed Security Service Providers, Q Figure 3 Evaluated Vendors: Vendor Information And Selection Criteria Vendor No. of SOCs SOC locations No. of MSS clients (deal size $25K+) Portal evaluated Portal version Alert Logic 1 Houston, Texas 200 Alert Logic web interface N/A CompuCom Systems 1 Dallas 89 CompuCom proprietary 3.0 Integralis 7 Singapore, US (Calif, Va.), UK, Norway, Sweden, Japan 674 ISIS portal Network Box 12 US, UK, Japan, Korea, Hong Kong, Taiwan, Malaysia, Indonesia, Thailand, China, Australia Forrester estimate: 100+ UTM+ Portal 3.2 Perimeter E-Security 1 Raleigh, N.C. 95 ViewPoint 2.6 Savvis, A CenturyLink Company 4 US (Mo., Minn.); Bangalore, India; London Forrester estimate: 250+ SavvisStation 6.0 Secure Designs 1 Greensboro, N.C. 4 SDI Portal 1.2 StillSecure 2 Fort Lauderdale, Fla.; Denver Forrester estimate: ~30 RADAR 1.48 Tata Communications 2 Chennai, India; Singapore Forrester estimate: ~30 Shiva 3.0 Vigilant 1 Jersey City, N.J. 28 Fusion 1.2 Vendor selection criteria A focus on managed security services. All of the participants in this Wave have a focused MSS business. Significant interest from Forrester customers. Forrester considered the level of interest from our clients based on our various interactions, including inquiries, advisories, and consulting engagements. A comprehensive set of service offerings. A comprehensive suite of offerings means more than having multiple SOCs. It also means having a portfolio of services. Experienced SOC analysts. The provider has 10 or more analysts or engineers that spend at least 80% of their time dedicated to the provider s managed security services. Source: Forrester Research, Inc.
10 The Forrester Wave : Emerging Managed Security Service Providers, Q Evaluation analysis All of the MSSPs reviewed for this research have different strengths and value propositions. The Leaders all had the common characteristics of sound technology, strong execution, and good to great strategies. The Strong Performers also had their list of strengths but did not rate as well in areas such as number of service offerings, client success metrics, and security certifications for staff. Rapid growth characterizes all the firms in this review. Please consult the Wave Model for specific category scores. The evaluation uncovered a market in which (see Figure 4): Alert Logic, Perimeter E-Security, and Integralis are Leaders. Alert Logic and Perimeter E-Security strengths were business and technical value. Integralis strength was the breadth of its offerings. Overall, these firms were found to be Leaders because of their ability to execute for their clients. These Leaders plan to continue investing their MSS offerings to make sure that they remain competitive and advance in the marketplace. StillSecure, Savvis/CenturyLink, and Network Box are Strong Performers. The Strong Performers all offer solid service offerings. Network Box offers a software- and hardware-as-aservice UTM device that includes device monitoring and event reporting services. StillSecure and Savvis/CenturyLink offer both cloud-based and traditional managed security services, and both companies are working to expand their cloud-based security solutions. Savvis/Century Link, for example, has very aggressive cloud offerings, and the company s DDoS capabilities round out a strong portfolio of services. Clients looking to outsource security and reduce complexity and costs should consider these companies. Vigilant, Tata Communications, Secure Designs, and CompuCom are Contenders. The Contenders all offer security services and competitive levels of expertise and pricing. These firms scored inconsistently across the scoring categories. Vigilant, for example, scored well in the SLA adherence and threat intelligence categories of the review. This shows vision, but the company didn t score as well in the client reference category. Secure Designs did well with its client reference score but not as well in business and technical value. Tata Communications scored well in SLA adherence and not as well in the client reference score. CompCom has a similar profile. These providers are strong contenders and have value propositions that will be attractive to clients looking for value from the MSSP partner. This evaluation of these emerging managed security services market is intended to be a starting point. We encourage readers to view detailed product evaluations and adapt the criteria weightings to fit their individual needs through the Forrester Wave Excel-based vendor comparison tool.
11 The Forrester Wave : Emerging Managed Security Service Providers, Q Figure 4 Forrester Wave : Emerging Managed Security Service Providers, Q Strong Risky Strong Bets Contenders Performers Leaders Current offering CompuCom Alert Logic Savvis, A CenturyLink Perimeter E-Security Company Integralis Network Box Secure Designs StillSecure Tata Communications Vigilant Go online to download the Forrester Wave tool for more detailed product evaluations, feature comparisons, and customizable rankings. Weak Market presence Full vendor participation Weak Strategy Strong Source: Forrester Research, Inc.
12 The Forrester Wave : Emerging Managed Security Service Providers, Q Figure 4 Forrester Wave : Emerging Managed Security Service Providers, Q (Cont.) Forrester s Weighting Alert Logic CompuCom Integralis Network Box Perimeter E-Security Savvis, A CenturyLink Company Secure Designs StillSecure Tata Communications Vigilant CURRENT OFFERING Business and technical value Client references Client success metrics SLA adherence MSS employees Security services SOCs and BC/DR Portal functionality and reporting Threat intelligence and analytics Key differentiators 50% 25% 35% 3% 2% 10% 10% 5% 5% 5% 0% STRATEGY R&D investments in 2012 Innovation for 2H 2012 and 1H 2013 Geographic/vertical reach and future expansion 50% 50% 40% 10% MARKET PRESENCE Corporate and MSS revenues Number of unique MSS clients 0% 30% 70% All scores are based on a scale of 0 (weak) to 5 (strong). Source: Forrester Research, Inc. Vendor Profiles Leaders Alert Logic. Alert Logic provides intrusion detection services, event analysis and correlation, log monitoring, log retention, vulnerability management, and web application firewall (WAF) services, based almost entirely on internally developed technology. Most customers report being pleased with the service. Alert Logic also provides these services as an OEM to hosting companies and other MSSPs such as SunGard, Rackspace, and NaviSite. Alert Logic s very strong customer satisfaction rating, business and technical value, SLA adherence, and portal put
13 The Forrester Wave : Emerging Managed Security Service Providers, Q Alert Logic on the Leaders list. Alert Logic s cloud-based delivery model demonstrates what s possible for cloud-based services and security. Perimeter E-Security. Perimeter E-Security has more than 6,000 clients, including many financial services firms. Perimeter has positioned its security service as a SaaS offering. Services offered include log management, vulnerability management, and unified threat management. 10 The combination of strong business and technical value, SLA adherence, plus Perimeter s innovative use of the cloud to deliver managed security services puts Perimeter solidly in the Leaders category. Perimeter is also working hard on the R&D front to deliver security from the cloud more effectively. Integralis. Integralis has one of the broadest service portfolios of the emerging MSSPs we evaluated. Its offerings include filtering and management, encryption, event analysis and correlation, firewall and next-generation firewall management, intrusion detection and protection systems management, log monitoring and retention, mobile security/mobile device management (MDM), vulnerability scanning and patching services, web (filtering and monitoring), virus, spyware, and instant messaging (IM) protection. Integralis scores for SLA adherence, SOC operations, and employee retention push this company into the Leader category. Strong Performers StillSecure. StillSecure provides a good breadth of managed security services and specializes in services packages for HIPAA and PCI compliance. Other offerings include firewall management services, IDS, IPS, log monitoring, management and archival services, vulnerability management, web application firewall, and multi-factor authentication. StillSecure also offers threat intelligence services using StillSecure and third-party information sources. Savvis, A CenturyLink Company. Forrester estimates that Savvis/Century Link has more than 1,000 security clients; it has delivered security services for more than 12 years. Savvis offers a full portfolio of security services, including both traditional and cloud-based offerings, notably DDoS and log management. The company boasts strong customer references, an excellent customer information portal, and comprehensive business continuity planning for SOC operations. Savvis/Century link will be attractive to customers that want a robust MSSP backed by one of the largest enterprise networking providers in the United States. Network Box. Network Box uses a proprietary unified threat management device for network monitoring. Network Box trains its team well on Network Box s technology, and clients confirm that the UTM service reduces operational risk and enhances operational performance. Network Box s offering will appeal to companies that are looking for a managed UTM appliance with active support from a professional security staff.
14 The Forrester Wave : Emerging Managed Security Service Providers, Q Contenders Vigilant. Vigilant s Fusion Service for SIEM offers modules for SIEM systems management, use case development, threat intelligence, and incident response that it can combine into a customized service for risk-focused SIEM program management. Vigilant s business model is to provide support for Fortune 500 clients and their on-premises-based SIEMs. This cosourcing model leaves the equipment, security software, and data in the customer s data center. Vigilant manages the client technologies from its SOC, leaving the equipment, security software, and data in the customer s data center. The company also has very good threat intelligence capabilities, and as noted in other research, this is a significant differentiator for MSSPs. 11 Vigilant will be attractive to customers that want to maintain control of their physical assets and data and those that want to tie threat awareness directly to monitoring use cases. Tata Communications. As an offshore MSSP, Tata Communications provides security monitoring services as well as DDoS mitigation services, event analysis and correlation services, firewall management services, identity and access management services, IPS, IDS and log monitoring, management and archival services, SIEM and cross-correlation services, and vulnerability patching services at a very competitive price. Tata Communications provides 24x7 service from two locations (Chennai, India; and Singapore). Tata would be a good choice for companies looking for an emerging offshore MSSP. Secure Designs. Secure Designs (SDI) provides a majority of its services to the Fortune 1000, although it also claims some Fortune 500 clients. The company provides white-label services to other MSSPs for the following services: DDoS; security and encryption; whole disk encryption; event analysis and correlation; firewall and next-generation firewall management services; IPS; log monitoring, management and archival; web application firewalls (WAFs); web filtering and monitoring; and virus, spyware, and instant messaging protection. Secure Designs focuses on micro SMB business clients. 12 This makes Secure Designs a good fit for a widely distributed company, such as an insurance firm with independent representatives or brokers who also need information security services. CompuCom. CompuCom emphasizes a simple and methodical approach to managed security services. CompuCom operates one SOC on a 24x7x365 basis. Its service offerings include DDoS mitigation services; event analysis and correlation services; firewall; IDS; IPS management services; log monitoring, management, and archival; SIEM and event cross-correlation; and web (filtering and monitoring), virus, spyware, and IM protection services.
15 The Forrester Wave : Emerging Managed Security Service Providers, Q Supplemental Material Online Resource The online version of Figure 4 is an Excel-based vendor comparison tool that provides detailed product evaluations and customizable rankings. Data Sources Used In This Forrester Wave Forrester used a combination of three data sources to assess the strengths and weaknesses of each solution: Vendor surveys. Forrester surveyed vendors on their capabilities as they relate to the evaluation criteria. Once we analyzed the completed vendor surveys, we conducted vendor calls where necessary to gather details of vendor qualifications. Portal demos. We asked vendors to conduct demonstrations of their portal s functionality. We used findings from these product demos to validate details of each vendor s product capabilities. Customer reference calls. To validate product and vendor qualifications, Forrester also conducted reference calls with two of each vendor s current customers. The Forrester Wave Methodology We conduct primary research to develop a list of vendors that meet our criteria to be evaluated in this market. From that initial pool of vendors, we then narrow our final list. We choose these vendors based on: 1) product fit; 2) customer success; and 3) Forrester client demand. We eliminate vendors that have limited customer references and products that don t fit the scope of our evaluation. After examining past research, user need assessments, and vendor and expert interviews, we develop the initial evaluation criteria. To evaluate the vendors and their products against our set of criteria, we gather details of product qualifications through a combination of lab evaluations, questionnaires, demos, and/or discussions with client references. We send evaluations to the vendors for their review, and we adjust the evaluations to provide the most accurate view of vendor offerings and strategies. We set default weightings to reflect our analysis of the needs of large user companies and/or other scenarios as outlined in the Forrester Wave document and then score the vendors based on a clearly defined scale. These default weightings are intended only as a starting point, and we encourage readers to adapt the weightings to fit their individual needs through the Excel-based tool. The final scores generate the graphical depiction of the market based on current offering, strategy, and market presence. Forrester intends to update vendor evaluations regularly as product capabilities and vendor strategies evolve.
16 The Forrester Wave : Emerging Managed Security Service Providers, Q Endnotes 1 Source: Forrsights Security Survey, Q In Forrester s 60-criteria evaluation of the North American managed security services market, we identified the nine significant service providers in this category. This report details our findings about how each service provider measures up, to help security and risk (S&R) professionals select the right partner for their managed security services. For more information, see the March 26, 2012, The Forrester Wave : Managed Security Services: North America, Q report. 3 Forrester had originally divided the MSS market into two segments enterprise and other. However, upon further research, we found substantial differences between the emerging providers we analyze in this Wave and the MSSPs geared for serving the small business segments. Therefore, we ve specified three MSSP divisions, based on the size and capabilities of the firm. 4 Reseller agreements are widely used in the emerging MSSP market. It s sometimes more cost-effective and efficient to resell a service than to try to create the service from scratch. Contracts with resellers typically prohibit MSSPs from revealing the names of their resellers. 5 MSSPs offer different levels of service based on consultation with their clients. At one end of the service spectrum, MSSPs can offer simple monitor and alert services where the MSSP s role is to monitor and report suspicious events but not perform any threat remediation or incident response. At the other end of the spectrum, the MSSP is responsible for threat monitoring, breach event remediation, and complete incident response. MSSPs also offer different levels of support between the two ends of the spectrum based on the type of contracted service. 6 Selecting the correct services to outsource is an important decision for security and risk professionals. Before security and risk professionals can determine what the organization can and should outsource, they should organize security operations as a catalog or portfolio of services. Once they have this list they should consider which are core to the business and core to security. These functions should probably remain with employees. Everything else could potentially be outsourced. For more information, see the April 25, 2012, Source Your Security Services report. 7 Information on specific OEM relationships is difficult to determine in the MSSP market. The reseller does not advertise these relationships, and the reseller will brand the service as its own. Companies considering managed security services should ask specific questions about who will actually provide the service. 8 Third-party carve-outs are an important issue when it comes to third-party security providers. This obfuscates the relationship, as well as the accountability, of who is responsible for the security of client data. For more information, see the October 31, 2011, SAS 70 Out, New Service Organization Control Reports In report. 9 CenturyLink is the third largest telecommunications company in the United States. The company provides data, voice, managed services, cloud infrastructure, and hosted IT solutions, in local, national, and some international markets. CenturyLink acquired Savvis in 2011.
17 The Forrester Wave : Emerging Managed Security Service Providers, Q Integralis is a subsidiary of NTT Communications. The company is one of the largest telecommunications services providers in the world. NTT Communications is a subsidiary of NTT Group. In 2012, the NTT Group ranked 29th in the Fortune Global 500 list. NTT had operating revenues of 10,507 billion for the fiscal year ended March 31, The group employed 224,250 people worldwide as of March Tata Communications Limited, along with its global subsidiaries (Tata Communications), provides globally managed solutions to the Fortune 1000 and midsize enterprises, service providers, and consumers. Tata Communications Ltd. is a part of the $ billion Tata Companies; it is listed on the Bombay Stock Exchange and the National Stock Exchange of India, and its ADRs are listed on the New York Stock Exchange. 10 UTM is actually a portfolio of services that includes and spam filtering, antivirus, and site white/ blacklisting. 11 Forrester sees threat intelligence and sophisticated event correlation as new and important tools in the battle against cybercrime. For more information, see the March 26, 2012, The Forrester Wave : Managed Security Services: North America, Q report. 12 Microbusinesses are businesses with between one and 19 employees. This is a largely underserved market and one that is growing rapidly for security services.
18 About Forrester A global research and advisory firm, Forrester inspires leaders, informs better decisions, and helps the world s top companies turn the complexity of change into business advantage. Our researchbased insight and objective advice enable IT professionals to lead more successfully within IT and extend their impact beyond the traditional IT organization. Tailored to your individual role, our resources allow you to focus on important business issues margin, speed, growth first, technology second. for more information To find out how Forrester Research can help you be successful every day, please contact the office nearest you, or visit us at For a complete list of worldwide locations, visit Client support For information on hard-copy or electronic reprints, please contact Client Support at , , or We offer quantity discounts and special pricing for academic and nonprofit institutions. Forrester Focuses On Security & Risk Professionals «To help your firm capitalize on new business opportunities safely, you must ensure proper governance oversight to manage risk while optimizing security processes and technologies for future flexibility. Forrester s subject-matter expertise and deep understanding of your role will help you create forward-thinking strategies; weigh opportunity against risk; justify decisions; and optimize your individual, team, and corporate performance. Sean Rhodes, client persona representing Security & Risk Professionals Forrester Research, Inc. (Nasdaq: FORR) is an independent research company that provides pragmatic and forward-thinking advice to global leaders in business and technology. Forrester works with professionals in 17 key roles at major companies providing proprietary research, customer insight, consulting, events, and peer-to-peer executive programs. For more than 29 years, Forrester has been making IT, marketing, and technology industry leaders successful every day. For more information, visit
January 27, 2012 The Forrester Wave : US Digital Agencies Mobile Marketing Strategy And Execution, Q1 2012 by Melissa Parrish for Interactive Marketing Professionals Making Leaders Successful Every Day
For: Customer Insights Professionals The Forrester Wave : Loyalty Program Service Providers, Q4 2013 by Emily Collins, October 30, 2013 Key Takeaways Loyalty Service Providers Don t Just Support Points
2011 South African Data Centre Green Excellence Award in Technology Innovation Cybernest 2012 2012 North American Managed Security Service Providers Growth Leadership Award 2011 Frost & Sullivan 1 We Accelerate
NetQoS Offers An Experience Monitoring Solution For Global Performance Management The Forrester Wave Vendor Summary, Q2 2007 by Jean-Pierre Garbani with Thomas Mendel, Ph.D., and Reedwan Iqbal EXECUTIVE
For: Infrastructure & Operations Professionals The Forrester Wave : Enterprise Backup And Recovery Software, Q2 2013 by Rachel A. Dines, June 28, 2013 KEY TAKEAWAYS Plagued By Age-Old Backup And Recovery
FOR: Interactive Marketing Professionals The Forrester Wave : SEO Platforms, Q4 2012 by shar VanBoskirk, October 31, 2012 key TakeaWays seo isn t Just about agencies anymore Search marketers have traditionally
FOR: CIOs The Forrester Wave : Room-Based Videoconferencing, Q3 2012 by Philipp Karcher, August 21, 2012 Key TaKeaWays Videoconferencing Lets Firms Cut Travel and improve everyday Meetings In a work culture
1 of 8 3/18/2013 4:59 PM Advanced Latest Update: August 05, 2010 By Khalid Kark with Stephanie Balaouras, Nick Hayes 1950 downloads 1 comments Rating: quick scan full report resources WHY READ THIS REPORT
For: Infrastructure & Operations Professionals The Forrester Wave : Private Cloud Solutions In China, Q1 2015 by Charlie Dai and Frank Liu, January 23, 2015 Key Takeaways HP And VMware Lead Among Multinationals;
FOR: Customer Intelligence Professionals The Forrester Wave : Customer Analytics Solutions, Q4 2012 by srividya sridharan, October 26, 2012 key TakeaWays Customer analytics Users Want help across The analytics
For: Enterprise Architecture Professionals The Forrester Wave : Enterprise Architecture Service Providers, Q1 2015 by Henry Peyret and Gordon Barnett, March 19, 2015 Key Takeaways The EA Service Provider
May 6, 2011 The Forrester Wave : Database Auditing And Real-Time Protection, Q2 2011 by Noel Yuhanna for Application Development & Delivery Professionals Making Leaders Successful Every Day May 6, 2011
For: Customer Insights Professionals The Forrester Wave : Web Analytics, Q2 2014 by James McCormick, May 13, 2014 Key Takeaways Adobe, AT Internet, IBM, And Webtrends Are Leaders In Enterprise Web Analytics
Silver Peak Systems Provides The Most Scalable WAN Optimization Appliance The Forrester Wave Vendor Summary, Q3 2007 by Robert Whiteley with Simon Yates and Rachel Batiancila EXECUTIVE SUMMARY Silver Peak
August 4, 2010 The Forrester Wave : Managed Security Services, Q3 2010 by Khalid Kark for Security & Risk Professionals Making Leaders Successful Every Day August 4, 2010 The Forrester Wave : Managed Security
TECH CHOICES Allant: A Market Leader Among Database Marketing Service Providers The Forrester Wave Vendor Summary, Q1 2006 by Eric Schmitt with Chris Charron and Jennifer Joseph EXECUTIVE SUMMARY The Allant
Tata Communications Security Outsourcing A Must-have for Entry into the Global Economy www.tatacommunications.com www.tatacommunications.com 2 Tata Communications Security Outsourcing A Must-have for Entry
For: Security & Risk Professionals The Forrester Wave : Public Cloud Platform Service Providers Security, Q4 2014 by Andras Cser and Ed Ferrara, November 17, 2014 Updated: November 18, 2014 Key Takeaways
January 12, 2011 The Forrester Wave : US Database Marketing Service Providers, Q1 2011 by Dave Frankland for Customer Intelligence Professionals Making Leaders Successful Every Day January 12, 2011 The
IBM Security Operations Center Poland! Wrocław! Daniel Donhefner SOC Manager! IBM can provide unmatched global coverage and security awareness! 4,300 Strategic outsourcing security delivery resources 1,200
April 15, 2008 The Forrester Wave : Data Center Automation, Q2 2008 by Evelyn Hubbert for IT Infrastructure & Operations Professionals Making Leaders Successful Every Day Includes a Forrester Wave April
For: Application Development & Delivery professionals The Forrester Wave : Online Video Platforms, Q1 2013 by philipp Karcher, march 8, 2013 key TakeaWays Businesses use Video platforms To Manage Their
November 30, 2011 The Forrester Wave : Enterprise Governance, Risk, And Compliance Platforms, Q4 2011 by Chris McClean for Security & Risk Professionals Making Leaders Successful Every Day November 30,
July 15, 2013 The Enterprise Information Management Barbell Strengthens Your Information Value by Alan Weintraub with Leslie Owens and Emily Jedinak Why Read This Report Businesses increasingly rely on
For: Sourcing & Vendor Management Professionals The Forrester Wave : VMS, Q1 2014 by Christine Ferrusi Ross, February 10, 2014 Key Takeaways A Maturing Market Means Running Faster To Stay In Place This
Blue Coat Systems Adds Security And Control To WAN Optimization Appliances The Forrester Wave Vendor Summary, Q3 2007 by Robert Whiteley with Simon Yates and Rachel Batiancila EXECUTIVE SUMMARY Blue Coat
FOR: Interactive Marketing Professionals Win The Social Marketing Measurement Game by Nate Elliott, November 21, 2012 KEY TAKEAWAYS Avoid The Temptation To Oversimplify Your Metrics Blended single engagement
For: Marketing Leadership Professionals The Forrester Wave : Social Advertising Platforms, Q4 2013 by Zachary Reiss-Davis, December 17, 2013 Key Takeaways Marketers Spend On Social Ads But Need Third-Party
December 23, 2009 The Forrester Wave : Email Marketing Service Providers, Q4 2009 by Carlton A. Doty and Julie M. Katz for Interactive Marketing Professionals Making Leaders Successful Every Day Includes
IBM Global Technology Services Thought Leadership White Paper May 2011 Selecting a Managed Security Services Provider: The 10 most important criteria to consider 2 Selecting a Managed Security Services
August 24, 2007 Are You Ready For Unified Communications? by Elizabeth Herrell for Infrastructure & Operations Professionals Making Leaders Successful Every Day For IT Infrastructure & Operations Professionals
A Custom Technology Adoption Profile Commissioned By VeliQ & SAP January 2014 Managed Mobility Cloud Services Gain Momentum With European Midmarket Organizations 1 Introduction The mobile mind shift resulted
NFX FOR MSP SOLUTION GUIDE nfx One for Managed Service Providers With netforensics MSP suite of solutions, you can quickly and effectively ramp up customer security offerings and increase your bottom line
1 of 7 3/18/2013 4:59 PM Advanced Deloitte Leads The Pack, With PricewaterhouseCoopers, Ernst & Young, And Accenture Close Behind Latest Update: September 17, 2010 By Khalid Kark with Stephanie Balaouras,
For: Customer Insights Professionals The Forrester Wave : Cross-Channel Attribution Providers, Q4 2014 by Tina Moffett, November 7, 2014 Key Takeaways AOL/Convertro, Google, And Visual IQ Lead The Pack
Case Study: AMERICAN SYSTEMS Demonstrates The Value Of Business Service Management From Reactive To Proactive: Using Service Management To Leverage Integrated Event Correlation Executive Summary by Evelyn
For: Sourcing & Vendor Management Professionals The Forrester Wave : North American Workplace Services, Q2 2013 by William Martorelli and Wolfgang Benkel, april 30, 2013 Key TaKeaWays Vendors Move Beyond
A Custom Technology Adoption Profile Commissioned By BitSight Technologies Continuous Third-Party Security Monitoring Powers Business Objectives And Vendor Accountability Introduction As concerns around
For: Applications Development & Delivery Professionals The Forrester Wave : SaaS HR Management Systems, Q4 2014 by Paul D. Hamerman, October 1, 2014 Key Takeaways SaaS HRMS Is Growing Rapidly As A Migration
October 27, 2009 Case Study: ING Delivers Personalized Product Offers Across Channels In Real Time by Alexander Hesse for Customer Intelligence Professionals Making Leaders Successful Every Day October
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
A Custom Technology Adoption Profile Commissioned By Bell Canada June 2014 Protecting Customer Experience Against Distributed Denial Of Service (DDoS) Introduction In today s age of the customer, a company
September 20, 2006 Comparing The ROI Of SaaS Versus On-Premise Using Forrester s TEI Approach by R Ray Wang TECH CHOICES Helping Business Thrive On Technology Change TECH CHOICES Includes a TEI model and
NEAT EVALUATION FOR UNISYS: Managed Security Services Market Segment: Overall This document presents Unisys with the NelsonHall NEAT vendor evaluation for Managed Security Services (MSS) for the Overall
For: Security & risk Professionals The Forrester Wave : Endpoint Security, Q1 2013 by chenxi Wang, Ph.D. and chris Sherman, January 4, 2013 key TakeaWays endpoint security competency is crucial To your
September 16, 2008 Why IT Service Management Should Matter To You by Evelyn Hubbert for IT Infrastructure & Operations Professionals Making Leaders Successful Every Day Client Choice topic September 16,
For: Customer Experience Professionals The Business Impact Of Customer Experience, 2014 by Maxie Schmidt-Subramanian, March 27, 2014 Key Takeaways Customer Experience Correlates To Loyalty Forrester once
For: Customer Insights Professionals The Forrester Wave : Cross-Channel Campaign Management, Q3 2014 by Jason McNellis, August 28, 2014 Key Takeaways The Cross-Channel Campaign Market Is Complex The campaign
October 15, 2007 The Forrester Wave : Enterprise Apps Software Licensing And Pricing, Q4 2007 by R Ray Wang for Business Process & Applications Professionals Making Leaders Successful Every Day Includes
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
A Forrester Consulting Thought Leadership Paper Commissioned By Gainsight April 2014 How To Get Started With Customer Success Management Table Of Contents Four Actionable Steps To Setting Up Your Customer
The Forrester Wave : Information Security Consulting Services, Q1 2016 by Martin Whitworth Why Read This Report In Forrester s 31-criteria evaluation of information security consulting service providers,
For: Application Development & Delivery Professionals The Forrester Wave : Financial Performance Management, Q3 2013 by Paul D. Hamerman, September 11, 2013 Key Takeaways FPM Solutions Boost Forecasting
Q1 Labs Corporate Overview The Security Intelligence Leader Who we are: Innovative Security Intelligence software company One of the largest and most successful SIEM vendors Leader in Gartner 2011, 2010,
Market Review and Outlook: Small and Medium Business Needs of Internet-Based Services October 2010 Sponsored by Verio, Inc. ABSTRACT In this report, readers will learn about the specific needs of small
Transforming SMB Security Stephen Banbury VP, Global SMB Channel & Alliances Compelling Trends for Change Symantec as a Leader in Security Winning Together 2 NOT SO LONG AGO SMB Attitudes Towards Business
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
For: CMOs The Forrester Wave : Innovation Agencies, Q4 2014 by Sarah Sikowitz, December 8, 2014 Key Takeaways SapientNitro, R/GA, And Frog Lead The Pack Forrester s research uncovered a market in which
The Forrester Wave : Global IT Infrastructure Outsourcing, Q1 2011 by Bill Martorelli and Wolfgang Benkel for Sourcing & Vendor Management Professionals Making Leaders Successful Every Day The Forrester
WHITE PAPER: SYMANTEC GLOBAL INTELLIGENCE NETWORK 2.0.... ARCHITECTURE.................................... Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Who
A Channel Company White Paper Online Security Beyond Malware and Antivirus Brought to You By: Abstract Security has always encompassed physical and logical components. But in the face of Bring Your Own
The Five Essential Metrics For Managing IT by Craig Symons with Alexander Peters, Alex Cullen, and Brandy Worthington EXECUTIVE SUMMARY CIOs frequently ask what IT should measure and report to business
SHARE THIS WHITEPAPER Top Selection Criteria for an Anti-DDoS Solution Whitepaper Table of Contents Top Selection Criteria for an Anti-DDoS Solution...3 DDoS Attack Coverage...3 Mitigation Technology...4
SOLUTION OVERVIEW: ALERT LOGIC THREAT MANAGER WITH ACTIVEWATCH DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD Protecting your infrastructure requires you to detect threats, identify suspicious
McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security
A Forrester Total Economic Impact Study Commissioned By SAS Project Director: Dean Davison February 2014 The Total Economic Impact Of SAS Customer Intelligence Solutions Intelligent Advertising For Publishers
Cloud Assurance: Ensuring Security and Compliance for your IT Environment A large global enterprise has to deal with all sorts of potential threats: advanced persistent threats (APTs), phishing, malware
October 6, 2011 The Forrester Wave : Web Analytics, Q4 2011 by Joe Stanhope for Customer Intelligence Professionals Making Leaders Successful Every Day October 6, 2011 The Forrester Wave : Web Analytics,
October 6, 2008 The Forrester Wave : Integration-Centric Business Process Management Suites, Q4 2008 by Ken Vollmer for Enterprise Architecture Professionals Making Leaders Successful Every Day Includes
For: Sourcing & Vendor Management Professionals The Forrester Wave : Global Workplace Services, Q1 2013 by William Martorelli and Wolfgang Benkel, March 25, 2013 Key TaKeaWays Vendors Move Beyond desktop
To Outsource or not to Outsource: That is the Network Security Question SilverSky 440 Wheelers Farm Road Suite 202 Milford CT 06461 silversky.com 2013 SilverSky Contents The Network Security Challenge...
MANAGED SECURITY SERVICES True Managed Security Services give you the freedom and confidence to focus on your business, knowing your information assets are always fully protected and available. Finding