MarketScope for Managed Security Services in Europe

Transcription

1 Research Publication Date: 28 September 2009 ID Number: G MarketScope for Managed Security Services in Europe Carsten Casper, Tom Scholtz The market for managed security services in Europe has reached a mature stage. IT infrastructure and communications service providers dominate, security specialists fill a niche, and solid growth continues. Reproduction and distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner's research may discuss legal issues related to the information technology business, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions epressed herein are subject to change without notice.

2 WHAT YOU NEED TO KNOW Managed security services (MSS) in Europe show all the signs of a mature market, which continues to justify a Gartner MarketScope as the survey methodology. Yet the European MSS market still grows at a healthy pace. With an estimated revenue volume of $1.7 billion in 2009, a corresponding epected compound annual growth rate of 12% (2008 through 2013) and a 14% growth in the number of customers (year over year in 2009), it is still the fastest-growing segment of the security market. Participating Providers Our MarketScope in May 2008 surveyed 12 European managed security service providers (MSSPs). This year, 16 providers met our inclusion criteria (see Table 1). Table 1. MSSPs in Last Year's MarketScope and This Year's MarketScope AT&T May 2008 September 2009 AT&T Atos Origin BT Global Services BT Global Services Cable & Wireless Computacenter Getronics HCL Technologies HCL Technologies EDS, an HP Company IBM Internet Security Systems (ISS) Integralis Orange Business Services Symantec IBM ISS Integralis Orange Business Services Symantec Telefonica T-Systems VeriSign Verizon Business Wipro Technologies Source: Gartner (September 2009) T-Systems VeriSign Verizon Business Wipro Technologies Getronics continues to provide security services as an autonomous offering, but does not meet the inclusion criteria for this 2009 MarketScope. Getronics has decided to focus its investments and efforts in security integration and convergence of security into other IT services. Atos Origin, Cable & Wireless, Computacenter, EDS and Telefonica now meet our (slightly revised) inclusion criteria. VeriSign's MSS business has been acquired by the U.S. MSSP SecureWorks. Integralis received a purchase offer from NTT Communications, and the acquisition is pending. The market for stand-alone security services is changing there are fewer stand-alone security players active in the Pan-European market. Increasingly, security is built in to IT infrastructure Publication Date: 28 September 2009/ID Number: G Page 2 of 21

3 and communications services rather than sold separately. Siemens IT Solutions and Services has argued for several years that, even though it manages a variety of security devices and has hundreds of employees with security epertise, it always sells "secure managed services" (that is, secure management and monitoring of IT) rather than "managed security services" (that is, management and monitoring of security technology). In other words, security services are increasingly bundled with nonsecurity managed services and not sold as stand-alone services. Many other players in the market sell security services bundled with infrastructure management and outsourcing (for eample, Atos Origin, Computacenter, IBM ISS, HCL Technologies, EDS, T- Systems and Wipro Technologies) or bundled with communications services (for eample, AT&T, BT Global Services, Cable & Wireless, Orange Business Services, Telefonica, T-Systems and Verizon Business). Only a few providers focus on IT security (for eample, Integralis, VeriSign and Symantec). All providers in this MarketScope offer managed security services as discrete deals, while most also offer MSS bundled with other IT operations services. Geographic Scope The large European players serve the U.K. and Ireland; Benelu; Germany, Austria and Switzerland (DACH); France; and Southern and Eastern Europe fairly equally (considering population and gross domestic product). Scandinavia, however, is dominated by IBM ISS and several local vendors that are not covered in this MarketScope due to their restricted geographic scopes or sizes. Several of the included providers were close to being ecluded from this European market survey, because they still focus on their countries of origin, and some of the other European regions are largely uncharted territory for them. But despite their geographic scopes, they still complied with the inclusion criteria. Most of T-Systems' operations and clients are in Germany, while most of Telefonica's business is in Spain. The two major branches of Computacenter focus on Germany and the U.K., while Cable & Wireless's dominant territory is the U.K. and Ireland. BT Global Services and Orange Business Services have sizable operations in all regions, but BT's dominant market is still the U.K., and Orange is predominantly active in France. European Providers That Did Not Meet Our Inclusion Criteria A number of providers did not meet our inclusion criteria, because they focus only on a specific European country or region, do not have a sufficient number of security devices under management, or provide security services mostly via a partner: Dimension Data has chosen to partner in the area of MSS, rather than building a large internal capability. It does have modest operations in some parts of the world, including Europe, to service a particular local demand, but its overall strategy is to work with partners. Tata Communications provides MSS in Europe, but it does not meet the quantitative inclusion criteria. Getronics, according to its spokesperson, no longer envisions and considers security as a stand-alone issue in the long term but one that is interwoven in the customer's security management and back-end IT processes. It will continue to weave security services in the design of its work space offerings and to provide security as a service embedded in its global service centers and IT operations. Publication Date: 28 September 2009/ID Number: G Page 3 of 21

4 CSC offers MSS as a component of a broader security and risk management portfolio. Unisys provides a broad range of IT infrastructure and security services, with a significant European presence, but it currently does not meet the minimum requirements for the number of managed security devices (see the "Inclusion Criteria" section for the number of computer premises equipment [CPE] devices). SecureIT SA is a joint venture between the Swiss company ProActive Partners SA and the Canadian company Above Security. It emphasizes its Computer Emergency Response Team (CERT) capabilities in the French-speaking part of Switzerland, which is valuable for clients that do not want their networks, servers and applications to be monitored from outside Switzerland. Telindus is the IT services subsidiary of Belgacom, offering security services in Benelu, France, Spain, the U.K. and Ireland. It has multiple security operations centers (SOCs) in Europe, including one in Luembourg to fulfill additional regulatory requirements for data privacy. S21sec is a security specialist from Spain that offers MSS, but also provides services for log management, data retention and privacy. S2 Grupo is another security specialist in Spain that developed SOC products for event correlation and monitoring and claims a growing market share of MSS. A niche provider of security services in the U.K., dns also offers consulting, integration and testing services. While it does provide services to multinational customers, its stated aim is to be a leading provider within the U.K. Sentor Managed Security Services is a Swedish provider with clients in Scandinavia, the U.K. and Ireland, with a focus on intrusion detection systems (IDSs), intrusion prevention systems (IPSs) and firewall management. Retarus is a European provider of electronic business communications and business process automation solutions. It focuses on MSS and has clients all over the world. Methodology We contacted 48 providers of managed security services in Europe for this survey. Of them, 24 replied to our scoping questionnaire, and based on this information, we selected 16 providers that met our inclusion criteria. They then answered a more detailed questionnaire (25 questions) and provided references. We also contacted more than 90 reference clients and were able to collect information from more than 50 of them, via phone interviews or an online survey. Reference clients were not only asked for information about their provider, but also questioned about other providers on their shortlists. The assessment in this MarketScope was performed on the basis of survey data collected in March, April and June 2009, and client reference information collected in June, July and August Volume and Scope of Security Services in Europe The providers evaluated in this survey employ approimately 3,500 European security eperts to manage a total of around 25,000 firewall, network IPS, and and Web gateway devices for almost 4,000 client organizations. Most of these clients are from Benelu, DACH and France Publication Date: 28 September 2009/ID Number: G Page 4 of 21

5 (54%), and the U.K. and Ireland (36%). Scandinavia and Southern and Eastern Europe account for the remaining 11%. This survey focuses on the following security services, most of which are provided in customer premises equipment (approimately 90%), and a few are provided in the cloud (ITC approimately 10%): Firewall services IDS and IPS services (network and server) Secure Web and gateway In addition to security device management, most European providers claim to offer most of the following security services (in decreasing order of popularity): Vulnerability scans Log management Authentication services Encryption services, including virtual private networks (VPNs) Denial-of-service mitigation Threat intelligence information Identity management services User activity monitoring Data loss prevention services When asked for technology products that deliver all these services, not all providers could give satisfactory answers. Some reference clients reported that the evaluated provider was reluctant to support specific products (e.g., Enterasys' Dragon intrusion detection). Potential clients are well-advised to investigate which products are supported before choosing a provider. We also asked reference clients which of the following services they actually utilize. More than half of them also use the following from their providers: Vulnerability scans Threat intelligence information Log management services The other services are less popular. Only one reference client actually uses data loss prevention services an indication that this type of managed security functionality is not yet popular in Europe. MARKETSCOPE Deployment Scenarios In most cases, the provider monitors and/or manages security devices (firewalls, IPSs, and secure and Web gateways) that are installed as customer premises equipment or in the Publication Date: 28 September 2009/ID Number: G Page 5 of 21

6 provider's data center. In about a tenth of all cases, security services are provided in the cloud that is, device management is not visible to the client. A number of clients reported deployment scenarios that are different. For eample, several clients have two security providers, each with different roles. One provider, often a telecommunications provider, manages the security infrastructure (such as firewalls), and the other provider conducts penetration tests and audits. In another scenario, copies of the firewall logs are forwarded in real time to a second provider for aggregation, correlation and analysis. From a security perspective, using two (or more) providers makes sense, because it enforces the segregation-of-duty principle for eample, one provider manages the device (change administration and availability monitoring), and another provider monitors events and alerts generated by the device. However, segregation of duties does not rank high as a business requirement. Indeed, most clients use a provider that does both device management and monitoring. It should be noted that one of these providers can be the internal IT department, which manages the devices; an eternal provider analyzes the log files and raises an alert if it detects security problems. This way, the company retains control over its infrastructure and maintains security epertise, but ongoing analysis, especially after hours, is done by the third party. Another scenario is one in which smaller locations are connected via the Internet, each protected with a firewall or a security gateway. Larger locations are connected directly to a secure backbone or VPN of a communications provider (that is, without additional firewalls), because the communications provider keeps that network completely separate. Connectivity to the Internet is then provided at a central point and secured with larger Web, and firewall gateways. In this scenario, which was reported by a client, the firewalls are managed by an MSS provider (which had been acquired by an infrastructure outsourcer), and the private network that connects larger locations is managed by a telecommunications provider (which had moved into security services). While such a scenario utilizes both types of providers most efficiently, it does raise questions about consistent security management and central alerting capabilities and, hence, its effectiveness. Provisioning of MSS is no longer limited to fied locations. For eample, sports events often move from country to country, and they require a large bandwidth and high security for only a very limited time frame (maybe several weeks). Some providers have developed the skill to design and plan security services upfront and deploy infrastructure and secure connectivity very quickly. Such planning skills also help clients with fied locations; one provider prides itself on its "zeroimpact transition," meaning that the transition of operations from the client (or from the incumbent provider) to the new security service provider does not interfere with business operations. Interaction Between Client and Provider In all cases, relationship management between the client and the provider is important. Most reference clients want to see their provider at least every quarter, and some clients, every month or even every week. Only a fifth of the reference clients meet with their provider once a year or less frequently. Having a representative of the provider working on-site with the client is a common setup for larger contracts. Typically, this is not a purely operational role; rather, this individual manages communications and contract changes, and due to proimity, he or she is better positioned to understand the client's business. Having an on-site representative also works the other way around. A large client, which already had an on-site presence in virtually all countries around the world, decided to send some of its security eperts to the remote SOC of the MSSP. Granted, this is an eception rather than the rule. Publication Date: 28 September 2009/ID Number: G Page 6 of 21

7 Business Drivers According to the MSSPs surveyed, "reducing costs" is the key driver behind most clients' buying decisions, followed by the frequent "lack of in-house epertise." In the current economic climate, many clients also strive to "reduce capital ependiture." "Lack of in-house resources" (rather than "lack of in-house epertise") is the fourth most important driver. In Europe, regulatory compliance and service standardization play less of a role. Epectations of benefiting from large-scale-threat analysis, or from separating operations and security, range at the lower end of the scale. Pure-play security providers need to provide compelling pricing or value differentiation to compete in this cost-focused market. Industry Verticals Most of the reference clients evaluated for this research were from banking, manufacturing and transportation. Reference clients from banking and manufacturing also dominated in the MarketScope for MSS in Asia/Pacific. Potential customers, especially from other industries, should insist on speaking to reference clients from their specific industry vertical. The providers from this survey, however, see most of the demand for managed security services coming from insurance, banking and government (in that order). One provider eplained the No. 2 rank for banking by citing the prevailing attitude that some banks want to keep ownership and control over their security infrastructures. Indeed, one bank eplicitly ruled out ever using an eternal provider for management of its security gateway, which it considers core business infrastructure. Purchasing Behavior The bulk of the contracts for MSS in the European region are valued between 100,000 and 500,000 per year (45% of contracts), while 25% of contracts are below 100,000 per year, and 30% of contracts are above 500,000 per year. These contract sizes were higher than those found in North America (the average annual contract value is between $100,000 and $150,000) and in Asia/Pacific (57% are below $150,000, and 30% are between $150,000 and $750,000). The question whether offshoring security services is a good or a bad thing occasionally came up in discussions with reference clients. In one case, a U.K. client deliberately invited only offshore providers to the bidding process under the assumption that onshore providers would not be able to meet the required low price point. After an evaluation of several offshore locations, India came out on top due to English-language capabilities and cultural proimity. As an alternative to an Indian MSSP, a captive center in India (that is, company-owned offshore operations) was also considered. In other cases, clients considered offshore providers, but opted against them, based on the argument that relationship management costs are significantly higher. "Pricing" is the primary reason for rejecting a provider's offer in Europe. "Lack of epertise" and "service" are also frequently cited. Some other reasons for ecluding providers from shortlists are: Industry epertise for eample, one provider was not familiar with handling personal data in the insurance sector Corporate strategy for offshore services that is, European providers were ecluded from the RFP Publication Date: 28 September 2009/ID Number: G Page 7 of 21

8 Country coverage beyond Europe for eample, one provider was dismissed because of a lack of coverage in South America and Asia/Pacific, and another provider was unable to cover the Czech Republic Occasionally, providers were considered, included and finally chosen for political reasons, despite pricing, epertise or service concerns. In several cases, the contract with the incumbent provider was renewed, because a full-fledged tender and potential switch of providers were considered too cumbersome. In fact, many reference clients indicated that an established relationship with a given provider is an important selection criterion. Outlook In 2010, the market for MSS in Europe will continue to grow, both in volume and in breadth of features and services. Management of customer premises security devices will still be dominant, but the share of in-the-cloud security services will increase. More and more security deals will include identity-based services (such as authentication and user monitoring) and log management. Data loss prevention services, however, will not see a major uptake. Thanks to a decreasing number of global, and regional, players, security technology vendors will seek closer relationships with a strategic service provider, ensuring collaboration between sales forces and dedicated training for the provider's staff. On the other hand, as local players increase in size and reach, new regional players will enter the European market, trying to differentiate themselves with innovative technology and a fleible portfolio of supported products. The trend of shifting the focus from IT security services to broader IT risk management will continue. This is reflected in dashboards and portals that map device information to business assets, that display risk-based metrics, and that support relationship management, in addition to IT process alignment. Market/Market Segment Description Managed security services include remote, subscription-based monitoring and/or management of firewalls, IPSs (see Note 1), and secure Web and gateways (see Note 2) via customerpremises-based or cloud-based equipment. Inclusion and Eclusion Criteria To be included in this MarketScope, an MSSP must have the following qualifications: Have more than 500 customer firewalls or network- or host-based IPSs that are physically located in Europe under management (installation, configuration, patching and monitoring), or have at least 100 European customers that consume firewall or IPS services in the cloud. Have client organizations in at least three of the following five European regions the U.K. and Ireland; Scandinavia; Benelu, DACH and France; Southern Europe; and Eastern Europe (see Note 3 for a definition of our regional grouping) Be headquartered in Europe, or have a substantial regional head office in Europe Present reference accounts relevant to Gartner customers in Europe Vendors that have only MSS offerings such as distributed-denial-of-service protection or vulnerability scanning but not device monitoring and management are not included. Providers of primarily Web and hygiene and trust services (for eample, certificate authorities) are not included. Other vendors offer MSS primarily to hosting customers, with limited Publication Date: 28 September 2009/ID Number: G Page 8 of 21

9 offerings to others. As these providers epand the scope of their MSS offerings, they may be included in future MarketScopes. Rating for Overall Market/Market Segment Overall Market With a portfolio of mature basic services and an array of innovative options, the MSS market in Europe has stabilized to a mature level with a solid growth perspective, despite or to some etent because of a difficult global economic climate. Secure infrastructure management is a prerequisite for businesses that have to cut costs and operate under regulatory scrutiny and tight competition. Outsourcing of security to "nearshore" or offshore countries has become a normal business option for most organizations, ecept for some areas of financial services (where filtering is kept in-house) and sensitive areas of government. Where security concerns remain, physical operations in the European Union and Switzerland are an option for most providers in this research. MSS customers usually etend their outsourcing contracts and occasionally change providers, but they rarely move services back in-house, which is still considered the more costly option. These factors have resulted in the MSS market in Europe growing at a 12% compound annual growth rate from 2008 to 2013 (with the market size for 2009 forecast at $1.7 billion), which makes it one of the growth sectors in the IT industry. Evaluation Criteria Table 2. Evaluation Criteria Evaluation Criteria Comment Weighting Overall Viability (Business Unit, Financial, Strategy, Organization) Viability includes an assessment of the organization's financial health; the financial and practical success of the business unit; and the likelihood that the individual business unit will continue investing in the product, offering the product and advancing the state of the art among the organization's portfolio of products. Additional areas assessed include management eperience, the number of customers in Europe, investment in R&D, and understanding of business and technology trends. High Publication Date: 28 September 2009/ID Number: G Page 9 of 21

10 Evaluation Criteria Comment Weighting Geographic Strategy This includes the vendor's strategy to direct resources, skills and offerings to meet the specific needs of regions outside the native area directly or through partners, channels and subsidiaries, as appropriate for the region and market. We considered the vendor's ability to articulate the differences between the U.S. and European MSS markets, as well as differences within Europe. Standard Offering (Product) Strategy Marketing Strategy Customer Eperience Source: Gartner (September 2009) This is the vendor's approach to product development and delivery, which emphasizes differentiation, functionality, methodology and feature sets as they map to current and future requirements. We considered the number of target platforms vendors can manage. This is a clear, differentiated set of messages, consistently communicated throughout the organization and eternalized through the website, advertising, customer programs and positioning statements. In addition, we considered how vendors measure the effectiveness of marketing programs. These are relationships, products and services/programs that enable clients to be successful with the products evaluated. Specifically, this includes the ways customers receive technical and account support. These can include ancillary tools; customer support programs (and the quality thereof); and the availability of user groups, service-level agreements (SLAs) and so on. We also assessed vendors' implementation processes and system integration and consulting capabilities. Reference client feedback was particularly important in the rating for this criterion. Low High High Publication Date: 28 September 2009/ID Number: G Page 10 of 21

11 Figure 1. MarketScope for Managed Security Services in Europe RATING Strong Negative Caution Promising Positive Strong Positive AT&T Atos Origin BT Global Services Cable & Wireless Computacenter EDS, an HP Company HCL Technologies IBM ISS Integralis Orange Business Services Symantec Telefonica T-Systems VeriSign Verizon Business Wipro Technologies As of 28 September 2009 Source: Gartner (September 2009) Vendor Product/Service Analysis Atos Origin Atos Origin is an international IT services company with three primary service lines: consulting, system integration and managed operations. It is listed on the Paris Eurolist market. Staff knowledge of security processes and technologies. Eperience in integrating security services with comple, large-scale IT programs. Ability to foster strong working relationships with clients. Pricing perceived as good value for the money. Geographic coverage in terms of locations and resources, especially in Europe. Ability to leverage eisting outsourcing relationships for security services. Clients report occasional shortages of appropriate staff resources. Publication Date: 28 September 2009/ID Number: G Page 11 of 21

12 AT&T AT&T is a venerable network service provider that tends to emphasize its global approach (it is present in over 200 countries) rather than regional differentiation. It offers managed security services to European clients via a U.S.-based SOC. The global presence of skilled resources and infrastructure. The ability to leverage eisting communications clients for upselling managed security services. AT&T's MSS is perceived by reference clients to be comparatively epensive, but nonetheless, good value for the money. AT&T's overall rating is Promising due to its global strength and capabilities, not because of deep regional epertise in Europe. Tight bundling of security services with network services is dominant, illustrated by a high number of services that are provided ITC. According to reference clients, the size of the organization occasionally results in bureaucratic obstacles to responsiveness. Portal capabilities could still be improved to include mapping security services to business assets. AT&T reveals less information about its European operations than most other providers. It is rarely seen as a competitor for MSS in Europe. Rating: Promising BT Global Services BT is an established name in network and communications services in Europe. Because of ongoing investments and strong marketing that ehibits regional insights, BT also managed to shape a decent security service profile. BT has an etensive security service portfolio and drives the adoption of ITC services. Eperienced and knowledgeable staff. Fleibility and ability to develop good working relationships with customers. Geographic coverage in terms of locations, customers and resources in Europe. Ability to leverage eisting client relationships for security services. Based on the number of firewall, IPS and secure gateway devices, BT is the largest provider of MSS in Europe. Not surprisingly, all other providers in our survey see BT as a competitor. Publication Date: 28 September 2009/ID Number: G Page 12 of 21

13 Internal process alignment and communication between different BT business units sometimes impact service delivery. Fleibility on service packaging is often not available to smaller customers. Even though BT's client-facing staff is in Europe and clients are protected by BT's SLA, some clients are concerned that services are contracted to an operations center in India. Cable & Wireless Cable & Wireless is an international communications company. It operates through two standalone business units Cable & Wireless Worldwide and CWI. The Worldwide business specializes in offering communications services such as Internet connectivity, data, voice and hosting to large enterprise, reseller and carrier customers. It operates globally, with core markets in the U.K., Asia/Pacific, and Europe, the Middle East and Africa (EMEA), and provides connectivity in 153 countries. Based on the number of devices, Cable & Wireless is the smallest provider of CPE MSS in Europe, but one of the larger players in terms of ITC security services. Ability to leverage eisting telecommunications client base for selling managed security services. Marketing must be improved to establish a profile in the European information security community. Levels of support for nonstandard requests are not as good as for standard change requests and can be improved. Cable & Wireless is rarely seen as a competitor for MSS in Europe. Computacenter Computacenter is listed on the London Stock Echange and is an established European provider of outsourcing, out-tasking and support services. Founded in the U.K., it has steadily epanded into continental Europe over the past two decades. Ability to leverage eisting client base for upselling managed security services. Differentiating its MSS in a very competitive market. Computacenter is rarely seen as a competitor for MSS in Europe. Rating: Promising Publication Date: 28 September 2009/ID Number: G Page 13 of 21

14 HCL Technologies HCL Technologies is an offshore provider that can build on its eperience as a strong player in the local market in India. In Europe, HCL is still a small player, but has good growth potential. HCL eperienced the highest growth rate (in terms of customers) in 2009 of all providers in this MarketScope, albeit from the lowest level. Competitive pricing. Number and quality of skilled resources. Fleibility on engagement management. Eperience in providing offshore, shared-resource environments. Becoming more proactive in managing client relationships for eample, helping clients come to terms with new security challenges and vulnerabilities. Training staff to think "outside of the bo." HCL's staff is very good when eecuting on eisting processes, but clients report a lack of proactiveness when the staff is faced with new scenarios. Continuing to focus on epanding local language capabilities for on-site support. Other providers in this survey do not currently perceive HCL as a competitor. EDS, an HP Company EDS, a fully owned subsidiary of HP, is a global IT services company. In April 2008, EDS acquired Vistorm, an established security services and consulting vendor based in the U.K. In May 2008, HP announced its intention to acquire EDS, and the deal was concluded in the second half of Core skills and technical epertise of its staff. Availability of infrastructure and uptime of security devices are reported to be very good. Reports sometimes still contain too much technical data. EDS must continue to improve the ability to relate security service delivery and reporting to actual business value. Ensuring that the skills and fleibility that were hallmarks of Vistorm are not lost in the new HP-EDS conglomerate. EDS must address the inconsistent perceptions of price competitiveness. Publication Date: 28 September 2009/ID Number: G Page 14 of 21

15 IBM ISS IBM ISS combines two strong brands in IT and security services. The integration of ISS into IBM has been completed. Epertise and strong reputation in the information security community. Global presence and brand. MSS pricing is perceived to be a good value for the money. IBM ISS is almost always seen as a competitor in MSS. Bureaucratic administration of commercial relationships. IBM ISS proposals often get rejected based on the pricing. Rating: Strong Positive Integralis Integralis is a comparatively small provider of MSS in Europe, but it covers many major European regions and maintains SOCs in the U.K., France, Sweden and Germany. In June 2009, NTT Communications announced its intention to take over Integralis; at the time of this writing, the offer acceptance period is still ongoing. NTT Communications, however, plans to keep Integralis as an independent subsidiary of NTT Communications to help Integralis maintain its focus and culture. Management and the supervisory board of Integralis support the takeover. Pricing, while not cheap, is perceived to be a good value for the money. Quality of staff both technical and account management staff. Service delivery, geographic distribution of SOCs, and standardized product and service portfolio satisfy customers. If the takeover is completed successfully, Integralis has the financial backing of a strong multinational communications company. Evolving its pricing model to make it more suitable for on-demand services. Ensuring staff skills are kept up to date across a broad range of support technologies. Although Integralis does manage some large multinational companies, most contracts are less than 500,000 in volume per year. Rating: Strong Positive Orange Business Services Orange Business Services is the brand name under which France Telecom offers most of its products and services, including its MSS portfolio. The company is a sizable player in the MSS Publication Date: 28 September 2009/ID Number: G Page 15 of 21

16 space in Europe because of its large base of network and communications clients. Security services are available independently, but many sales combine aspects of network operations and security services. Ability to leverage eisting client relationships for selling security services. Global coverage and good presence in all major European regions. Fleibility in service customization. Range and depth of security services. Improving the speed of solution delivery. Improving its price competitiveness. The portal's integration between security infrastructure management and vulnerability scan information is basic. Symantec Symantec provides storage and system management and offers a comprehensive portfolio of security products and services. It targets large enterprises globally distributed multinational companies are the primary customers of Symantec MSS. Eperienced and knowledgeable staff. Symantec is effective in managing customer relations. Symantec's strongest assets are its global security intelligence and its technology, channel and service partners. Pricing is perceived to be above market rates and the most commonly quoted reason for rejection among this survey's reference clients. Clarity of focus is lacking among a multitude of different products and solutions. Since Symantec does not break down revenue or resource information by country or by device type, Symantec's footprint in Europe is difficult to judge. T-Systems T-Systems is the information and communications technology service arm of Deutsche Telekom and provides managed security services targeted at named multinational clients, large enterprises and smaller German organizations. Publication Date: 28 September 2009/ID Number: G Page 16 of 21

17 Breadth of solution portfolio. T-Systems offers firewall management on customer premises and in the cloud, as well as a variety of complementary security services. Depth of technical epertise. Articulating the business value of pricing, which is perceived to be above the market average. Mitigating negative client perceptions that come from continuing reorganization and workforce reductions. Improving coordination between different business units and departments. T-Systems' main challenge remains its lack of a profile in security communities outside of German-speaking countries. Telefonica Telefonica is a large telecommunications provider focusing on Spain, Europe, and North and South America. It provides firewall, IPS, and Web and gateway management, as well as a variety of complementary security services. Pricing is competitive and a good value for the money. Fleibility in adapting to client requirements. Ability to foster and maintain strong local relationships. Improving the quality of service delivery and service management to competitive standards. None of the providers in this survey see Telefonica as a competitor in MSS. Telefonica's main challenge is its lack of a profile in security communities outside Spanish-speaking countries, resulting in a shortage of English-speaking reference clients. Clients report that service management (not technology management) could be improved (for eample, document quality and scheduling). VeriSign On 7 July 2009, the MSSP, SecureWorks, announced that it completed its acquisition of VeriSign's managed security services business. SecureWorks is a security services vendor that, prior to acquiring the MSS business of VeriSign, was primarily active in the U.S. market. Quantity and quality of skilled staff members. Publication Date: 28 September 2009/ID Number: G Page 17 of 21

18 Willingness to adapt to client requirements. Retaining skilled staff after the SecureWorks acquisition. Ensuring continuity of service to European VeriSign clients. Verizon Business Verizon Business (the solution arm of the telecommunications provider Verizon) is a mainstream MSS provider with good coverage in Europe after the acquisition of Cybertrust (formerly, Ubizen). Verizon offers on-premises device management and security services in the cloud, especially and Web gateway security via a partnership with MessageLabs. Epertise and eperience of staff. Fleibility in client relationships and service discussions. Reference clients chose Verizon mostly because of its pricing and service quality. Ability to leverage eisting clients to offer security services. Most reference clients have been with Verizon (or one of its predecessors) for many years. Verizon Business is often indicated by other MSSPs in Europe as a competitor. Improving customer administration processes. Retaining the "small provider" culture of Ubizen within the much bigger Verizon organization. Avoiding too aggressive upselling, and retaining an understanding of European client requirements. Rating: Strong Positive Wipro Technologies Wipro Technologies is an offshore IT service and system integration provider based in India. It offers MSS to organizations in Europe from a primary control center in India, supported by regional SOCs in the U.K., Romania and the U.S. Large talent pool of very skilled technical resources. Competitive prices. Complementing the ecellent technical skills of its staff with more practical eperience in business environments. Staff resources for on-site field support in Europe are limited. Publication Date: 28 September 2009/ID Number: G Page 18 of 21

19 Wipro is rarely seen as a competitor for MSS in Europe. RECOMMENDED READING "The Global Managed Security Services Provider Landscape" "Toolkit: Selecting the Right Managed Security Services Provider" "Magic Quadrant for MSSPs, North America" "MarketScope for Managed Security Services in Asia/Pacific" "Magic Quadrants and MarketScopes: How Gartner Evaluates Vendors Within a Market" Note 1 Intrusion Detection System and Intrusion Prevention System For the purposes of this research, we ignore the differences between intrusion detection systems and intrusion prevention systems. Whenever we use IPS, we mean both. Note 2 Secure Web and Gateway Services Secure Web and gateway services refer to the filtering of malware from Web and traffic at the gateway. This does not include filtering at the endpoint. Note 3 Regional Grouping Our regional grouping is similar to that of the U.N. (see Europe-UNsubregions,_Kosovo_as_part_of_Serbia.png), ecept that we differentiate the U.K. and Ireland from Scandinavia and do not include Russia in Eastern Europe. Vendors Added or Dropped We review and adjust our inclusion criteria for Magic Quadrants and MarketScopes as markets change. As a result of these adjustments, the mi of vendors in any Magic Quadrant or MarketScope may change over time. A vendor appearing in a Magic Quadrant or MarketScope one year and not the net does not necessarily indicate that we have changed our opinion of that vendor. This may be a reflection of a change in the market and, therefore, changed evaluation criteria, or a change of focus by a vendor. Gartner MarketScope Defined Gartner's MarketScope provides specific guidance for users who are deploying, or have deployed, products or services. A Gartner MarketScope rating does not imply that the vendor meets all, few or none of the evaluation criteria. The Gartner MarketScope evaluation is based on a weighted evaluation of a vendor's products in comparison with the evaluation criteria. Consider Publication Date: 28 September 2009/ID Number: G Page 19 of 21

20 Gartner's criteria as they apply to your specific requirements. Contact Gartner to discuss how this evaluation may affect your specific needs. In the below table, the various ratings are defined: MarketScope Rating Framework Strong Positive Is viewed as a provider of strategic products, services or solutions: Customers: Continue with planned investments. Potential customers: Consider this vendor a strong choice for strategic investments. Positive Demonstrates strength in specific areas, but eecution in one or more areas may still be developing or inconsistent with other areas of performance: Customers: Continue planned investments. Potential customers: Consider this vendor a viable choice for strategic or tactical investments, while planning for known limitations. Promising Shows potential in specific areas; however, eecution is inconsistent: Customers: Consider the short- and long-term impact of possible changes in status. Potential customers: Plan for and be aware of issues and opportunities related to the evolution and maturity of this vendor. Caution Faces challenges in one or more areas: Customers: Understand challenges in relevant areas, and develop contingency plans based on risk tolerance and possible business impact. Potential customers: Account for the vendor's challenges as part of due diligence. Strong Negative Has difficulty responding to problems in multiple areas: Customers: Eecute risk mitigation plans and contingency options. Potential customers: Consider this vendor only for tactical investment with short-term, rapid payback. Publication Date: 28 September 2009/ID Number: G Page 20 of 21

21 REGIONAL HEADQUARTERS Corporate Headquarters 56 Top Gallant Road Stamford, CT U.S.A European Headquarters Tamesis The Glanty Egham Surrey, TW20 9AW UNITED KINGDOM Asia/Pacific Headquarters Gartner Australasia Pty. Ltd. Level 9, 141 Walker Street North Sydney New South Wales 2060 AUSTRALIA Japan Headquarters Gartner Japan Ltd. Aobadai Hills, 6F 7-7, Aobadai, 4-chome Meguro-ku, Tokyo JAPAN Latin America Headquarters Gartner do Brazil Av. das Nações Unidas, andar World Trade Center São Paulo SP BRAZIL Publication Date: 28 September 2009/ID Number: G Page 21 of 21