G00229367 MarketScope for Managed Security Services in Asia/Pacific, 2012 Published: 9 October 2012 Analyst(s): Andrew Walls The Asia/Pacific market for managed security services continues to grow through the organic epansion of incumbent service providers and new providers entering the market. The market is fragmented, with domestic, regional and international vendors offering traditional and innovative services. What You Need to Know Adoption of managed security services (MSSs) in the Asia/Pacific region produced slightly over 40% revenue growth to an approimate total revenue of $980 million. 1 Nineteen vendors met the inclusion criteria for the 2012 MarketScope for managed security service providers (MSSPs) in Asia/ Pacific. An increasing number of multinational providers dominate the market. Providers based in the region are epanding their customer and revenue bases, but multinational providers are attracted to the market and moving rapidly to grab market share. Providers fall into four general groups: 1. Telecommunications/WAN providers (BT Global Services, AT&T, Orange Business Services, Telstra, Tata Communications, T-Systems and Verizon) 2. Integrators and consultancies with outsourcing operations and integration services (CSC, HCL Technologies, IBM Security Services and Wipro) 3. Pure-play security service providers (Seccom Global, earthwave, Paladion, Trustwave and e- Cop) 4. General IT vendors with major product lines outside of security (HP, Symantec and Dell) Service portfolios continue to epand, but have slowed as vendors focus on marketing established services and refinement of their go-to-market strategies for sales and service delivery. Remote management of traditional security infrastructure (for eample, firewalls) is the core service for all vendors in this research, but server log collation and analysis, endpoint management, vulnerability assessment and consulting are available from many MSSPs, and are growing in popularity with customers.
Sustained growth in revenue and devices under management 1 indicate rapid maturation of the enduser client organizations in the region. This is particularly apparent in the epansion of MSSs into the LAN environment for server log management and endpoint security management. Asia/Pacific client organizations have matured and are increasing their use of security outsourcing to gain operational fleibility to support internal growth and performance objectives. Clients in Asia/Pacific should look for providers that can supply a range of higher-value services, in addition to the security infrastructure management and monitoring services commonly provided by MSSPs. Several of the regional MSSPs have indicated that they have received offers for merger or acquisition from larger multinational organizations. Client organizations should anticipate more partnerships between multinational and local MSSPs, and some market consolidation of providers. MarketScope Participating Providers All vendors from our 2011 research qualified for inclusion this year, and two new entrants (Trustwave and T-Systems) also qualified. The new entrants increased the presence of multinational MSSPs in the region, with the MSSPs based outside of the region reporting 83% of total market revenue. Multinational MSSPs dominate the Asia/Pacific market and will continue to grow in number and market share (see Table 1 2 ). Page 2 of 30 Gartner, Inc. G00229367
Table 1. Vendors Participating in the MarketScope for Managed Security Services in Asia/Pacific, 2008 to 2012 2008 2009 2010 2011 2012 AT&T AT&T AT&T BT BT BT BT BT CSC CSC CSC Dell (SecureWorks) Dell (SecureWorks) DMZGlobal (Purchased by Telstra) earthwave earthwave earthwave earthwave earthwave e-cop e-cop e-cop HCL HCL HCL HP HP HP IBM IBM IBM IBM IBM Orange Orange Orange Orange Orange Paladion Paladion Paladion Paladion Paladion Seccom Global Seccom Global Seccom Global Seccom Global Seccom Global Symantec Symantec Symantec Symantec Symantec Tata Communications Tata Communications Tata Communications Tata Communications Telstra Telstra Telstra Gartner, Inc. G00229367 Page 3 of 30
2008 2009 2010 2011 2012 Trustwave T-Systems Unisys Unisys (Ceased offering MSS as independent service) VeriSign VeriSign (Purchased by SecureWorks Dell) Verizon Verizon Verizon Verizon Verizon Wipro Wipro Wipro Wipro Wipro Source: Gartner (October 2012) Page 4 of 30 Gartner, Inc. G00229367
Geographic Scope Gartner defines the Asia/Pacific region as including India, Thailand, Vietnam, Singapore, Malaysia, Indonesia, the Philippines, Australia, New Zealand, Hong Kong, the People's Republic of China, Taiwan and South Korea. Domestic MSSPs that focus all of their services on clients in Japan are not included in this research. The major multinational providers (that is, Verizon, Wipro, Symantec, Orange, IBM, HP, BT and AT&T) offer services in all countries within the region, with varying levels of local sales and technical support. Emerging multinational providers, such as T-Systems and Trustwave, offer services in many, but not all, countries in the region. Regional providers (such as HCL, e-cop, earthwave, Paladion, Seccom Global, Tata Communications and Telstra) support services in multiple countries, but are most active in their countries of origin. There are multiple domestic MSSPs with diverse portfolios in the Asia/Pacific region (such as Kavach Networks in India and Scan Associates in Malaysia). Unfortunately, these providers are not yet large enough to be included in our analysis. Methodology Gartner contacted 90 vendors of MSSs around the world for this research. The 19 providers that met our inclusion criteria then answered a more-detailed questionnaire and provided customer references for an online survey and teleconference interviews. In addition to our ongoing interaction with our clients in the Asia/Pacific region, we contacted 43 reference clients via an online survey. 3 In addition to data about their MSSPs, reference clients discussed general market conditions in their locations and the other MSSPs that featured in their procurement processes. The collection of vendor data and customer reference information took place between April and July 2012, and reflects the status of vendor operations as of April 2012. Although vendor statements concerning plans for future services and market initiatives were collected, this information was not used as part of the assessment of the vendor's current position in the Asia/Pacific market. Vendor statements regarding their product and service strategies for the future were assessed to determine the vendors' understanding of market drivers and the long-term viability and competitiveness of their service offerings. Managed Security Services in the Asia/Pacific Region MSSPs responding to Gartner's survey reported an aggregate increase in devices managed or monitored of 23% from 2011 to 2012 versus an increase between 2010 and 2011 of 16%. The diversity of vendor descriptions of device types under management does not support a detailed assessment of the relative growth in device counts for specific device types. Vendors report that 88% of devices receiving MSS are dedicated customer premises equipment (CPE), with 12% operating as virtual, shared devices. In previous research, non-cpe devices were referred to as "in the cloud" devices (ITC see Note 1). Virtualized security devices roughly correlate with ITC devices, which were reported at 6% in 2011. Virtualization of security infrastructure continues to epand as customers and vendors find advantage in applying virtual security controls to both dedicated and virtualized IT infrastructures. Gartner, Inc. G00229367 Page 5 of 30
Reported service revenue averaged $32 million per vendor. However, several major vendors did not provide revenue data. Accordingly, this revenue data is not a comprehensive indicator of the market size. The estimated revenue generated in the Asia/Pacific market is approimately $980 million. More than 8,400 clients were reported in the region. Service consumption by client organizations remains focused on remote management of firewalls, identify proofing services (IDPSs) and secure Web and email gateways, with limited uptake of other services (such as consulting and vulnerability assessment).small or midsize business (SMB) clients are growing in number and show a preference for local MSSPs, while large enterprise clients gravitate to the larger multinational MSSPs. MSSPs in the Asia/Pacific region provide a large number of ancillary security services in addition to traditional MSSs, including: Log collation and analysis Incident monitoring, alerting and escalation Vulnerability scanning and assessment Denial of service (DoS) and distributed denial of service (DDoS) mitigation Identity management services Remote connectivity encryption services (such as a virtual private network) Managed data loss prevention Security consulting (for eample, policy construction and maintenance) Multiple MSSPs indicate epansion of their service catalogs to include security services for mobile devices. As mobile devices become a major component of the endpoint fleet managed by IT organizations, MSSPs are positioning themselves as an attractive alternative to investment in inhouse skills and mobile device management products. The telco-based MSSPs are particularly well-structured to integrate mobile device management with their core security capabilities, given their investments in mobile services in other service channels. Client Drivers Clients in Asia/Pacific continue to epress a strong preference for providers with a security operations center (SOC) located in the region. This preference has aided the growth of local providers, but most multinational providers have invested in regional SOCs, effectively diluting geography as a competitive differentiator. In 2012, local MSSPs accounted for 27 out of the 40 SOCs (68%) owned by MSSPs doing business in the region. The dominant selection criteria cited by clients in 2012 were: Security epertise provided by the MSSP Quality of service delivered by the MSSP Cost of service Page 6 of 30 Gartner, Inc. G00229367
An increasing number of clients select an MSSP based on market reputation or a previous relationship with the customer organization. The use of market reputation as a selection criterion should motivate MSSPs in the region to focus more aggressively on marketing programs to enhance their visibility in the market and their overall reputation in the customer's country. Many clients discussed a need for greater fleibility, responsiveness and aggressiveness in service provision by MSSPs. These clients hire the MSSP for security epertise and epect the MSSP to anticipate and proactively prevent security or performance issues, rather than wait for the client to initiate an action. Multiple MSSPs (such as Symantec, Seccom and earthwave) are eperimenting with new price structures, and these changes are attracting larger, more mature client organizations. 3 4 MSSP support for regulatory compliance was not a major driver for MSSP selection or engagement. Most of the regional, pure-play MSSPs (such as earthwave, e-cop and Paladion) continue to enjoy ecellent customer loyalty, with very few customers lost during the past year. Customers indicate that their loyalty to these providers is based, in part, on the quality of interactions between customer personnel and support personnel within the MSSP's SOC operation. Market Outlook MSS has a strong and growing client base in the region, and the outlook for vendor growth and improved services for clients remains ecellent. Gartner anticipates that the Asia/Pacific market for MSS will continue to grow from 28% to 33% annually through 2015. Domestic markets in India, Malaysia, Singapore, Hong Kong and Australia will continue to epand, and emerging markets in the People's Republic of China, Korea and Taiwan will attract greater participation by foreign and new domestic MSSPs. In China, in particular, a number of new MSSPs have formed and are beginning to acquire notable numbers of customer contracts. The highest growth in customer counts will continue to be in the SMB sector, but larger enterprises will continue to epand the services they acquire from MSSPs, particularly services related to LAN-based equipment (for eample, desktop management and server log collation/analysis). Incumbent MSSPs seek increases in the quantity of devices under management and the discrete services being provided to clients to improve account profitability, and to create barriers for the entry of competitors into their client accounts. New MSSPs continue to appear in the local market, but their appearance is infrequent. Although the Asia/Pacific market has not been saturated with MSSPs, it is clear that the market has become more competitive. As a result, clients are being cautious about acquiring services from new MSSPs when well-established MSSPs are available in the local market, and Gartner epects no change in this attitude in the net 12 to 18 months. Governments across the region are steadily increasing the number of laws and regulations that limit the movement of various forms of data. Although most of these regulations focus on personally identifiable information and financial data, this general trend is motivating clients of MSS to prefer MSSPs with a domestic SOC in the customer's country. This is problematic for vendors, as it is difficult to scale MSSs in a cost-effective manner by continuous epansion of the number of SOCs. MSSPs with eisting SOCs in the region are enjoying some market increases based on client concerns about transborder data movement, and a few providers such as e-cop have benefited Gartner, Inc. G00229367 Page 7 of 30
from this trend through sales of their SOC solutions and support services for in-country SOC programs. Gartner epects data regulation to epand throughout the region. However, we do not epect legislation to block the movement of security infrastructure management data. Despite this, increasing regulation of other forms of data will be a factor in customers' decision processes regarding vendor selection, and should benefit local, domestic providers over providers with SOCs located outside of the country. Market/Market Segment Description MSSs includes remote, subscription-based monitoring and/or management of firewalls, intrusion detection, and intrusion prevention functions via customer-premises-based or ITC devices. Inclusion and Eclusion Criteria To be included in this MarketScope, an MSSP must: Demonstrate the ability to remotely monitor and/or manage firewalls and intrusion detection/ prevention (IDP) devices from multiple vendors via discrete service offerings Have more than 150 customer firewalls, network or host-based IDP systems, and Web/email gateways that are physically located in Asia/Pacific under management (installation, configuration, patching and monitoring), or have at least 50 Asia/Pacific customers that consume firewall, IDP or secure Web/email services in the cloud Have at least 30 customers based in the Asia/Pacific region Vendors that have MSS offerings, such as DDoS protection, log management or vulnerability scanning, but not device monitoring and management, are not included in this MarketScope. Also, providers of primarily Web or email hygiene and trust services (for eample, certificate authorities) are not included in this MarketScope. Others offer MSSs primarily to hosting customers, with limited offerings to others. As these providers epand the scope of their MSS offerings, they may be included in a future MarketScope. Added T-Systems, a division of Deutsche Telekom Trustwave Dropped None Page 8 of 30 Gartner, Inc. G00229367
Rating for Overall Market/Market Segment Overall Market Rating: Positive Continued growth in revenue and customer base indicates that the Asia/Pacific market for MSSs is well-established and should continue to grow. Customers' selection criteria continue to mature, increasing numbers of client organizations are seeking to outsource security services, and local and multinational vendors are moving aggressively to maintain price competitiveness and to epand their service portfolios to maintain profitability. Nearly all vendors indicated plans to maintain or epand investments in facilities and personnel throughout the region. All clients indicated that they intend to maintain or epand the services they obtain from their MSSPs. The market for MSSs in the Asia/Pacific region is still fragmented by geography, but many vendors are becoming more effective at working across national borders and cultural disparities. Continued economic competition between countries in the region will epand opportunities for security as a service (SecaaS) for customers and vendors, while data movement regulations will stimulate investment in local SOCs for domestic markets. Gartner, Inc. G00229367 Page 9 of 30
Evaluation Criteria Table 2. Evaluation Criteria Evaluation Criteria Overall Viability (Business Unit, Financial, Strategy, Organization) Geographic Strategy Sales Eecution/ Pricing Marketing Strategy Customer Eperience Product/Service Market Understanding Comment Viability includes an assessment of the overall organization's financial health, the financial and practical success of the business unit, and the likelihood that the individual business unit will continue investing in the product, offering the product and advancing the state of the art in the organization's portfolio of products. In the contet of the Asia/Pacific region, viability is determined by the level of corporate investment in facilities, staff and market development in countries within the region. In addition, Gartner looks for consistent growth in revenue and customer base, and stability in regional management. The vendor's strategy to direct resources, skills and offerings to meet the specific needs of countries and cultures within the Asia/Pacific region, directly or through partners, channels and subsidiaries, as appropriate for that geography and market. The vendor's capabilities in all presales activities and the structure that supports them. This includes deal management, pricing and negotiation, presales support, and the overall effectiveness of the sales channel. A clear, differentiated set of messages that are consistently communicated throughout the organization and eternalized through the website, advertising, customer programs and positioning statements, and that are tailored to the specific client drivers and market conditions found in the various countries and industries of the Asia/Pacific region. Relationships, products and services/programs that enable clients to be successful with the products evaluated. Specifically, this includes how customers receive technical support or account support. Customer satisfaction with the quality of interaction with vendor staff and with vendor reporting mechanisms (such as portals) is also considered. Core goods and services offered by the vendor that compete in/serve the defined market. This includes current product/service capabilities, quality, feature sets, skills and so on, whether offered natively or through OEM agreements/partnerships, as defined in the market definition and detailed in the subcriteria. Ability of the vendor to understand buyers' wants and needs, and to translate those into products and services. Vendors that show the highest degree of vision listen and understand buyers' wants and needs, and can shape or enhance those with their added vision. Weighting Standard High Standard Standard High Standard Standard Source: Gartner (October 2012) Page 10 of 30 Gartner, Inc. G00229367
Figure 1. MarketScope for Managed Security Services in Asia/Pacific, 2012 RATING Strong Negative Caution Promising Positive Strong Positive AT&T BT Global Services CSC Dell (SecureWorks) earthw ave e-cop HCL Technologies HP IBM Security Services Orange Business Services Paladion Seccom Global Symantec Tata Communications Telstra Trustw ave T-Systems Verizon Wipro As of 9 October 2012 Source: Gartner (October 2012) Vendor Product/Service Analysis AT&T AT&T is a multinational telecommunications provider with a limited presence in Asia/Pacific. The majority of AT&T's customers in the region are multinational corporations based outside of the region seeking consistent MSS delivery and a single-vendor relationship. Customers rate AT&T's services as "good." The growth of AT&T's customer base in the region has been very limited and its average revenue per device is aligned with market averages. AT&T is distinctive in the level of virtualization in its service portfolio, with a significant number of the devices under management being shared virtual infrastructure (nearly half of the total devices under management). Customers considering the use of AT&T in the Asia/Pacific region should seek local customer references and ensure that AT&T can provide field services (either directly or through partners) in the specific geography being considered. Gartner, Inc. G00229367 Page 11 of 30
Its global network services that enable client support in most locations via AT&T's own connectivity. The global recognition of the AT&T brand and its etensive MSS capabilities. AT&T's regional strategy for Asia/Pacific lacks relevance to the drivers epressed by customers in the region, such as local SOC operations, beyond the current virtual SOC maintained in Bangalore, India, and familiarity with local regulatory environments. AT&T's continuing reputation as a U.S.-centric vendor with minimal presence in the region. Optimal Use Case Multinational corporations (MNCs) seeking consistent MSSs across the globe without any requirements for localized data storage requirements. Rating: Positive BT Global Services Market uptake of BT's MSSs has increased over the past year (approimately 26% in the number of customer organizations), but BT's market share of MSSs in Asia/Pacific remains small in comparison to other major multinational MSSPs. BT is rarely mentioned by customers or competitors and does not appear in proposal shortlists with any frequency. BT's services are focused primarily on dedicated CPE device management and monitoring, and most of its customers are also customers of BT's network services. BT's customers are pleased with the services provided (rating = good), and have contracted for multiple services beyond regular security infrastructure management. BT's regional SOCs in India (Noida and Gurgaon) and Sydney, Australia (BT also maintains a SOC in Singapore dedicated to a single customer), combined with significant staff presence in Singapore and distributed sales presence enable client support throughout the region. Its globally recognized network services brand. It faces market perceptions of regional variations in service delivery practices and technology. Page 12 of 30 Gartner, Inc. G00229367
Optimal Use Case Organizations using BT network services that require a common approach to security that is implemented globally. Rating: Positive CSC CSC is a global vendor providing a range of IT, security and risk management services, including MSS. Its clients are primarily located in Australia, Singapore, Malaysia and Hong Kong, with the majority based in Australia. MSS is generally provided as part of a package of services, including outsourced management of server and desktop infrastructure and security consulting. CSC has considerable security- and risk-consulting capabilities, and is able to offer clients a holistic service. Clients rate CSC's services as good. In 2011, CSC Australia invested in a dedicated security business team to engage directly with client security stakeholders and management, which has led to greater client satisfaction with service delivery. In addition to its own in-house MSS capabilities, CSC also resells MSSs from McAfee and Symantec in Southeast Asia. CSC operates SOCs in Malaysia and Australia. Its ability to deliver a broad range of security and risk management services that range from infrastructure management up to risk management consulting to senior leaders in the client organization. Its risk management focus enables strong support from business leaders for security investments. Its knowledge of local regulatory requirements. Its apparent inconsistent knowledge and skills of staff interacting with and presenting to clients. Optimal Use Cases Enterprises in Australia, Singapore, Malaysia or Hong Kong seeking a single provider that can deliver a broad range of IT outsourcing, system integration, consulting and MSSs. MNCs that require a single provider in multiple countries that can provide diverse IT and security services in a single service package. Rating: Positive Gartner, Inc. G00229367 Page 13 of 30
Dell (SecureWorks) Dell acquired SecureWorks in 2011. This acquisition brought the SecureWorks security services platform, operations capabilities including several SOCs, the Counter Threat Unit (CTU) security research team and the client base. Dell has not epanded its client base in the region, and has yet to articulate a regional strategy for epanding the client base and revenue. Dell has epressed a strong commitment to Asia/Pacific, and currently has an established sales and service network for IT products and services throughout the region, in addition to an SOC already in place in Noida, India. Dell intends to leverage these networks and capabilities to epand its MSS assets and client relationships in Asia/Pacific. The market prominence of the Dell brand and its acquisition of other security capabilities (such as Quest Software and SonicWALL) provide a clear indication that Dell wants to continue to gain market share in security services in the future. Its well-developed security services portfolio with etensive MSS capabilities enabled by the SecureWorks acquisition. The SecureWorks security services platform, which offers strong service delivery and reporting capabilities. It has no established security services brand in the Asia/Pacific region. It has direct sales and service delivery representation in the region, but no eperience in MSS sales and service delivery. Optimal Use Case U.S.-based organizations with facilities and assets in the Asia/Pacific region. Clients with a strong investment in other Dell products and services. Rating: Promising earthwave earthwave is a pure-play MSSP based in Australia. Customer references consistently rate earthwave as an ecellent provider. earthwave's ability to retain quality personnel with deep eperience in security technology, MSS and customer environments is consistently identified as a competitive differentiator by multiple clients. The company's India-based R&D group supports improvements in its service portfolio. Although most of its clients are based in Australia, earthwave has a growing customer base in multiple countries in Southeast Asia. However, its revenue growth in 2011 was driven by an increase in the number of managed devices per customer, with growth in actual customers restricted to approimately 12%. earthwave has developed an effective sales channel strategy that leverages partners in multiple countries. Its "clean pipes" and SecaaS technical and pricing models continue to gain converts in multiple countries. In 2012, the company launched Page 14 of 30 Gartner, Inc. G00229367
SOC-in-a-Bo to support rapid deployment of MSSs to new clients, and more recently strengthened its Managed DDoS Mitigation Service. It is currently working on a cloud-based identity management service due for initial release in the first quarter of 2013. The company's SLAs are clearly stated and quite aggressive. Its ecellent focus on service quality. Its continuing investment in MSS innovations. earthwave's eecutive leadership has a mature understanding of security drivers within its client base. Its continued epansion outside of Australia and Southeast Asia, which may require investment in a SOC outside of Australia. earthwave's clients should anticipate that the lack of vendor support for languages other than English will impede interactions between client personnel and SOC engineers. Optimal Use Cases Australian and New Zealand-based companies seeking a high-quality MSS with a clearly structured service model. Asia/Pacific organizations that require a well-defined MSS and can use a service based in Australia. Rating: Strong Positive e-cop e-cop is based in Singapore, with SOCs in Singapore, Malaysia, Hong Kong, Thailand and India. In addition to MSSs, e-cop markets its proprietary SOC management software, and has met with considerable success throughout Southeast Asia in providing SOC solutions for in-house and vendor-operated SOCs. Although e-cop's core market is in Singapore, it has a large number of customers across Southeast Asia, North Asia, India and Oman. e-cop operates the largest network of SOCs of the MSSPs in its region, with eight SOCs in multiple countries. e-cop's ability to support SOCs in multiple countries has made it an attractive alternative for clients, such as local governments, that insist on in-country support facilities. Its clients are fiercely loyal and consistently rate e-cop's services as very good to ecellent. The founders of the company are still active in product innovation and day-to-day operations, and staff turnover is low. e-cop maintains a partnership with Solutionary (a U.S.-based MSSP), but it is not clear whether this partnership has produced substantial growth in revenue or customers. Gartner, Inc. G00229367 Page 15 of 30
Its proactive approach to incident response and containment. Its competitive pricing. It needs to maintain a competitive and innovative service portfolio despite its dependence on internal development of all components of its SOC capabilities. Optimal Use Case Enterprises based in Southeast Asia that seek a strong and highly responsive MSS delivered regionally by support engineers that speak local languages and dialects. Rating: Positive HCL Technologies HCL is based in India and operates a total of si SOCs globally, with three in India, one in Poland, one in the U.S. in North Carolina and one in South Africa. In addition to MSSs, it provides a broad range of IT consulting, system integration and outsourcing services. HCL has epanded its customer portfolio outside and inside India. However, few end-user organizations in Southeast Asia or Australia indicate that they include HCL on their shortlists for MSS. The company has a significant number of sales personnel throughout Asia/Pacific, with the majority based in India. Client reviews are generally good. HCL offers innovative product/service packages, leveraging its consulting and risk management capabilities across a range of technology platforms and security processes. HCL is regularly mentioned by competitors active in India. Its skilled and knowledgeable staff in its SOCs. Its competitive pricing and packaging. Its innovative ancillary services (consulting and system integration). Establishing the HCL brand throughout Southeast Asia as a credible competitor to eisting dominant MSSPs Its limited support for additional languages in Southeast Asia. Optimal Use Cases Enterprises based in India seeking a provider with an etensive service portfolio that includes MSS. Page 16 of 30 Gartner, Inc. G00229367
Enterprises in Southeast Asia and Australia that already have a relationship with HCL and can use an India-based SOC for MSSs. Rating: Positive HP HP has an SOC in Malaysia and is finalizing the build-out of an SOC in Australia, with completion targeted for year-end 2012. HP has sales staff distributed across the region. However, sales staff in Asia/Pacific are not dedicated to MSS. Customer reviews are generally positive. HP is seldom featured on shortlists for MSS for clients based in the region, and few competitors encounter HP in competitive bids. HP offers MSS as an independent service and packages MSS with other infrastructure management services. Customers have epressed some concerns about ongoing organizational changes at the top of HP's hierarchy, but have not indicated that service provision has suffered as a result of these changes. In addition to traditional MSS, HP offers cloud-based vulnerability scanning, vulnerability intelligence and endpoint threat management. Its global reach of sales and service channels. HP's strong brand reputation. The technical skills and knowledge of its SOC staff. Establishing HP MSS as an independent service that meets the needs of clients that do not use HP for other IT services. Customers should epect to license HP's Managed Security Response service in order to augment basic portal functionality with log collation and analysis to provide correlation of multiple sources of security data such as defined threats, and log entries from security infrastructure. Optimal Use Case Enterprises seeking MSS as part of a bundle of IT integration and management services. Rating: Promising IBM Security Services Gartner estimates that IBM has eperienced substantial growth in its customer base (approimately 90%) and the numbers of devices being managed for customers (approimately 55%). IBM has 10 SOCs globally, with Asia/Pacific SOCs in India, Australia and Japan. IBM's global reputation in IT infrastructure and services provides strong support for MSS marketing programs in Asia/Pacific. Gartner, Inc. G00229367 Page 17 of 30
IBM leverages multiple partnerships in the region to sell and deliver services (such as with Telstra in Australia). Customers' comments regarding the compleity of the IBM contract and billing processes have abated in the past year as IBM has invested in more-streamlined processes for customer adoption and support. Customer satisfaction with service delivery has been positive, but lack of support for local languages and dialects may hamper market growth in the region. Its integration of MSS with other IBM services IBM's strong brand recognition and reputation throughout the region. Its support for local languages, both in portal interfaces and customer service interactions with SOC personnel. It is relatively epensive compared with some competitors. Optimal Use Case Multinational organizations that require a global provider with demonstrated advanced threat detection capabilities. Rating: Strong Positive Orange Business Services Orange is a global provider of managed network and security services. Orange supports dedicated and virtual service delivery deployment models, including the option for clients to share device management responsibilities with Orange. Orange augments its MSSs with professional services. Clients are generally pleased with the quality and responsiveness of Orange's SOC and field personnel. Although Orange's offering targets primarily larger, multinational corporations, it has enjoyed some success with domestic organizations and SMB clients. Orange has eperienced limited growth in its customer base (approimately 11%) in the region. Its managed WAN capabilities in nearly every country in the world. Orange's global reach of sales, marketing and technical services staff. It needs to maintain a price-competitive service as the market becomes increasingly commoditized. Increasing the number of clients for security services unrelated to Orange network services. Page 18 of 30 Gartner, Inc. G00229367
Optimal Use Case Multinational enterprises that require MSSs delivered in a consistent manner globally Rating: Positive Paladion Paladion is a rapidly growing MSSP based in India with clients in Southeast Asia and the Middle East. In addition to traditional MSS, Paladion offers consulting services focused on security risk assessment, vulnerability assessment and security process assurance. Customers rate Paladion's performance as very good to ecellent, and Paladion's customer base epanded by more than 65% in 2011. In addition to selling and supporting private SOCs, Paladion operates two SOCs in India and one in Riyadh, Saudi Arabia. Through partnerships, Paladion supports SOCs in Malaysia (HeiTech), Indonesia (Anabatic Technologies) and Vietnam (igreen). Paladion is frequently included on shortlists for clients based in India. Paladion's management demonstrates a strong understanding of market drivers for MSS in the region, and has been effective in structuring specific service packages for multiple industry verticals. Paladion's professional services staff, who are highly skilled and provide ecellent customer support. The Paladion brand, which is well-recognized in India. Challenge Building brand recognition throughout the Asia/Pacific region. Optimal Use Case Organizations based in India or the Middle East that seek a fleible MSSP, but do not require globally distributed services. Rating: Positive Seccom Global Seccom Global is an MSSP based in Australia with customers throughout Asia/Pacific. Although the Fortinet multifunction firewall platform provides the bulk of its services to clients, Seccom has diversified its services to cover a broad range of network and security infrastructure, including a partnership with MobileIron for mobile device security services. Clients rate Seccom's service provision as ecellent. Seccom has significant market share in the SMB market in Australia and has made inroads in the enterprise and SMB markets in multiple countries. Gartner, Inc. G00229367 Page 19 of 30
Its deep knowledge of the Fortinet platform. Seccom's strong customer relationships. Its diversified portfolio of supported devices and services. Its limited SOC facilities, which create barriers to further regional/global epansion. Establishing credibility for its non-fortinet services. Optimal Use Cases Australian organizations seeking etensive MSSs with a small infrastructure footprint. Organizations based in the region that need an MSSP with security services for CPE infrastructure, as well as mobile devices and cloud platforms. Rating: Positive Symantec Symantec continues to grow its MSS business throughout Asia/Pacific. Symantec operates two SOCs in the region in India and Australia. Customers have reacted positively to Symantec's 2010 restructuring of MSS packaging and pricing. The majority of reference clients rate Symantec's service delivery as ecellent. Symantec consistently appears on customer shortlists throughout the region. Symantec's service packaging, pricing and marketing message target large, multinational enterprises, but it has gained some traction in the SMB market. Symantec's ability to provide a security service that etends from the endpoint, through network infrastructure, the network perimeter and into cloud platforms is attractive to clients seeking an all-in-one security service capability. However, Symantec's lack of support for local languages inhibits uptake in the SMB market. It is recognized as a major force in the IT security business globally. Symantec's globally distributed sales force. It has established capabilities embodied in two SOCs in the region. It needs to package services to appeal to the SMB market. Supporting local languages and dialects in the customer service portal. Page 20 of 30 Gartner, Inc. G00229367
Optimal Use Case Multinational enterprises that require MSSs delivered in a consistent manner globally Rating: Strong Positive Tata Communications Tata Communications provides MSSs through two SOCs in India and one in Singapore. The bulk of Tata Communications' customers in the region are located in India. Tata has gained traction in markets in Southeast Asia and Australia, with an approimate growth in customers of 35%. Tata Communications is rarely included in customer shortlists outside of India, and competitors rarely encounter Tata Communications in the Asia/Pacific region outside of India. Customers rate Tata Communications' services as good. It structured approach to CRM. The security epertise of its SOC staff. The competitive pricing of its core MSSs. Tata Communications needs to improve brand visibility outside of India. It needs to epand service delivery capabilities outside of India to meet client needs for consulting and local language support. Optimal Use Cases Multinational companies with significant operations in India. Asia/Pacific organizations that seek an aggressive price for MSSs. Rating: Positive Telstra Telstra offers MSSs via multiple channels, including its own services and those of IBM Internet Security Systems (ISS). Telstra provides network-based MSSs (for eample, DDoS mitigation) to Australian clients of Telstra's network services. Telstra also provides MSSs through IBM ISS for customers in Australia. Telstra struggles to develop a coherent strategy and consistent service portfolio and delivery model for MSSs within its geographic scope of operations. The recent divestiture of TelstraClear (owner of DMZGlobal, Telstra's MSSP in New Zealand) has created a gap in its service portfolio and uncertainty for customers in New Zealand. Although Telstra's services are robust, customers complain about slow responses to service requests. Telstra maintains a SOC in Gartner, Inc. G00229367 Page 21 of 30
Canberra, Australia, supporting MSS and IBM ISS. Telstra's hosting services remain attractive to domestic clients looking to outsource server management complemented by security services. Telstra is well-positioned to offer robust services to SMB and enterprise clients in Australia. Telstra's etensive portfolio of network services throughout Australia. Its etensive sales/service presence in Australia. Telestra's strong brand recognition in Australia. Its knowledge of local regulatory requirements. The development and delivery of a coherent, consistent strategy for MSSs that includes all countries targeted by Telstra. Establishing Telstra MSS as a service independent of Telstra's network services. Optimal Use Cases Customers of Telstra's hosting services in Australia that require managed services for application, data and infrastructure security Rating: Positive Trustwave Trustwave is a multinational information security and compliance products and services company headquartered in Chicago. Trustwave has sales and support personnel established in multiple countries in Asia/Pacific, but does not maintain a SOC in the region at the present time (an SOC is scheduled to open in Manila by year-end 2012). Trustwave is relatively new as an MSSP competing in the region, but has acquired an appreciable client base. Trustwave rarely appears on customer shortlists, and other vendors do not report encountering Trustwave in competitive bids. In addition to MSS, Trustwave provides a range of services from regulatory compliance assurance to security training and awareness development. Customers rate Trustwave's services as "good," but few clients have indicated that Trustwave is their preferred supplier of security services in the region. Its well-defined service portfolio for traditional MSS and other security services, including security awareness services. Its etensive sales/support offices in the region. Page 22 of 30 Gartner, Inc. G00229367
Its lack of an SOC in the region. Trustwave's limited portal support for local languages or dialects. Its limited brand recognition in the region. Optimal Use Case Trustwave clients in the U.S. and Europe seeking services in Asia/Pacific. Asia/Pacific organizations seeking strong consulting services focused on regulatory compliance support and security program development. Rating: Promising T-Systems T-Systems is the services wing of the Deutsche Telekom organization based in Germany. T- Systems maintains an etensive portfolio of information and communication technology (ICT) services, and has been successful in delivering portions of that portfolio in Southeast Asia through offices in various countries. MSSs form one part of its infrastructure portfolio, and T-Systems has enjoyed limited success in the region with a small number of customers. T-Systems' etensive services in secure application development and infrastructure design and management enable it to offer ancillary services for supporting security across a broad range of platforms and use cases. At present, its MSS portal offers no support for Asian languages. Its etensive service capabilities for MSS and system integration. Its well-defined MSS offerings for security infrastructure, server infrastructure and endpoint systems. Its lack of brand visibility in the region. There is no T-Systems SOC in the region. Its lack of support for local languages in the customer portal. Optimal Use Case European companies seeking consistent delivery of security services for offices in Asia. Asia/Pacific organizations seeking a provider with an etensive service portfolio beyond MSS. Gartner, Inc. G00229367 Page 23 of 30
Rating: Promising Verizon Verizon is a global communications, IT and security provider with a significant presence in Asia/ Pacific. Verizon maintains SOCs in Canberra (Australia) and in Chennai (India). Verizon uses a direct sales model in Asia/Pacific and maintains sales staff in most countries in the region. Verizon offers a broad portfolio of MSSs and consulting services. Verizon has invested heavily in a strong MSS capability with etensive portal features, including versions supporting English, Hindi and Japanese (as well as European languages). Customers rate Verizon's overall security service provision as "good." Verizon offers innovative services, packaging and pricing, and has demonstrated strong abilities to scale its delivery to suit a diverse range of clients. Support for local languages continues to be poor. Verizon's security epertise within SOCs and consulting teams. Its strong reputation as a security provider with a fleible approach to service definition and delivery. Its significant security intelligence analysis capability through data provided by Verizon network services. Verizon's competitive pricing. Challenge Improving customer satisfaction with the speed and consistency of service delivery, particularly related to escalation of detected security incidents. Optimal Use Case Multinational organizations requiring globally and/or regionally deployed security services, and major enterprises requiring managed gateways and support for local SOC development. Rating: Strong Positive Wipro Wipro is a large global MSSP with four SOCs in India and one in Malaysia. Wipro enjoys a growing customer base distributed across Asia/Pacific but concentrated in India. Customers consistently rate Wipro's services as very good. Wipro appears regularly on client shortlists throughout the region, and multiple competitors (regional and global) indicate that they encounter Wipro in multiple accounts. Wipro's strengths in system integration and consulting have produced a thorough and effective project management practice that facilitates smooth onboarding processes. Wipro's success in security consulting through the region has developed a positive market image for its brand. Page 24 of 30 Gartner, Inc. G00229367
Its knowledgeable and skilled staff. Wipro's strong reputation across the region for providing cost-effective IT and IT security services. Challenge It needs to balance growth and epansion into new markets with maintenance of service quality; in particular, maintaining the quantity and quality of staff serving eisting clients while using senior engineers in sales support in new markets. Optimal Use Case Organizations that seek an MSSP with strong ancillary services such as IT project management, consulting and system integration. Rating: Strong Positive Recommended Reading Some documents may not be available as part of your current Gartner subscription. "Magic Quadrants and MarketScopes: How Gartner Evaluates Vendors Within a Market" "Agenda for Information Security, 2012" "Cool Vendors in Security: Services and Cloud Security, 2012" "The Growing Adoption of Cloud-Based Security Services" "Hype Cycle for IT Infrastructure and Outsourcing Services, 2012" "Magic Quadrant for Unified Threat Management" "Magic Quadrant for Security Information and Event Management" "Security Monitoring of Public Cloud Assets" "Magic Quadrant for Global Network Service Providers" "Market Share Analysis: Unified Threat Management (SMB Multifunction Firewalls), Worldwide, 2012" "Navigating the Security Consulting Landscape" "Toolkit: RFP for Managed Security Services" Gartner, Inc. G00229367 Page 25 of 30
"Magic Quadrant for MSSPs, North America" "Translating 'Consultantspeak,' the Taonomy of Security Consulting Services" Evidence 1 The Asia/Pacific market continues to grow in terms of devices under management and total revenue generated by MSSPs. Not all vendors provide revenue and device data, so we produce estimated revenue and device data based on historical ratios and trends. Analysis of the reported and estimated device counts and revenues indicates: Total market revenue has grown from approimately $670 million in 2010 to approimately $980 million in 2012. Devices under management or monitoring grew from approimately 39,000 to approimately 49,000. The number of customers under contract grew from approimately 5,500 to approimately 8,500. 2 VeriSign's MSS organization was removed from the MarketScope in 2010 as a consequence of its purchase by SecureWorks. SecureWorks has, in turn, been acquired by Dell. DMZGlobal was acquired by Telstra in 2009 and was integrated into Telstra's overall security services portfolio. In 2012, Telstra divested TelstraClear, its New Zealand organization, which is the owner of DMZGlobal. 3 Clients were asked a range of questions concerning the services they consume from their MSSPs, and were asked to rate service quality as poor, fair, good, very good or ecellent. Clients' ratings of MSSPs were widely distributed, from poor to ecellent. These evaluations enabled most providers to attain a Positive ranking, with five achieving Strong Positive on the basis of their continued investment in innovation, brand marketing, customer service delivery and facilities in multiple countries. Customers indicated a strong preference for conversing with senior SOC personnel rather than junior or ineperienced customer service staff. The more rapidly a customer felt its issue had the attention of a skilled, senior SOC engineer, the happier it was with the overall service provided by the MSSP. 4 Service Pricing Strategy: Several MSSPs have restructured their pricing and packaging to more closely link cost to the services actually consumed by customers. These new pricing strategies focus on service rather than device, and incorporate metrics such as number of users and data throughput. A few MSSPs (for eample, Symantec and earthwave), are eperimenting with tiered pricing that incorporates device counts but refines price on other variables, such as total bandwidth consumed by customer traffic, number of users and bracketed device count ranges (for eample, one to 20 devices for one set price, and 11 to 30 devices for a second price). These eperiments indicate that the market is maturing, and that vendors are under pressure to reduce customer costs through vendor efficiency. MSSPs increasingly realize that per-device pricing creates a barrier for service epansion, and are using new pricing structures to reduce this client inhibition. These Page 26 of 30 Gartner, Inc. G00229367
changes all indicate that the Asia/Pacific market for MSSs is maturing and becoming more competitive. Gartner epects these pricing innovations will attract a steady flow of new clients to MSSs, and that eisting clients will epand the number of devices under management. It remains to be seen whether MSSPs will generate the same profit margin per client or per device with these new service prices, but most MSSPs have indicated satisfaction with profitability under the new price structures to date. Gartner requested that vendors provide pricing samples based on certain defined service types. The average annual prices for these defined services are: One dedicated midsize firewall under management and monitoring High: $33,660 Median price (n = 11 vendors): $10,200 Low: $2,900 Two redundant enterprise firewalls, one secure Web and one secure email gateway (all dedicated devices) High: $258,500 Median price (n = 11 vendors): $46,000 Low: $8,000 Redundant enterprise firewalls, 10 branch firewalls, two gateways, 20 log sources (including two domain controllers) High: $361,000 Median price (n = 11 vendors): $113,000 Low: $19,400 Firewall, secure Web, secure email provided from a shared infrastructure (cloud/virtual) High: $287,000 Median price (n = 11 vendors): $20,000 Low: $3,000 The large variation in prices for these defined services reflects variations in infrastructure deployment models (for eample, unified threat management [UTM] versus basic firewall), domestic market pressures, and vendor allocation of service delivery costs. Gartner, Inc. G00229367 Page 27 of 30
Note 1 Definitions ITC: In the cloud (ITC) deployment of security services is often referred to as "pipeline" or "clean pipes" services. In this deployment approach, security services are performed upstream of the customer's infrastructure by intercepting all inbound and outbound network traffic from the customer's facilities and processing that traffic through appropriate security infrastructure controlled by the MSSP. SOC: A security operations center (SOC) generally consists of a physically secure facility that houses infrastructure protection mechanisms for ITC services, the systems that monitor ITC and/or CPE infrastructure protection mechanisms, the systems for data and voice communications, and the work environments for staff interactions with monitoring and management systems. UTM: Unified threat management devices combine the following capabilities in a single device (virtual or dedicated infrastructure): Standard network stateful firewall functions Remote access and site-to-site VPN support Web security gateway functionality (anti-malware, URL and content filtering) Network intrusion prevention focused on blocking attacks against unpatched Windows PCs and servers Vendors Added or Dropped We review and adjust our inclusion criteria for Magic Quadrants and MarketScopes as markets change. As a result of these adjustments, the mi of vendors in any Magic Quadrant or MarketScope may change over time. A vendor appearing in a Magic Quadrant or MarketScope one year and not the net does not necessarily indicate that we have changed our opinion of that vendor. This may be a reflection of a change in the market and, therefore, changed evaluation criteria, or a change of focus by a vendor. Gartner MarketScope Defined Gartner's MarketScope provides specific guidance for users who are deploying, or have deployed, products or services. A Gartner MarketScope rating does not imply that the vendor meets all, few or none of the evaluation criteria. The Gartner MarketScope evaluation is based on a weighted evaluation of a vendor's products in comparison with the evaluation criteria. Consider Gartner's criteria as they apply to your specific requirements. Contact Gartner to discuss how this evaluation may affect your specific needs. The various ratings are defined in the table below: Page 28 of 30 Gartner, Inc. G00229367
MarketScope Rating Framework Strong Positive Is viewed as a provider of strategic products, services or solutions: Customers: Continue with planned investments. Potential customers: Consider this vendor a strong choice for strategic investments. Positive Demonstrates strength in specific areas, but eecution in one or more areas may still be developing or inconsistent with other areas of performance: Customers: Continue planned investments. Potential customers: Consider this vendor a viable choice for strategic or tactical investments, while planning for known limitations. Promising Shows potential in specific areas; however, eecution is inconsistent: Customers: Consider the short- and long-term impact of possible changes in status. Potential customers: Plan for and be aware of issues and opportunities related to the evolution and maturity of this vendor. Caution Faces challenges in one or more areas. Customers: Understand challenges in relevant areas, and develop contingency plans based on risk tolerance and possible business impact. Potential customers: Account for the vendor's challenges as part of due diligence. Strong Negative Has difficulty responding to problems in multiple areas. Customers: Eecute risk mitigation plans and contingency options. Potential customers: Consider this vendor only for tactical investment with shortterm, rapid payback. Gartner, Inc. G00229367 Page 29 of 30
Regional Headquarters Corporate Headquarters 56 Top Gallant Road Stamford, CT 06902-7700 USA +1 203 964 0096 European Headquarters Tamesis The Glanty Egham Surrey, TW20 9AW UNITED KINGDOM +44 1784 431611 Japan Headquarters Gartner Japan Ltd. Atago Green Hills MORI Tower 5F 2-5-1 Atago, Minato-ku Tokyo 105-6205 JAPAN + 81 3 6430 1800 Latin America Headquarters Gartner do Brazil Av. das Nações Unidas, 12551 9 andar World Trade Center 04578-903 São Paulo SP BRAZIL +55 11 3443 1509 Asia/Pacific Headquarters Gartner Australasia Pty. Ltd. Level 9, 141 Walker Street North Sydney New South Wales 2060 AUSTRALIA +61 2 9459 4600 2012 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be reproduced or distributed in any form without Gartner s prior written permission. The information contained in this publication has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. This publication consists of the opinions of Gartner s research organization and should not be construed as statements of fact. The opinions epressed herein are subject to change without notice. Although Gartner research may include a discussion of related legal issues, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner is a public company, and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research. Gartner s Board of Directors may include senior managers of these firms or funds. Gartner research is produced independently by its research organization without input or influence from these firms, funds or their managers. For further information on the independence and integrity of Gartner research, see Guiding Principles on Independence and Objectivity on its website, http://www.gartner.com/technology/about/ ombudsman/omb_guide2.jsp. Page 30 of 30 Gartner, Inc. G00229367