Here at Solutions Review, we’ve written extensively about the cybersecurity staffing crisis negatively affecting the industry. It’s proven a significant hindrance to implementing the necessary cultural and technological changes enterprises need to fulfill modern cybersecurity best practices. Therefore, enterprises have sought out Managed Security Services (MSSs) to fill in their employment gaps and ensure that their enterprises are as secure as possible on their digital fronts.
In this spirit, research firm Gartner has recently released the 2018 iteration of its Managed Security Services Worldwide Magic Quadrant Report to assist enterprises in selecting their MSS vendor. For the unfamiliar, Gartner examines the strengths and weaknesses of the 17 Managed Security Services vendors they consider the most significant in the market based on their distinct evaluation criteria.They then place their findings into a graph, the titular Magic Quadrant, plotting the vendors based on their comprehensiveness and their completeness of vision.
As could be expected, there are four sections of the Magic Quadrant: Leaders, Visionaries, Challengers, and Niche Players. Despite the names, Gartner does not endorse any vendor, product, or service depicted in their research publications. A Leader may receive positive reports on its services and offer excellent online portals to enterprises, but it may not suit the individual enterprise as well as a Niche Player might.
For 2018, the 17 vendors selected to the Gartner Managed Security Services Magic Quadrant were AT&T, Atos, BAE Systems, BT, Capgemini, CenturyLink, DXC Technology, Fujitsu, HCL Technologies, IBM, NTT, Orange Business Services, Secureworks, Symantec, Trustwave, Verizon, and Wipro.
The Solutions Review Cybersecurity staff read through the 2018 Managed Security Services Magic Quadrant Report. Here are the key findings we took away:
How Gartner Defines Managed Security Services
At the core of Gartner’s definition of an MSS is a service that monitors digital security events and provides cybersecurity tools to enterprises, without draining talent resources from the enterprise itself. An MSS can be relied upon to manage an enterprise’s IT security services through a remote Security Operations Center (SOC). MSSs should provide enterprises with the essential cybersecurity tools and apparatuses, including networking monitoring, firewalls, security gateways, endpoint protection platforms, and identity and access management.
To be included in Gartner’s Worldwide MSS MQ, a vendor must be able to perform these duties, as well as provide their services to any location with a stable internet connection. They must have a presence in multiple geographic regions and have a revenue of $50 million or more per year through MSS offerings.
New Names Appear, Old Names Vanish
In response to market changes and predictive data, Gartner readjusts its evaluation criteria for the respective Magic Quadrants every year, resulting in vendors appearing or disappearing from the graph from year to year.
This year, Gartner’s inclusion criteria elevated three new names to the MSS MQ: Capgemini, DXC Technology, and Fujitsu. DXC was added to the Challenger Quadrant, while Capgemini and Fujitsu both appeared on the Niche Player section.
By the same token, DXC Technology recently acquired CSC and HPE Enterprise Services, so neither of them appeared on the MQ this year.
A Mature Market, A Move to Endpoint Security?
According to Gartner, the Managed Security Services market is mature: both clients and vendors have clear expectations on what MSS products can and should do, with the latter providing products that can meet those expectations. Variation comes from the type of vendor offering the service and from the individual capabilities of the products.
Most enterprise customers seek out an MSS to cope with the cybersecurity staffing and recruiting issues they face, whether that’s due to to a lack of available talent or to a impinged budget. Gartner’s research indicates that enterprises value threat detection capabilities and 24/7 security monitoring capabilities in their search for a managed service. The market appears to be moving to greater customization options and more endpoint security features in their products.
Many Leaders, But Where Are The Visionaries?
5 Managed Security Services vendors made the Leader Quadrant cut this year: IBM, Secureworks, Symantec, Verizon, and Trustwave. The Leaders were praised for their threat detection and intelligence capabilities and their customer visibility. Each had their own smatterings of criticism: Secureworks lacks some regional visibility, Symantec has somewhat lacking device management services, Trustwave’s portal needs updates, Verizon is lagging on EDR, and IBM’s sales process is frustrating.
Interestingly for a Gartner Magic Quadrant, there were no Visionaries named this year. Instead, 8 vendors were named Niche Players. Whether this indicates a truly mature market as Gartner states or something more worrisome, such as a lack of innovation or the need for more Managed Security Services for specific use-cases, has yet to be seen.
But perhaps the presence of so many Niche Players is not truly surprising. Each individual enterprise will have its own needs based on its size, industry, market share, and cybersecurity threats. Perhaps then MSSPs have to become niche players to accommodate what must be an overwhelming number of distinct niches. If so, then we may be able to predict that, despite market maturity, we will see an influx of new MSSPs in the coming year as more niches develop.
Additionally, we believe our predicted growth of the market will be fueled by more small-to-medium-sized businesses selecting a SIEM solution. Previously, SIEM only made sense for large corporations that could employ 24/7 monitoring to deploy and manage it. With the proliferation of managed security services, small businesses can hire out their SIEM deployments either full-time or during off-hours. This will bring more businesses to MSSPs, facilitating more niches and thus more Niche Players.
This all remains conjecture, however. The current cybersecurity staffing crisis is feeding into corporations worries about their cyber resilience, and that alone may boost market growth. 2019 will tell.
The 2018 Gartner MQ for Managed Security Services can be downloaded here.
Latest posts by Ben Canner (see all)
- 5 Key Security Analytics Capabilities for Security Operations Centers - October 17, 2019
- 40 Percent of Security Practitioners Don’t Report to the Board - October 15, 2019
- What Do SIEM Components Actually Do For Enterprises? - October 10, 2019