IDC recently published the 2020 IDC MarketScape Worldwide Managed Security Services (MSS) Vendor Assessment. IDC’s MarketScape vendor assessment model is designed to provide an overview of the competitive fitness of ICT (information and communications technology) suppliers in a given market. The research methodology utilizes a rigorous scoring methodology based on qualitative and quantitative criteria that results in a single graphical illustration of each vendor’s position within a given market.
The report looked at 17 providers that offer MSS worldwide, and over 20 customers that utilize their services were interviewed. In order to be included in the report, specific services and criteria had to be met:
▪ Service capability across the MSS life cycle. Each service provider was required to possess full-service MSS delivery capabilities.
▪ Revenue. Each service provider must have 2019 total MSS global revenue at or above $170 million and a minimum of five SOCs located globally.
▪ Geographic presence. Each vendor was required to have the MSS delivery capability in each of the three regions: the Americas, EMEA, and APAC.
Providers in this assessment that were included in the last 2017 study included: Accenture, AT&T, Atos, BT, Deloitte, DXC, HCL, NTT, Secureworks, Verizon and Wipro. Due to expansion in revenue and geographic expansion, we had some new entrants in this WW Marketscape which included Trustwave, Capgemini, Infosys and Orange.
A Changing Market
This year has been quite challenging for all organizations. In the past ten years, the MSS market has flourished and changed over time. The pandemic of 2020 was a catalyst for enabling these providers to continue to thrive even during these turbulent times. Attackers did not take a break during COVID-19, and organizations of all forms had to align with new business operations quickly.
Security service providers were at the forefront of all these changes, rapidly assisting businesses with new or existing technologies to help organizations defend, protect, and respond against modern-day threats and attacks. The pandemic pushed organizations to take a step back and review their security controls and functions they had in place and reevaluate their security programs that were in place.
Even before the pandemic, MSSPs have been experiencing a pivotal change in how they view security, and they had to notch up their detection and response capabilities. Organization’s needs were changing, and the cybersecurity skills gap created more opportunities for attackers to access weak IT systems.
The shortage of security experts, the complexity of hybrid cloud IT environments, and the quantity and advanced nature of the cyber-attacks that are launched has pushed MSSPs to invest in several areas. Investments in managed detection and response (MDR), threat intelligence, and advanced analytics helped in improving detection and respond times, while machine learning (ML)/ artificial intelligence (AI), and orchestration and automation platforms helped to lessen the burden of not having enough trained security practitioners.
MSSPs are pushing to improve and differentiate themselves, but with 12 leaders noted in the IDC MarketScape, it’s becoming clear that this market has become commoditized. MSSPs need to look at various areas such as MDR to really push to the next level of offerings. Moving forward, it will also be essential to understand how these providers will react to the evolving security trends in the future.
Below are Several Key Findings from the IDC MarketScape:
- The customer still comes first! Customers still turn to a MSSP as a trusted partner to supply the support and expertise, especially during these crucial times. It’s essential to build on that customer relationship and be an extension to their IT team. Customers really enjoy having that bond and relationship with their analysts. Tenure is important; therefore, MSSPs should cultivate the talent they already have by providing ongoing training to make them experts when making recommendations and tweaks to the customers’ security posture. Trust is Important.
- The MSSP’s strategy should meet the customer’s strategy. Providers should demonstrate value and show their customers how they can help them achieve effective business outcomes. Demonstrating this value needs to be beneficial not only for the providers but also for the customer.
- Integration of security orchestration and automation processes. Service providers are focusing on orchestration and automation tools and integrating these technologies into their core delivery platforms. Due to the skills gap in cybersecurity, using these automation tools to simplify and automate tasks, has helped teams enhance their SOC processes and deliver faster times to detect and respond. Automation processes are also assisting in providing mechanisms that help reduce onboarding time frames and standardize processes.
- Investments in other advanced technologies. MSSPs are investing in areas such as OT/IoT. As we witness the explosion of more devices entering the environment because of technologies such as 5G networks, the need to bring in more telemetry, data, and the ability to monitor and respond to these various IT environments will be necessary. Other investments include the need for deepening threat hunting and threat intelligence capabilities, establishing Zero Trust methodologies and technologies, especially during the new normal of the growing remote workforce.
- Blending of MSS and Professional Security Services (PSS). There continues to be an adoption of digital-centric consulting capabilities with MSSPs, as digitization continues to occur. As MSSPs adopt MDR, response, and remediation and assessment services are being blended into MSS offerings to help customers build upon their security program.
While I only touched on a few key findings from the IDC 2020 IDC MarketScape Worldwide Managed Security Services (MSS) Vendor Assessment, you can read through the full report for additional key findings.
While MDR was not as widely mentioned above, IDC does recognize it as the fastest-growing service in MSS. IDC has seen the MSS market evolve where the role of the traditional MSSP has expanded to MSS 3.0, which includes MDR. MDR is considered a subset of MSS, combining the tools, technologies, procedures, and methodologies used to provide full cybersecurity lifecycle capabilities for an organization. The core capabilities include threat detection (EDR, cloud, and network), incident analysis, remote incident response, threat hunting, and human expertise.
Although not all providers today provide the full stack of threat detection, the addition of these different telemetry types from multiple security products such as messaging, cloud, and network will become more critical. We expect providers to continue to add more analysis of telemetry from these different technologies into their MDR service offerings.
Organizations evaluating an MSSP should consider how well the provider is utilizing these advanced security tools and services. Evaluate those providers that can offer various levels of support for deeper investigation analysis along with enhanced guidance on containment, remediation, and future mitigation.
Organizations should also evaluate threat intelligence, threat hunting and other advanced capabilities. Threat intelligence has become such an essential component to advanced services such as MDR and is being integrated into MSS and MDR offerings. Providers can offer multiple intelligence feeds from various sources such as dark web forums, open-source and commercial service feeds, and vertically focused threat intelligence feeds.
With the emergence of integrated platforms, organizations will want to look for a security partner that can demonstrate innovation capabilities within its core platform and use emerging technologies. A real value to the organization is choosing a vendor that can provide complete visibility of a detection and response management life cycles. As providers add enhancements such as automation and orchestration, threat monitoring, detection, and remediation capabilities across many technologies, response mechanisms can occur more rapidly. These combined platforms should also make integration simpler and effectively bring in 3rd party tools.
Read the entire IDC 2020 IDC MarketScape Worldwide Managed Security Services (MSS) Vendor Assessment here: