MarketScope for Managed Security Services in Asia/Pacific, 2012
The Asia/Pacific market for managed security services continues to grow through the organic expansion of incumbent service providers and new providers entering the market. The market is fragmented, with domestic, regional and international vendors offering traditional and innovative services.
This document was revised on 7 November 2012. The document you are viewing is the corrected version. For more information, see the Corrections page on gartner.com.
Adoption of managed security services (MSSs) in the Asia/Pacific region produced slightly over 40% revenue growth to an approximate total revenue of $980 million.1 Nineteen vendors met the inclusion criteria for the 2012 MarketScope for managed security service providers (MSSPs) in Asia/Pacific. An increasing number of multinational providers dominate the market. Providers based in the region are expanding their customer and revenue bases, but multinational providers are attracted to the market and moving rapidly to grab market share. Providers fall into four general groups:
- Telecommunications/WAN providers (BT Global Services, AT&T, Orange Business Services, Telstra, Tata Communications, T-Systems and Verizon)
- Integrators and consultancies with outsourcing operations and integration services (CSC, HCL Technologies, IBM Security Services and Wipro)
- Pure-play security service providers (Seccom Global, earthwave, Paladion, Trustwave and e-Cop)
- General IT vendors with major product lines outside of security (HP, Symantec and Dell)
Service portfolios continue to expand, but have slowed as vendors focus on marketing established services and refinement of their go-to-market strategies for sales and service delivery. Remote management of traditional security infrastructure (for example, firewalls) is the core service for all vendors in this research, but server log collation and analysis, endpoint management, vulnerability assessment and consulting are available from many MSSPs, and are growing in popularity with customers.
Sustained growth in revenue and devices under management1 indicate rapid maturation of the end-user client organizations in the region. This is particularly apparent in the expansion of MSSs into the LAN environment for server log management and endpoint security management. Asia/Pacific client organizations have matured and are increasing their use of security outsourcing to gain operational flexibility to support internal growth and performance objectives.
Clients in Asia/Pacific should look for providers that can supply a range of higher-value services, in addition to the security infrastructure management and monitoring services commonly provided by MSSPs. Several of the regional MSSPs have indicated that they have received offers for merger or acquisition from larger multinational organizations. Client organizations should anticipate more partnerships between multinational and local MSSPs, and some market consolidation of providers.
All vendors from our 2011 research qualified for inclusion this year, and two new entrants (Trustwave and T-Systems) also qualified. The new entrants increased the presence of multinational MSSPs in the region, with the MSSPs based outside of the region reporting 83% of total market revenue. Multinational MSSPs dominate the Asia/Pacific market and will continue to grow in number and market share (see Table 12).
Source: Gartner (October 2012)
Gartner defines the Asia/Pacific region as including India, Thailand, Vietnam, Singapore, Malaysia, Indonesia, the Philippines, Australia, New Zealand, Hong Kong, the People's Republic of China, Taiwan and South Korea. Domestic MSSPs that focus all of their services on clients in Japan are not included in this research. The major multinational providers (that is, Verizon, Wipro, Symantec, Orange, IBM, HP, BT and AT&T) offer services in all countries within the region, with varying levels of local sales and technical support. Emerging multinational providers, such as T-Systems and Trustwave, offer services in many, but not all, countries in the region. Regional providers (such as HCL, e-Cop, earthwave, Paladion, Seccom Global, Tata Communications and Telstra) support services in multiple countries, but are most active in their countries of origin. There are multiple domestic MSSPs with diverse portfolios in the Asia/Pacific region (such as Kavach Networks in India and Scan Associates in Malaysia). Unfortunately, these providers are not yet large enough to be included in our analysis.
Gartner contacted 90 vendors of MSSs around the world for this research. The 19 providers that met our inclusion criteria then answered a more-detailed questionnaire and provided customer references for an online survey and teleconference interviews.
In addition to our ongoing interaction with our clients in the Asia/Pacific region, we contacted 43 reference clients via an online survey.3 In addition to data about their MSSPs, reference clients discussed general market conditions in their locations and the other MSSPs that featured in their procurement processes.
The collection of vendor data and customer reference information took place between April and July 2012, and reflects the status of vendor operations as of April 2012. Although vendor statements concerning plans for future services and market initiatives were collected, this information was not used as part of the assessment of the vendor's current position in the Asia/Pacific market. Vendor statements regarding their product and service strategies for the future were assessed to determine the vendors' understanding of market drivers and the long-term viability and competitiveness of their service offerings.
MSSPs responding to Gartner's survey reported an aggregate increase in devices managed or monitored of 23% from 2011 to 2012 versus an increase between 2010 and 2011 of 16%. The diversity of vendor descriptions of device types under management does not support a detailed assessment of the relative growth in device counts for specific device types. Vendors report that 88% of devices receiving MSS are dedicated customer premises equipment (CPE), with 12% operating as virtual, shared devices. In previous research, non-CPE devices were referred to as "in the cloud" devices (ITC — see Note 1). Virtualized security devices roughly correlate with ITC devices, which were reported at 6% in 2011. Virtualization of security infrastructure continues to expand as customers and vendors find advantage in applying virtual security controls to both dedicated and virtualized IT infrastructures.
Reported service revenue averaged $32 million per vendor. However, several major vendors did not provide revenue data. Accordingly, this revenue data is not a comprehensive indicator of the market size. The estimated revenue generated in the Asia/Pacific market is approximately $980 million. More than 8,400 clients were reported in the region. Service consumption by client organizations remains focused on remote management of firewalls, identify proofing services (IDPSs) and secure Web and email gateways, with limited uptake of other services (such as consulting and vulnerability assessment).Small or midsize business (SMB) clients are growing in number and show a preference for local MSSPs, while large enterprise clients gravitate to the larger multinational MSSPs.
MSSPs in the Asia/Pacific region provide a large number of ancillary security services in addition to traditional MSSs, including:
- Log collation and analysis
- Incident monitoring, alerting and escalation
- Vulnerability scanning and assessment
- Denial of service (DoS) and distributed denial of service (DDoS) mitigation
- Identity management services
- Remote connectivity encryption services (such as a virtual private network)
- Managed data loss prevention
- Security consulting (for example, policy construction and maintenance)
Multiple MSSPs indicate expansion of their service catalogs to include security services for mobile devices. As mobile devices become a major component of the endpoint fleet managed by IT organizations, MSSPs are positioning themselves as an attractive alternative to investment in in-house skills and mobile device management products. The telco-based MSSPs are particularly well-structured to integrate mobile device management with their core security capabilities, given their investments in mobile services in other service channels.
Clients in Asia/Pacific continue to express a strong preference for providers with a security operations center (SOC) located in the region. This preference has aided the growth of local providers, but most multinational providers have invested in regional SOCs, effectively diluting geography as a competitive differentiator. In 2012, local MSSPs accounted for 27 out of the 40 SOCs (68%) owned by MSSPs doing business in the region.
The dominant selection criteria cited by clients in 2012 were:
- Security expertise provided by the MSSP
- Quality of service delivered by the MSSP
- Cost of service
An increasing number of clients select an MSSP based on market reputation or a previous relationship with the customer organization. The use of market reputation as a selection criterion should motivate MSSPs in the region to focus more aggressively on marketing programs to enhance their visibility in the market and their overall reputation in the customer's country.
Many clients discussed a need for greater flexibility, responsiveness and aggressiveness in service provision by MSSPs. These clients hire the MSSP for security expertise and expect the MSSP to anticipate and proactively prevent security or performance issues, rather than wait for the client to initiate an action. Multiple MSSPs (such as Symantec, Seccom and earthwave) are experimenting with new price structures, and these changes are attracting larger, more mature client organizations.3 4
MSSP support for regulatory compliance was not a major driver for MSSP selection or engagement. Most of the regional, pure-play MSSPs (such as earthwave, e-Cop and Paladion) continue to enjoy excellent customer loyalty, with very few customers lost during the past year. Customers indicate that their loyalty to these providers is based, in part, on the quality of interactions between customer personnel and support personnel within the MSSP's SOC operation.
MSS has a strong and growing client base in the region, and the outlook for vendor growth and improved services for clients remains excellent. Gartner anticipates that the Asia/Pacific market for MSS will continue to grow from 28% to 33% annually through 2015. Domestic markets in India, Malaysia, Singapore, Hong Kong and Australia will continue to expand, and emerging markets in the People's Republic of China, Korea and Taiwan will attract greater participation by foreign and new domestic MSSPs. In China, in particular, a number of new MSSPs have formed and are beginning to acquire notable numbers of customer contracts. The highest growth in customer counts will continue to be in the SMB sector, but larger enterprises will continue to expand the services they acquire from MSSPs, particularly services related to LAN-based equipment (for example, desktop management and server log collation/analysis).
Incumbent MSSPs seek increases in the quantity of devices under management and the discrete services being provided to clients to improve account profitability, and to create barriers for the entry of competitors into their client accounts. New MSSPs continue to appear in the local market, but their appearance is infrequent. Although the Asia/Pacific market has not been saturated with MSSPs, it is clear that the market has become more competitive. As a result, clients are being cautious about acquiring services from new MSSPs when well-established MSSPs are available in the local market, and Gartner expects no change in this attitude in the next 12 to 18 months.
Governments across the region are steadily increasing the number of laws and regulations that limit the movement of various forms of data. Although most of these regulations focus on personally identifiable information and financial data, this general trend is motivating clients of MSS to prefer MSSPs with a domestic SOC in the customer's country. This is problematic for vendors, as it is difficult to scale MSSs in a cost-effective manner by continuous expansion of the number of SOCs. MSSPs with existing SOCs in the region are enjoying some market increases based on client concerns about transborder data movement, and a few providers such as e-Cop have benefited from this trend through sales of their SOC solutions and support services for in-country SOC programs. Gartner expects data regulation to expand throughout the region. However, we do not expect legislation to block the movement of security infrastructure management data. Despite this, increasing regulation of other forms of data will be a factor in customers' decision processes regarding vendor selection, and should benefit local, domestic providers over providers with SOCs located outside of the country.
MSSs includes remote, subscription-based monitoring and/or management of firewalls, intrusion detection, and intrusion prevention functions via customer-premises-based or ITC devices.
To be included in this MarketScope, an MSSP must:
- Demonstrate the ability to remotely monitor and/or manage firewalls and intrusion detection/prevention (IDP) devices from multiple vendors via discrete service offerings
- Have more than 150 customer firewalls, network or host-based IDP systems, and Web/email gateways that are physically located in Asia/Pacific under management (installation, configuration, patching and monitoring), or have at least 50 Asia/Pacific customers that consume firewall, IDP or secure Web/email services in the cloud
- Have at least 30 customers based in the Asia/Pacific region
Vendors that have MSS offerings, such as DDoS protection, log management or vulnerability scanning, but not device monitoring and management, are not included in this MarketScope. Also, providers of primarily Web or email hygiene and trust services (for example, certificate authorities) are not included in this MarketScope. Others offer MSSs primarily to hosting customers, with limited offerings to others. As these providers expand the scope of their MSS offerings, they may be included in a future MarketScope.
- T-Systems, a division of Deutsche Telekom
Overall Market Rating: Positive
Continued growth in revenue and customer base indicates that the Asia/Pacific market for MSSs is well-established and should continue to grow. Customers' selection criteria continue to mature, increasing numbers of client organizations are seeking to outsource security services, and local and multinational vendors are moving aggressively to maintain price competitiveness and to expand their service portfolios to maintain profitability. Nearly all vendors indicated plans to maintain or expand investments in facilities and personnel throughout the region. All clients indicated that they intend to maintain or expand the services they obtain from their MSSPs.
The market for MSSs in the Asia/Pacific region is still fragmented by geography, but many vendors are becoming more effective at working across national borders and cultural disparities. Continued economic competition between countries in the region will expand opportunities for security as a service (SecaaS) for customers and vendors, while data movement regulations will stimulate investment in local SOCs for domestic markets.
Source: Gartner (October 2012)
Source: Gartner (October 2012)
AT&T is a multinational telecommunications provider with a limited presence in Asia/Pacific. The majority of AT&T's customers in the region are multinational corporations based outside of the region seeking consistent MSS delivery and a single-vendor relationship. Customers rate AT&T's services as "good." The growth of AT&T's customer base in the region has been very limited and its average revenue per device is aligned with market averages. AT&T is distinctive in the level of virtualization in its service portfolio, with a significant number of the devices under management being shared virtual infrastructure (nearly half of the total devices under management). Customers considering the use of AT&T in the Asia/Pacific region should seek local customer references and ensure that AT&T can provide field services (either directly or through partners) in the specific geography being considered.
- Its global network services that enable client support in most locations via AT&T's own connectivity.
- The global recognition of the AT&T brand and its extensive MSS capabilities.
- AT&T's regional strategy for Asia/Pacific lacks relevance to the drivers expressed by customers in the region, such as local SOC operations, beyond the current virtual SOC maintained in Bangalore, India, and familiarity with local regulatory environments.
- AT&T's continuing reputation as a U.S.-centric vendor with minimal presence in the region.
- Multinational corporations (MNCs) seeking consistent MSSs across the globe without any requirements for localized data storage requirements.
Market uptake of BT's MSSs has increased over the past year (approximately 26% in the number of customer organizations), but BT's market share of MSSs in Asia/Pacific remains small in comparison to other major multinational MSSPs. BT is rarely mentioned by customers or competitors and does not appear in proposal shortlists with any frequency. BT's services are focused primarily on dedicated CPE device management and monitoring, and most of its customers are also customers of BT's network services. BT's customers are pleased with the services provided (rating = good), and have contracted for multiple services beyond regular security infrastructure management.
- BT's regional SOCs in India (Noida and Gurgaon) and Sydney, Australia (BT also maintains a SOC in Singapore dedicated to a single customer), combined with significant staff presence in Singapore and distributed sales presence enable client support throughout the region.
- Its globally recognized network services brand.
- It faces market perceptions of regional variations in service delivery practices and technology.
- Organizations using BT network services that require a common approach to security that is implemented globally.
CSC is a global vendor providing a range of IT, security and risk management services, including MSS. Its clients are primarily located in Australia, Singapore, Malaysia and Hong Kong, with the majority based in Australia. MSS is generally provided as part of a package of services, including outsourced management of server and desktop infrastructure and security consulting. CSC has considerable security- and risk-consulting capabilities, and is able to offer clients a holistic service. Clients rate CSC's services as good. In 2011, CSC Australia invested in a dedicated security business team to engage directly with client security stakeholders and management, which has led to greater client satisfaction with service delivery. In addition to its own in-house MSS capabilities, CSC also resells MSSs from McAfee and Symantec in Southeast Asia. CSC operates SOCs in India, Malaysia and Australia.
- Its ability to deliver a broad range of security and risk management services that range from infrastructure management up to risk management consulting to senior leaders in the client organization.
- Its risk management focus enables strong support from business leaders for security investments.
- Its knowledge of local regulatory requirements.
- Its apparent inconsistent knowledge and skills of staff interacting with and presenting to clients.
- Enterprises in Australia, Singapore, Malaysia or Hong Kong seeking a single provider that can deliver a broad range of IT outsourcing, system integration, consulting and MSSs.
- MNCs that require a single provider in multiple countries that can provide diverse IT and security services in a single service package.
Dell acquired SecureWorks in 2011. This acquisition brought the SecureWorks security services platform, operations capabilities including several SOCs, the Counter Threat Unit (CTU) security research team and the client base. Dell has not expanded its client base in the region, and has yet to articulate a regional strategy for expanding the client base and revenue. Dell has expressed a strong commitment to Asia/Pacific, and currently has an established sales and service network for IT products and services throughout the region, in addition to an SOC already in place in Noida, India. Dell intends to leverage these networks and capabilities to expand its MSS assets and client relationships in Asia/Pacific. The market prominence of the Dell brand and its acquisition of other security capabilities (such as Quest Software and SonicWALL) provide a clear indication that Dell wants to continue to gain market share in security services in the future.
- Its well-developed security services portfolio with extensive MSS capabilities enabled by the SecureWorks acquisition.
- The SecureWorks security services platform, which offers strong service delivery and reporting capabilities.
- It has no established security services brand in the Asia/Pacific region.
- It has direct sales and service delivery representation in the region, but no experience in MSS sales and service delivery.
- U.S.-based organizations with facilities and assets in the Asia/Pacific region.
- Clients with a strong investment in other Dell products and services.
earthwave is a pure-play MSSP based in Australia. Customer references consistently rate earthwave as an excellent provider. earthwave's ability to retain quality personnel with deep experience in security technology, MSS and customer environments is consistently identified as a competitive differentiator by multiple clients. The company's India-based R&D group supports improvements in its service portfolio. Although most of its clients are based in Australia, earthwave has a growing customer base in multiple countries in Southeast Asia. However, its revenue growth in 2011 was driven by an increase in the number of managed devices per customer, with growth in actual customers restricted to approximately 12%. earthwave has developed an effective sales channel strategy that leverages partners in multiple countries. Its "clean pipes" and SecaaS technical and pricing models continue to gain converts in multiple countries. In 2012, the company launched SOC-in-a-Box to support rapid deployment of MSSs to new clients, and more recently strengthened its Managed DDoS Mitigation Service. It is currently working on a cloud-based identity management service due for initial release in the first quarter of 2013. The company's SLAs are clearly stated and quite aggressive.
- Its excellent focus on service quality.
- Its continuing investment in MSS innovations.
- earthwave's executive leadership has a mature understanding of security drivers within its client base.
- Its continued expansion outside of Australia and Southeast Asia, which may require investment in a SOC outside of Australia.
- earthwave's clients should anticipate that the lack of vendor support for languages other than English will impede interactions between client personnel and SOC engineers.
- Australian and New Zealand-based companies seeking a high-quality MSS with a clearly structured service model.
- Asia/Pacific organizations that require a well-defined MSS and can use a service based in Australia.
Rating: Strong Positive
e-Cop is based in Singapore, with SOCs in Singapore, Malaysia, Hong Kong, Thailand and India. In addition to MSSs, e-Cop markets its proprietary SOC management software, and has met with considerable success throughout Southeast Asia in providing SOC solutions for in-house and vendor-operated SOCs. Although e-Cop's core market is in Singapore, it has a large number of customers across Southeast Asia, North Asia, India and Oman. e-Cop operates the largest network of SOCs of the MSSPs in its region, with eight SOCs in multiple countries. e-Cop's ability to support SOCs in multiple countries has made it an attractive alternative for clients, such as local governments, that insist on in-country support facilities. Its clients are fiercely loyal and consistently rate e-Cop's services as very good to excellent. The founders of the company are still active in product innovation and day-to-day operations, and staff turnover is low. e-Cop maintains a partnership with Solutionary (a U.S.-based MSSP), but it is not clear whether this partnership has produced substantial growth in revenue or customers.
- Its proactive approach to incident response and containment.
- Its competitive pricing.
- It needs to maintain a competitive and innovative service portfolio despite its dependence on internal development of all components of its SOC capabilities.
- Enterprises based in Southeast Asia that seek a strong and highly responsive MSS delivered regionally by support engineers that speak local languages and dialects.
HCL is based in India and operates a total of six SOCs globally, with three in India, one in Poland, one in the U.S. in North Carolina and one in South Africa. In addition to MSSs, it provides a broad range of IT consulting, system integration and outsourcing services. HCL has expanded its customer portfolio outside and inside India. However, few end-user organizations in Southeast Asia or Australia indicate that they include HCL on their shortlists for MSS. The company has a significant number of sales personnel throughout Asia/Pacific, with the majority based in India. Client reviews are generally good. HCL offers innovative product/service packages, leveraging its consulting and risk management capabilities across a range of technology platforms and security processes. HCL is regularly mentioned by competitors active in India.
- Its skilled and knowledgeable staff in its SOCs.
- Its competitive pricing and packaging.
- Its innovative ancillary services (consulting and system integration).
- Establishing the HCL brand throughout Southeast Asia as a credible competitor to existing dominant MSSPs
- Its limited support for additional languages in Southeast Asia.
- Enterprises based in India seeking a provider with an extensive service portfolio that includes MSS.
- Enterprises in Southeast Asia and Australia that already have a relationship with HCL and can use an India-based SOC for MSSs.
HP has an SOC in Malaysia and is finalizing the build-out of an SOC in Australia, with completion targeted for year-end 2012. HP has sales staff distributed across the region. However, sales staff in Asia/Pacific are not dedicated to MSS. Customer reviews are generally positive. HP is seldom featured on shortlists for MSS for clients based in the region, and few competitors encounter HP in competitive bids. HP offers MSS as an independent service and packages MSS with other infrastructure management services. Customers have expressed some concerns about ongoing organizational changes at the top of HP's hierarchy, but have not indicated that service provision has suffered as a result of these changes. In addition to traditional MSS, HP offers cloud-based vulnerability scanning, vulnerability intelligence and endpoint threat management.
- Its global reach of sales and service channels.
- HP's strong brand reputation.
- The technical skills and knowledge of its SOC staff.
- Establishing HP MSS as an independent service that meets the needs of clients that do not use HP for other IT services.
- Customers should expect to license HP's Managed Security Response service in order to augment basic portal functionality with log collation and analysis to provide correlation of multiple sources of security data such as defined threats, and log entries from security infrastructure.
- Enterprises seeking MSS as part of a bundle of IT integration and management services.
Gartner estimates that IBM has experienced substantial growth in its customer base (approximately 90%) and the numbers of devices being managed for customers (approximately 55%). IBM has 10 SOCs globally, with Asia/Pacific SOCs in India, Australia and Japan. IBM's global reputation in IT infrastructure and services provides strong support for MSS marketing programs in Asia/Pacific. IBM leverages multiple partnerships in the region to sell and deliver services (such as with Telstra in Australia). Customers' comments regarding the complexity of the IBM contract and billing processes have abated in the past year as IBM has invested in more-streamlined processes for customer adoption and support. Customer satisfaction with service delivery has been positive, but lack of support for local languages and dialects may hamper market growth in the region.
- Its integration of MSS with other IBM services
- IBM's strong brand recognition and reputation throughout the region.
- Its support for local languages, both in portal interfaces and customer service interactions with SOC personnel.
- It is relatively expensive compared with some competitors.
- Multinational organizations that require a global provider with demonstrated advanced threat detection capabilities.
Rating: Strong Positive
Orange is a global provider of managed network and security services. Orange supports dedicated and virtual service delivery deployment models, including the option for clients to share device management responsibilities with Orange. Orange augments its MSSs with professional services. Clients are generally pleased with the quality and responsiveness of Orange's SOC and field personnel. Although Orange's offering targets primarily larger, multinational corporations, it has enjoyed some success with domestic organizations and SMB clients. Orange has experienced limited growth in its customer base (approximately 11%) in the region.
- Its managed WAN capabilities in nearly every country in the world.
- Orange's global reach of sales, marketing and technical services staff.
- It needs to maintain a price-competitive service as the market becomes increasingly commoditized.
- Increasing the number of clients for security services unrelated to Orange network services.
- Multinational enterprises that require MSSs delivered in a consistent manner globally
Paladion is a rapidly growing MSSP based in India with clients in Southeast Asia and the Middle East. In addition to traditional MSS, Paladion offers consulting services focused on security risk assessment, vulnerability assessment and security process assurance. Customers rate Paladion's performance as very good to excellent, and Paladion's customer base expanded by more than 65% in 2011. In addition to selling and supporting private SOCs, Paladion operates two SOCs in India and one in Riyadh, Saudi Arabia. Through partnerships, Paladion supports SOCs in Malaysia (HeiTech), Indonesia (Anabatic Technologies) and Vietnam (iGreen). Paladion is frequently included on shortlists for clients based in India. Paladion's management demonstrates a strong understanding of market drivers for MSS in the region, and has been effective in structuring specific service packages for multiple industry verticals.
- Paladion's professional services staff, who are highly skilled and provide excellent customer support.
- The Paladion brand, which is well-recognized in India.
- Building brand recognition throughout the Asia/Pacific region.
- Organizations based in India or the Middle East that seek a flexible MSSP, but do not require globally distributed services.
Seccom Global is an MSSP based in Australia with customers throughout Asia/Pacific. Although the Fortinet multifunction firewall platform provides the bulk of its services to clients, Seccom has diversified its services to cover a broad range of network and security infrastructure, including a partnership with MobileIron for mobile device security services. Clients rate Seccom's service provision as excellent. Seccom has significant market share in the SMB market in Australia and has made inroads in the enterprise and SMB markets in multiple countries.
- Its deep knowledge of the Fortinet platform.
- Seccom's strong customer relationships.
- Its diversified portfolio of supported devices and services.
- Its limited SOC facilities, which create barriers to further regional/global expansion.
- Establishing credibility for its non-Fortinet services.
- Australian organizations seeking extensive MSSs with a small infrastructure footprint.
- Organizations based in the region that need an MSSP with security services for CPE infrastructure, as well as mobile devices and cloud platforms.
Symantec continues to grow its MSS business throughout Asia/Pacific. Symantec operates two SOCs in the region — in India and Australia. Customers have reacted positively to Symantec's 2010 restructuring of MSS packaging and pricing. The majority of reference clients rate Symantec's service delivery as excellent. Symantec consistently appears on customer shortlists throughout the region. Symantec's service packaging, pricing and marketing message target large, multinational enterprises, but it has gained some traction in the SMB market. Symantec's ability to provide a security service that extends from the endpoint, through network infrastructure, the network perimeter and into cloud platforms is attractive to clients seeking an all-in-one security service capability. However, Symantec's lack of support for local languages inhibits uptake in the SMB market.
- It is recognized as a major force in the IT security business globally.
- Symantec's globally distributed sales force.
- It has established capabilities embodied in two SOCs in the region.
- It needs to package services to appeal to the SMB market.
- Supporting local languages and dialects in the customer service portal.
- Multinational enterprises that require MSSs delivered in a consistent manner globally
Rating: Strong Positive
Tata Communications provides MSSs through two SOCs in India and one in Singapore. The bulk of Tata Communications' customers in the region are located in India. Tata has gained traction in markets in Southeast Asia and Australia, with an approximate growth in customers of 35%. Tata Communications is rarely included in customer shortlists outside of India, and competitors rarely encounter Tata Communications in the Asia/Pacific region outside of India. Customers rate Tata Communications' services as good.
- It structured approach to CRM.
- The security expertise of its SOC staff.
- The competitive pricing of its core MSSs.
- Tata Communications needs to improve brand visibility outside of India.
- It needs to expand service delivery capabilities outside of India to meet client needs for consulting and local language support.
- Multinational companies with significant operations in India.
- Asia/Pacific organizations that seek an aggressive price for MSSs.
Telstra offers MSSs via multiple channels, including its own services and those of IBM Internet Security Systems (ISS). Telstra provides network-based MSSs (for example, DDoS mitigation) to Australian clients of Telstra's network services. Telstra also provides MSSs through IBM ISS for customers in Australia. Telstra struggles to develop a coherent strategy and consistent service portfolio and delivery model for MSSs within its geographic scope of operations. The recent divestiture of TelstraClear (owner of DMZGlobal, Telstra's MSSP in New Zealand) has created a gap in its service portfolio and uncertainty for customers in New Zealand. Although Telstra's services are robust, customers complain about slow responses to service requests. Telstra maintains a SOC in Canberra, Australia, supporting MSS and IBM ISS. Telstra's hosting services remain attractive to domestic clients looking to outsource server management complemented by security services. Telstra is well-positioned to offer robust services to SMB and enterprise clients in Australia.
- Telstra's extensive portfolio of network services throughout Australia.
- Its extensive sales/service presence in Australia.
- Telestra's strong brand recognition in Australia.
- Its knowledge of local regulatory requirements.
- The development and delivery of a coherent, consistent strategy for MSSs that includes all countries targeted by Telstra.
- Establishing Telstra MSS as a service independent of Telstra's network services.
- Customers of Telstra's hosting services in Australia that require managed services for application, data and infrastructure security
Trustwave is a multinational information security and compliance products and services company headquartered in Chicago. Trustwave has sales and support personnel established in multiple countries in Asia/Pacific, but does not maintain a SOC in the region at the present time (an SOC is scheduled to open in Manila by year-end 2012). Trustwave is relatively new as an MSSP competing in the region, but has acquired an appreciable client base. Trustwave rarely appears on customer shortlists, and other vendors do not report encountering Trustwave in competitive bids. In addition to MSS, Trustwave provides a range of services from regulatory compliance assurance to security training and awareness development. Customers rate Trustwave's services as "good," but few clients have indicated that Trustwave is their preferred supplier of security services in the region.
- Its well-defined service portfolio for traditional MSS and other security services, including security awareness services.
- Its extensive sales/support offices in the region.
- Its lack of an SOC in the region.
- Trustwave's limited portal support for local languages or dialects.
- Its limited brand recognition in the region.
- Trustwave clients in the U.S. and Europe seeking services in Asia/Pacific.
- Asia/Pacific organizations seeking strong consulting services focused on regulatory compliance support and security program development.
T-Systems is the services wing of the Deutsche Telekom organization based in Germany. T-Systems maintains an extensive portfolio of information and communication technology (ICT) services, and has been successful in delivering portions of that portfolio in Southeast Asia through offices in various countries. MSSs form one part of its infrastructure portfolio, and T-Systems has enjoyed limited success in the region with a small number of customers. T-Systems' extensive services in secure application development and infrastructure design and management enable it to offer ancillary services for supporting security across a broad range of platforms and use cases. At present, its MSS portal offers no support for Asian languages.
- Its extensive service capabilities for MSS and system integration.
- Its well-defined MSS offerings for security infrastructure, server infrastructure and endpoint systems.
- Its lack of brand visibility in the region.
- There is no T-Systems SOC in the region.
- Its lack of support for local languages in the customer portal.
- European companies seeking consistent delivery of security services for offices in Asia.
- Asia/Pacific organizations seeking a provider with an extensive service portfolio beyond MSS.
Verizon is a global communications, IT and security provider with a significant presence in Asia/Pacific. Verizon maintains SOCs in Canberra (Australia) and in Chennai (India). Verizon uses a direct sales model in Asia/Pacific and maintains sales staff in most countries in the region. Verizon offers a broad portfolio of MSSs and consulting services. Verizon has invested heavily in a strong MSS capability with extensive portal features, including versions supporting English, Hindi and Japanese (as well as European languages). Customers rate Verizon's overall security service provision as "good." Verizon offers innovative services, packaging and pricing, and has demonstrated strong abilities to scale its delivery to suit a diverse range of clients. Support for local languages continues to be poor.
- Verizon's security expertise within SOCs and consulting teams.
- Its strong reputation as a security provider with a flexible approach to service definition and delivery.
- Its significant security intelligence analysis capability through data provided by Verizon network services.
- Verizon's competitive pricing.
- Improving customer satisfaction with the speed and consistency of service delivery, particularly related to escalation of detected security incidents.
- Multinational organizations requiring globally and/or regionally deployed security services, and major enterprises requiring managed gateways and support for local SOC development.
Rating: Strong Positive
Wipro is a large global MSSP with four SOCs in India and one in Malaysia. Wipro enjoys a growing customer base distributed across Asia/Pacific but concentrated in India. Customers consistently rate Wipro's services as very good. Wipro appears regularly on client shortlists throughout the region, and multiple competitors (regional and global) indicate that they encounter Wipro in multiple accounts. Wipro's strengths in system integration and consulting have produced a thorough and effective project management practice that facilitates smooth onboarding processes. Wipro's success in security consulting through the region has developed a positive market image for its brand.
- Its knowledgeable and skilled staff.
- Wipro's strong reputation across the region for providing cost-effective IT and IT security services.
- It needs to balance growth and expansion into new markets with maintenance of service quality; in particular, maintaining the quantity and quality of staff serving existing clients while using senior engineers in sales support in new markets.
- Organizations that seek an MSSP with strong ancillary services such as IT project management, consulting and system integration.
Rating: Strong Positive
1 The Asia/Pacific market continues to grow in terms of devices under management and total revenue generated by MSSPs. Not all vendors provide revenue and device data, so we produce estimated revenue and device data based on historical ratios and trends. Analysis of the reported and estimated device counts and revenues indicates:
- Total market revenue has grown from approximately $670 million in 2010 to approximately $980 million in 2012.
- Devices under management or monitoring grew from approximately 39,000 to approximately 49,000.
- The number of customers under contract grew from approximately 5,500 to approximately 8,500.
2 VeriSign's MSS organization was removed from the MarketScope in 2010 as a consequence of its purchase by SecureWorks. SecureWorks has, in turn, been acquired by Dell. DMZGlobal was acquired by Telstra in 2009 and was integrated into Telstra's overall security services portfolio. In 2012, Telstra divested TelstraClear, its New Zealand organization, which is the owner of DMZGlobal.
3 Clients were asked a range of questions concerning the services they consume from their MSSPs, and were asked to rate service quality as poor, fair, good, very good or excellent. Clients' ratings of MSSPs were widely distributed, from poor to excellent. These evaluations enabled most providers to attain a Positive ranking, with five achieving Strong Positive on the basis of their continued investment in innovation, brand marketing, customer service delivery and facilities in multiple countries.
Customers indicated a strong preference for conversing with senior SOC personnel rather than junior or inexperienced customer service staff. The more rapidly a customer felt its issue had the attention of a skilled, senior SOC engineer, the happier it was with the overall service provided by the MSSP.
4 Service Pricing Strategy: Several MSSPs have restructured their pricing and packaging to more closely link cost to the services actually consumed by customers. These new pricing strategies focus on service rather than device, and incorporate metrics such as number of users and data throughput. A few MSSPs (for example, Symantec and earthwave), are experimenting with tiered pricing that incorporates device counts but refines price on other variables, such as total bandwidth consumed by customer traffic, number of users and bracketed device count ranges (for example, one to 20 devices for one set price, and 11 to 30 devices for a second price). These experiments indicate that the market is maturing, and that vendors are under pressure to reduce customer costs through vendor efficiency. MSSPs increasingly realize that per-device pricing creates a barrier for service expansion, and are using new pricing structures to reduce this client inhibition. These changes all indicate that the Asia/Pacific market for MSSs is maturing and becoming more competitive.
Gartner expects these pricing innovations will attract a steady flow of new clients to MSSs, and that existing clients will expand the number of devices under management. It remains to be seen whether MSSPs will generate the same profit margin per client or per device with these new service prices, but most MSSPs have indicated satisfaction with profitability under the new price structures to date.
- One dedicated midsize firewall under management and monitoring
- High: $33,660
- Median price (n = 11 vendors): $10,200
- Low: $2,900
- Two redundant enterprise firewalls, one secure Web and one secure email gateway (all
- High: $258,500
- Median price (n = 11 vendors): $46,000
- Low: $8,000
- Redundant enterprise firewalls, 10 branch firewalls, two gateways, 20 log sources
(including two domain controllers)
- High: $361,000
- Median price (n = 11 vendors): $113,000
- Low: $19,400
- Firewall, secure Web, secure email provided from a shared infrastructure (cloud/virtual)
- High: $287,000
- Median price (n = 11 vendors): $20,000
- Low: $3,000
The large variation in prices for these defined services reflects variations in infrastructure deployment models (for example, unified threat management [UTM] versus basic firewall), domestic market pressures, and vendor allocation of service delivery costs.
ITC: In the cloud (ITC) deployment of security services is often referred to as "pipeline" or "clean pipes" services. In this deployment approach, security services are performed upstream of the customer's infrastructure by intercepting all inbound and outbound network traffic from the customer's facilities and processing that traffic through appropriate security infrastructure controlled by the MSSP.
SOC: A security operations center (SOC) generally consists of a physically secure facility that houses infrastructure protection mechanisms for ITC services, the systems that monitor ITC and/or CPE infrastructure protection mechanisms, the systems for data and voice communications, and the work environments for staff interactions with monitoring and management systems.
UTM: Unified threat management devices combine the following capabilities in a single device (virtual or dedicated infrastructure):
- Standard network stateful firewall functions
- Remote access and site-to-site VPN support
- Web security gateway functionality (anti-malware, URL and content filtering)
- Network intrusion prevention focused on blocking attacks against unpatched Windows PCs and servers
We review and adjust our inclusion criteria for Magic Quadrants and MarketScopes as markets change. As a result of these adjustments, the mix of vendors in any Magic Quadrant or MarketScope may change over time. A vendor appearing in a Magic Quadrant or MarketScope one year and not the next does not necessarily indicate that we have changed our opinion of that vendor. This may be a reflection of a change in the market and, therefore, changed evaluation criteria, or a change of focus by a vendor.
Gartner's MarketScope provides specific guidance for users who are deploying, or have deployed, products or services. A Gartner MarketScope rating does not imply that the vendor meets all, few or none of the evaluation criteria. The Gartner MarketScope evaluation is based on a weighted evaluation of a vendor's products in comparison with the evaluation criteria. Consider Gartner's criteria as they apply to your specific requirements. Contact Gartner to discuss how this evaluation may affect your specific needs.
The various ratings are defined in the table below:
MarketScope Rating Framework
Is viewed as a provider of strategic products, services or solutions:
- Customers: Continue with planned investments.
- Potential customers: Consider this vendor a strong choice for strategic investments.
Demonstrates strength in specific areas, but execution in one or more areas may still be developing or inconsistent with other areas of performance:
- Customers: Continue planned investments.
- Potential customers: Consider this vendor a viable choice for strategic or tactical investments, while planning for known limitations.
Shows potential in specific areas; however, execution is inconsistent:
- Customers: Consider the short- and long-term impact of possible changes in status.
- Potential customers: Plan for and be aware of issues and opportunities related to the evolution and maturity of this vendor.
Faces challenges in one or more areas.
- Customers: Understand challenges in relevant areas, and develop contingency plans based on risk tolerance and possible business impact.
- Potential customers: Account for the vendor's challenges as part of due diligence.
Has difficulty responding to problems in multiple areas.
- Customers: Execute risk mitigation plans and contingency options.
- Potential customers: Consider this vendor only for tactical investment with short-term, rapid payback.