The new managed security services provider created by the merger of SecureWorks and LURHQ will be much larger and more capable. Customers can expect continued strong support, but should demand integration details.
On 20 September 2006, two managed security services providers (MSSPs), SecureWorks and LURHQ, announced that they have merged. SecureWorks' president and CEO, Mike Cote, will take over the same roles with the newly merged entity — also called SecureWorks — while LURHQ CEO Tony Prince will be executive vice president of product strategy. The new company will be headquartered in Atlanta, with security operations centers in Atlanta, Chicago and Myrtle Beach, South Carolina.
The SecureWorks/LURHQ merger is, overall, a positive development for both companies and their customers. The two companies' senior management teams will largely remain in place, and Gartner does not expect to see a talent drain from either company. Their customers can expect continued high levels of support, and prospective customers will be able to choose from a broader and deeper service offering.
The two companies have several complementary dimensions: SecureWorks is moving beyond its core market of smaller financial services providers with aggressive sales and channel expansion; and LURHQ has strong security expertise and a good reputation among enterprise buyers. LURHQ's security information management capabilities should fit well with SecureWorks' intrusion prevention offerings, and provide immediate opportunities for current customers to buy complementary services. The LURHQ portal will become the standard portal for service delivery, but some SecureWorks intrusion prevention system and compliance reporting functions will require migration to the new portal. Customers using these services will require two portals through 2Q07.
The combined entity is a stronger player than either company on its own, and this merger highlights the benefits of increased scale for managed security services delivery. The merger allows each company to avoid the cost and time needed to develop more service options. SecureWorks should have more appeal for potential channel partners looking for a strong security and service delivery reputation so that they can sell to both enterprise managed security services customers and the midsize-business market. The new entity will, however, have only a relatively small professional-services capability. Gartner views this as an area where SecureWorks should bolster its capabilities. The market rewards MSSPs with robust consulting capabilities for upfront analysis and evaluation, as well as ongoing incident response support.
The SecureWorks/LURHQ merger is an exception to the recent trend toward large service providers or outsourcers acquiring smaller "pure play" companies (for example, the Getronics/RedSiren and IBM/Internet Security Systems deals). However, the combined entity's larger customer base and richer service offerings make it a more attractive target than was SecureWorks or LURHQ alone for large service providers seeking to buy managed security services delivery capabilities.
Current SecureWorks/LURHQ customers: Ensure that the thresholds set in service-level agreements continue to be met as monitoring, escalation and notification processes are integrated.
SecureWorks customers (and LURHQ customers considering new SecureWorks services): Demand contractual commitments for the integration of the LURHQ and SecureWorks portals by the end of 1Q07.
LURHQ customers: Demand a timetable for the incorporation of SecureWorks compliance reporting into the LURHQ portal.
Enterprises considering SecureWorks/LURHQ for security outsourcing: Re-evaluate the merged entity's greater financial resources, scalability and service delivery capabilities.
"Magic Quadrant for MSSPs, North America, 2H05” — Acquisitions show the continuing maturation of this market, in which growth is driven by factors such as outsourcing and compliance concerns. By Kelly Kavanagh and John Pescatore
"A Dozen Questions That Prospective Buyers of Managed Security Services Should Ask” — Requests for proposals by MSSPs should include questions about security processes, personnel and reporting capabilities. By Kelly Kavanagh
(You may need to sign in or be a Gartner client to access the documents referenced in this First Take.)