Leading Network Security Providers












PDF version of this report
You must have Adobe Acrobat reader to view, save, or print PDF files. The
reader is available for free
download
.

Leading Network Security Providers

by Faulkner Staff

Docid: 00021149

Publication Date: 2005

Report Type: MARKET

Preview

Since enterprise networks are critical assets, selecting the best
enterprise network security solutions is absolutely vital. Those in charge
of enterprise security should be implementing solutions that can
counteract traditional threats like viruses as well as protect information
exposed on cloud and virtualized environments. Today, the leading
network security providers include AT&T, Dell SecureWorks, IBM,
Broadcom, and Verizon Enterprise.

Report Contents:

Executive Summary

[return to top of this
report]

Information is the lifeblood of the modern enterprise, and, to extend the
metaphor, enterprise networks – voice and data – are the arteries, veins,
and capillaries, each serving as an essential conduit for communicating
data between employees, between employees and customers, between employees
and business partners, and between employees and other enterprise
stakeholders.


Related Faulkner Reports
Secure Network Management
Policies Tutorial

Since networks are considered critical assets worthy of special, even
extraordinary, protection, enterprise officials devote tens to hundreds of
thousands, of dollars to network security. In fact, since virtually all
information systems and appliances are connected to an enterprise network,
the term “network security” is virtually synonymous with the
term “information security.” Also, the term “network management” has come
to mean, in large measure, “network security management.”

As one might suspect, the field of network security is both broad and
complicated:

At the simplest level, it encompasses a wide array of network security
applications, notably anti-virus, firewall, and content filtering. On a
more complex level, services will often include intrusion prevention and
data loss prevention, as well as newer functions, such as vulnerability
management and network forensics. These security measures can be be
administered by enterprise employees (especially in “teleworking”
environments), or the enterprise Security Department as an overall network
service.

In the case of small-to-medium-sized enterprises (SMEs), which may lack
the personnel to pursue an effective network security program, network
security operations may be outsourced – in whole or in part – to managed
network security providers (MNSPs), or, as they’re more commonly
designated, managed security services providers (MSSPs). In addition to
SMEs, MSSP clients may include small and large enterprises which:

  • Do not consider network security a core competency.
  • Do not wish to invest in the recruitment, retention, and
    near-continual training of network security specialists.
  • Are alarmed at the prospect of major security breaches, such as those
    famously suffered by Target and Sony.
  • Are concerned about complying with a myriad of security and privacy
    laws and regulation.
  • Wish to stabilize, or render predictable, their network security
    expenses which are generally less in a managed services atmosphere.

Market Dynamics

[return to top of this
report]

In 2019, the global market for outsourcing was $92.5 billion USD .1
In terms of network security spending, enterprise clients will look
to major providers, like Verizon, IBM, et al., to protect IT systems
organized around new computing requirements, such as:

  • Cloud Computing, itself a variation on the managed
    services concept.
  • Virtualization, in which real servers are
    partitioned into tens or even hundreds of virtual servers.
  • Social Networking, especially as enterprises exploit
    sites such as Facebook and Twitter for their marketing potential.
  • Bring Your Own Device (BYOD) / Mobility, satisfying
    employee demands to use their personal laptops, smartphones, and tablets
    for business purposes.
  • Vulnerability Management, as enterprises attempt to
    anticipate new, targeted network threats.
  • Compliance Monitoring, as enterprises struggle to
    demonstrate their conformance with a myriad of security and privacy
    regulations and standards.

Whatever lingering reservations that enterprise management might retain
relative to entrusting enterprise security to a managed security services
provider are slowing vanishing as the reality of the “virtual enterprise”
environment becomes more evident. An MSSP is becoming just another link in
an ever-expanding enterprise supply chain.

Market Leaders

[return to top of this
report]

The leading network services providers, according to many, if not most,
analysts, are:

  • From the telecommunications sector – AT&T
    and Verizon Enterprise.
  • From the computer industry – IBM.
  • From the security sector – Dell
    SecureWorks
    and Broadcom.

Each provider offers an extensive and highly-regarded, portfolio of
managed (i.e., network) security services.

AT&T

AT&T offers an impressive portfolio of security, availability, and
recovery services that provide integrated business continuity and security
solutions for complex network environments. Network security services
include:

  • AT&T Secure Network Gateway Service – Combines
    AT&T DDoS (Deliberate Denial of Services) Defense Service, AT&T
    Network-Based Firewall Service, AT&T Secure E-Mail Gateway Service
    and AT&T Web Security Service into one multi-layered security
    service for comprehensive protection.
  • E-mail Security – Screens inbound e-mail for
    malicious attacks, filters outbound e-mail for privacy breaches, and
    provides e-mail encryption and archiving for compliance all as a cloud
    service.
  • Web Security – Scans inbound and outbound traffic and
    blocks access to specific websites to help safeguard the network against
    spyware, viruses and other threats that can enter via the Internet.
  • Firewall Security – Helps keep unwanted traffic out
    of the network and vital data in. Helps defend the network against
    unauthorized connections.
  • AT&T Mobile Security – Integrates device-level
    security features with network-based security controls and encrypted
    transport for a comprehensive, holistic approach to enterprise mobile
    security.
  • Security Incident & Event Management – Gathers
    and analyzes information from multiple devices and device types across
    the enterprise to correlate alerts and prioritize security events based
    on threat and risk management methodologies.
  • Threat Management – Delivers the expertise, tools and
    management needed to help mitigate risks. Clients receive 24×7 data
    collection, monitoring and threat analysis conducted by a team of
    security experts in the AT&T Security Operations Center (SOC).
  • Security Consulting – Follows a holistic, customized
    approach to address almost any security challenge. Certified security
    consultants can help develop solutions that not only protect your data,
    but enable clients to operate as a trusted enterprise.
  • AT&T Netbond – A customized link between a
    customer’s applications and the cloud, with full support for mobile
    frameworks.

Dell SecureWorks

Dell SecureWorks offers a wide range of security services designed to
protect network assets and ensure compliance with a host of security and
privacy regulations and standards, including GLBA, PCI, SOX, HIPAA, NERC
CIP, and ISO 27001/17799.

  • Managed IPS / IDSFull lifecycle
    management and 24×7 monitoring of network Intrusion Prevention or
    Detection Systems.
  • – Full lifecycle management and 24×7 monitoring of Firewall
    appliances.
  • Managed Web Application FirewallFull
    lifecycle
    management
    and
    24×7 monitoring Web Application Firewalls.
  • Managed Host IPSExpert
    management and 24×7 monitoring of host-based IPS deployments.
  • Log Monitoring 24×7 real-time
    analysis of logs and alerts from security devices, network
    infrastructure, servers and other key assets by certified security
    experts.
  • SIM On-Demand Automated
    aggregation, correlation and analysis of log data from security devices,
    network infrastructure, servers, and other key assets.
  • Log Retention Collection,
    archival, search and reporting of raw log data from security devices,
    network infrastructure, servers and other log sources.
  • CTU Intelligence Services Actionable information on
    emerging threats and vulnerabilities from the Counter Threat Unit
    research team.
  • Vulnerability Management – Internal and external
    vulnerability scanning managed by security experts to identify and
    remediate exposures.
  • Web Application Scanning – Scanning of Web
    applications to identify and remediate vulnerabilities.
  • Web Security ServiceURL
    filtering, Web content filtering and Web policy enforcement to protect
    against inbound and outbound Web-borne threats.
  • Security and Risk Consulting
    Expertise, processes and services to help you improve security, comply
    with regulations and manage risk.

IBM

IBM Managed Security Services delivers the expertise, tools, and
infrastructure to secure clients’ information assets from Internet attacks
24/7/365. Standard services include:

  • Security Intelligence Analyst
    See below.
  • Firewall ManagementAs with
    Dell SecureWorks, this service offers full lifecycle management and 24×7
    monitoring of Firewall appliances.
  • Unified Threat ManagementAn
    expansion upon the traditional firewall that includes a wider range of
    protections, including intrusion prevention, anti-spam, and content
    filtering measures.
  • Event and Log ManagementNearly
    identical
    to
    Dell’s
    Log Monitoring offering, with the same range of supported devices and
    networks.
  • Vulnerability ManagementA
    service to identify and prevent exposure to security flaws before they
    are exploited. 
  • Mobile Device SecuritySecurity
    services
    specifically
    designed
    to secure the mobile device’s on a given enterprise’s network, including
    company owned and BYOD units.
  • Network Detection – A system for detecting
    intrusions and attempted incursions into an enterprise network.
  • Security Information and Event Management (SIEM)
    An offering for remediating and managing security events
    and issues.
  • Identity and Access ManagementManaged
    monitoring
    and
    supervision
    of permission control for various networks and devices.
  • Hosted Application Security ManagementA
    security service specifically designed to protect hosted applications
    installations on-premise and in the cloud.
  • Distributed Denial of Service (DDoS) Protection
    Protection against DDoS attacks designed to bring down a
    company’s Web site, app, or other online asset.
  • Application Security – Security for installed
    applications.
  • Email and Web Security – Security for an
    enterprise’s corporate email and Web-based communications systems, as
    well as their Web site. 
  • X-Force Hosted Threat Analysis – A team of
    specifically tasked personnel given the job of analyzing and preventing
    potential threats from harming a customer.

The MSS Security Intelligence Analyst helps:

Broadcom

Broadcom purchased Symantec’s Cyber Security Services in 2019. The Cyber
Security Managed Security Services minimize the potential business impact
of increasingly sophisticated and targeted attacks by reducing the time it
takes to detect, assess and respond to security incidents. The MSS
portfolio includes:

  • Information Security – An integrated set of data protection and cloud
    security solutions to help organizations protect data wherever it
    resides.
  • Identity Security – Can balance digital trust and great user
    experiences—in any environment, on any device and through any
    application.
  • Symantec Endpoint Security – Keeps sensitive information stored on
    devices. Includes support for storage and data center devices and
    Endpoint Security Complete (includes mobile endpoints); Threat Hunting
    Center; Managed EDR; and Endpoint Management.

  • Network Security – Web and email security offerings, as well as a shared
    set of advanced threat protection technologies. It includes: Secure Web
    Gateway; Web Isolation; Email & Email.Cloud; Content Analysis with
    Sandboxing; and Security Analytics/SSLV

Verizon Enterprise

Verizon’s Managed Security Services – Monitoring and Analytics solutions
include:

  • Premium Monitoring and Analytics – Monitors and
    manages the security devices that control network traffic with log
    monitoring and analysis, incident investigation, and handling by the
    SOC.
  • Advanced Threat Intelligence and Monitoring
    Proactively monitors and hunts for signs of targeted and complex attacks
    with in-depth, packet-level analysis using automated and human
    analytics.
  • Advanced Threat Detection – Offers expert help in
    analyzing netflow traffic as it travels the IP network, and then
    provides detailed analysis of indicators of compromise or actual
    attacks.
  • Netflow Monitoring – Automated collection and
    analysis of netflow data from Verizon’s IP backbone network, to discover
    early indicators of compromise and suspicious communications.

[return to top of this
report]

While enterprise planners may take a risk on an up and coming
application provider, network security is another matter. This, no doubt,
explains the regular, almost automatic, appearance of security industry
stalwarts, like IBM and Verizon Enterprise, at the top of most network
security provider compilations. Needless to say, this trend should
continue.

Where differentiation among the major providers may occur – and where
opportunity lies for future niche vendors – is in the providers’ handling
of new and emerging computing and networking paradigms, particularly:

  • The Rapid Adoption of Cloud Computing – With
    respect to cloud computing, the successful managed security services
    provider will be expected to manage not only the client’s enterprise
    network but the various enterprise-cloud network connections.
  • The Under-Reported, but Potentially More Disruptive,
    Transition to IPv6
    – Internet Protocol version 6 is the next
    generation of the IP protocol, that has succeed IPv4 and will become the
    basis for future enterprise intranets, and the Internet. IPv6 provides
    easier administration, an expanded addressing scheme, and, most
    importantly, tighter security. Ironically, however, the path to tighter
    security may lead to lesser security during a prolonged and complicated
    implementation cycle.
  • Bring-Your-Own-Device (BYOD) –
    A movement in which enterprise users, who are also consumers, pressure
    enterprise IT departments to allow the connection of consumer-grade
    devices such as smartphones and tablets to enterprise networks. Like
    the first PCs, these devices provide little security and expose
    enterprise networks to malware infiltration along their endpoint
    perimeter.

  • Targeted Attack Protection
    – According to Gartner, “An emerging driver is support for the
    protection from and detection of targeted attacks through MSSP
    knowledge of the external threat environment, through insight gained
    from monitoring events from a broad and global customer base, through
    MSSP-based advanced analytics, or through MSSP monitoring of
    customer-deployed next-generation protection and detection
    capabilities.”2

Additional challenges for network security providers will be vertical,
as specific sectors expand their network operations. Examples include:

  • Utilities – Increasingly, “smart grid” components
    will be connected to enterprise networks over the Internet. This is a
    major concern since one of the reasons electric grids are relatively
    secure today is their lack of connectivity.
  • Healthcare – Hospitals and other healthcare providers
    want electronic medical records and tools for inventory tracking and
    allocation. Ensuring compliance with the Health Insurance Portability
    and Accountability Act (HIPAA) is imperative.

The network security provider community will benefit from the cloud
computing phenomenon as cloud computing further legitimizes the notion of
managed services. In fact, what could be a more compatible pairing than
cloud computing and network security provision (which could be positioned,
from a marketing perspective, as “network security in the cloud”)?

Strategic Planning Implications

[return to top of this
report]

Considering the stakes – the integrity and confidentiality of enterprise
information, and the smooth and reliable operation of enterprise
information systems that support critical enterprise business functions –
the selection of a network security provider is a matter of strategic
importance to the enterprise and a key predictor of enterprise success.

The search should be conducted through the enterprise request for
proposal (RFP) process, in which enterprise stakeholders, including IT,
Security, and Finance, are afforded the opportunity to probe the
credentials and qualifications of prospective network security providers.
Table 1 offers a categorized list of key provider questions.3

Table 1. Key Questions for Prospective Network Security
Providers

Relevant Experience

1

How many outsourcing contracts do you have
currently in force? What percentage of your clients renew their
contracts upon expiration?

2

How many of your clients participate in
similar businesses? With similar infrastructure? With similar
security needs? Can you provide references?

Asset Separation

3

Are the physical assets associated with
each client dedicated or shared? If shared, how is
cross-contamination avoided?

Tier Two Providers

4

Are any subcontractors involved in service
delivery? If so, what are their roles and responsibilities? And
how are these “tier two” partners vetted?

Independent Evaluations

5

Do you enlist third-party providers to
perform independent security audits? With what frequency? What
did the last several assessments reveal?

Background Checks

6

How extensive are employee background
checks? Are criminal, financial, and substance abuse screens
standard? Are business partner personnel subject to the same
level of pre-employment investigation?

7

As part of the RFP process, are key
service personnel available for one-on-one interviews?

Personnel Training

8

What type of training do service personnel
receive? How often do they take refresher courses?

9

Are service personnel
credentialed? For example, what percentage are Certified
Information Systems Security Professionals (CISSPs)?

10

Are service personnel trained to conduct
forensic examinations? What standards are applied in the
collection and preservation of criminal evidence? Are service
personnel experienced in offering expert testimony?

Intellectual Property

11

Is any and all intellectual property
created by the outsourcer on behalf of the client owned by the
client?

12

What measures are employed to ensure that
sensitive, confidential, or proprietary client information is
safe from loss, theft, or misappropriation? 

13

Is all network traffic encrypted? If not,
why not?

Service Level Agreement

14

Does the standard service level agreement
(SLA) provide for client-specific requirements? Under what
circumstances can a SLA be amended or renegotiated?

15

What is the process for addressing alleged
service violations? How are severe or protracted incidents
escalated?

Site Visits

16

Are unannounced site visits permitted (as
a means of validating provider performance and the accuracy of
provider information)?

Service Reporting

17

What types of information are available in
standard network reports? How often are these reports issued?
Can custom reports be commissioned?

18

Can trend analysis reports be
generated? 

19

Is real-time access to network and system
security status provided via a Web interface?

Intrusion Detection/Prevention

20

What is the precise process for managing a
detected intrusion?

Business Continuity

21

In the event of a disaster affecting the
delivery of client services, what disaster recovery and/or
business continuity provisions are in place to preserve client
interests and assets?

22

What is the worst case scenario for the
restoration of critical network security services?

23

What is the disaster recovery/business
continuity posture of key tier two providers?

Contract Termination

24

If the outsourcing agreement expires or is
terminated, what is the process for transitioning network
security support to a new provider?

Try Before You Buy

25

What types of network security support can
be provided on a trial basis? How are such “demos” arranged?

Technology
Awareness & Preparation

What specific strategies are employed to
ensure network security in the following areas:

26

Cloud computing
Connection with public and private cloud networks. 

27

Social networking
Acceptance of social networking sites as part of the business
network ecosystem. 

28

Mobility – Acceptance of
personal smartphones, PDAs, and tablets as business-ready
devices.

29

Virtualization
Connection with virtual servers and storage systems (virtual
machines). 

30

IPv6 – Transition to and
Adoption of Internet Protocol version 6.

References

1 “Global Market Size of Outsourced Services from 2000 to 2019
(in billion U.S. dollars)*” accessed May, 19, 2020, https://www.statista.com/statistics/189788/global-outsourcing-market-size/

2 Kelly M. Kavanagh. “Magic Quadrant for Global MSSPs.”
Gartner, Inc. February 26, 2014.

3 Adapted from “Request for Information (RFI) on Information
Security Outsourcing.” Network Computing and CMP Media, LLC.

[return to top of this
report]

[return to top of this
report]