PDF version of this report
You must have Adobe Acrobat reader to view, save, or print PDF files. The
reader is available for free
download.
Leading Network Security Providers
Copyright 2020, Faulkner Information Services. All
Rights Reserved.
Docid: 00021149
Publication Date: 2005
Report Type: MARKET
Preview
Since enterprise networks are critical assets, selecting the best
enterprise network security solutions is absolutely vital. Those in charge
of enterprise security should be implementing solutions that can
counteract traditional threats like viruses as well as protect information
exposed on cloud and virtualized environments. Today, the leading
network security providers include AT&T, Dell SecureWorks, IBM,
Broadcom, and Verizon Enterprise.
Report Contents:
- Executive Summary
- Market Dynamics
- Market Leaders
- Market Trends
- Strategic Planning
Implications - Web Links
- Related Reports
Executive Summary
[return to top of this
report]
Information is the lifeblood of the modern enterprise, and, to extend the
metaphor, enterprise networks – voice and data – are the arteries, veins,
and capillaries, each serving as an essential conduit for communicating
data between employees, between employees and customers, between employees
and business partners, and between employees and other enterprise
stakeholders.
Related Faulkner Reports |
| Secure Network Management Policies Tutorial |
Since networks are considered critical assets worthy of special, even
extraordinary, protection, enterprise officials devote tens to hundreds of
thousands, of dollars to network security. In fact, since virtually all
information systems and appliances are connected to an enterprise network,
the term “network security” is virtually synonymous with the
term “information security.” Also, the term “network management” has come
to mean, in large measure, “network security management.”
As one might suspect, the field of network security is both broad and
complicated:
At the simplest level, it encompasses a wide array of network security
applications, notably anti-virus, firewall, and content filtering. On a
more complex level, services will often include intrusion prevention and
data loss prevention, as well as newer functions, such as vulnerability
management and network forensics. These security measures can be be
administered by enterprise employees (especially in “teleworking”
environments), or the enterprise Security Department as an overall network
service.
In the case of small-to-medium-sized enterprises (SMEs), which may lack
the personnel to pursue an effective network security program, network
security operations may be outsourced – in whole or in part – to managed
network security providers (MNSPs), or, as they’re more commonly
designated, managed security services providers (MSSPs). In addition to
SMEs, MSSP clients may include small and large enterprises which:
- Do not consider network security a core competency.
- Do not wish to invest in the recruitment, retention, and
near-continual training of network security specialists. - Are alarmed at the prospect of major security breaches, such as those
famously suffered by Target and Sony. - Are concerned about complying with a myriad of security and privacy
laws and regulation. - Wish to stabilize, or render predictable, their network security
expenses which are generally less in a managed services atmosphere.
Market Dynamics
[return to top of this
report]
In 2019, the global market for outsourcing was $92.5 billion USD .1
In terms of network security spending, enterprise clients will look
to major providers, like Verizon, IBM, et al., to protect IT systems
organized around new computing requirements, such as:
- Cloud Computing, itself a variation on the managed
services concept. - Virtualization, in which real servers are
partitioned into tens or even hundreds of virtual servers. - Social Networking, especially as enterprises exploit
sites such as Facebook and Twitter for their marketing potential. - Bring Your Own Device (BYOD) / Mobility, satisfying
employee demands to use their personal laptops, smartphones, and tablets
for business purposes. - Vulnerability Management, as enterprises attempt to
anticipate new, targeted network threats. - Compliance Monitoring, as enterprises struggle to
demonstrate their conformance with a myriad of security and privacy
regulations and standards.
Whatever lingering reservations that enterprise management might retain
relative to entrusting enterprise security to a managed security services
provider are slowing vanishing as the reality of the “virtual enterprise”
environment becomes more evident. An MSSP is becoming just another link in
an ever-expanding enterprise supply chain.
Market Leaders
[return to top of this
report]
The leading network services providers, according to many, if not most,
analysts, are:
- From the telecommunications sector – AT&T
and Verizon Enterprise. - From the computer industry – IBM.
- From the security sector – Dell
SecureWorks and Broadcom.
Each provider offers an extensive and highly-regarded, portfolio of
managed (i.e., network) security services.
AT&T
AT&T offers an impressive portfolio of security, availability, and
recovery services that provide integrated business continuity and security
solutions for complex network environments. Network security services
include:
- AT&T Secure Network Gateway Service – Combines
AT&T DDoS (Deliberate Denial of Services) Defense Service, AT&T
Network-Based Firewall Service, AT&T Secure E-Mail Gateway Service
and AT&T Web Security Service into one multi-layered security
service for comprehensive protection. - E-mail Security – Screens inbound e-mail for
malicious attacks, filters outbound e-mail for privacy breaches, and
provides e-mail encryption and archiving for compliance all as a cloud
service. - Web Security – Scans inbound and outbound traffic and
blocks access to specific websites to help safeguard the network against
spyware, viruses and other threats that can enter via the Internet. - Firewall Security – Helps keep unwanted traffic out
of the network and vital data in. Helps defend the network against
unauthorized connections. - AT&T Mobile Security – Integrates device-level
security features with network-based security controls and encrypted
transport for a comprehensive, holistic approach to enterprise mobile
security. - Security Incident & Event Management – Gathers
and analyzes information from multiple devices and device types across
the enterprise to correlate alerts and prioritize security events based
on threat and risk management methodologies. - Threat Management – Delivers the expertise, tools and
management needed to help mitigate risks. Clients receive 24×7 data
collection, monitoring and threat analysis conducted by a team of
security experts in the AT&T Security Operations Center (SOC). - Security Consulting – Follows a holistic, customized
approach to address almost any security challenge. Certified security
consultants can help develop solutions that not only protect your data,
but enable clients to operate as a trusted enterprise. - AT&T Netbond – A customized link between a
customer’s applications and the cloud, with full support for mobile
frameworks.
Dell SecureWorks
Dell SecureWorks offers a wide range of security services designed to
protect network assets and ensure compliance with a host of security and
privacy regulations and standards, including GLBA, PCI, SOX, HIPAA, NERC
CIP, and ISO 27001/17799.
- Managed IPS / IDS – Full lifecycle
management and 24×7 monitoring of network Intrusion Prevention or
Detection Systems. - – Full lifecycle management and 24×7 monitoring of Firewall
appliances. - Managed Web Application Firewall – Full
lifecycle
management
and
24×7 monitoring Web Application Firewalls. - Managed Host IPS – Expert
management and 24×7 monitoring of host-based IPS deployments. - Log Monitoring – 24×7 real-time
analysis of logs and alerts from security devices, network
infrastructure, servers and other key assets by certified security
experts. - SIM On-Demand – Automated
aggregation, correlation and analysis of log data from security devices,
network infrastructure, servers, and other key assets. - Log Retention – Collection,
archival, search and reporting of raw log data from security devices,
network infrastructure, servers and other log sources. - CTU Intelligence Services Actionable information on
emerging threats and vulnerabilities from the Counter Threat Unit
research team. - Vulnerability Management – Internal and external
vulnerability scanning managed by security experts to identify and
remediate exposures. - Web Application Scanning – Scanning of Web
applications to identify and remediate vulnerabilities. - Web Security Service – URL
filtering, Web content filtering and Web policy enforcement to protect
against inbound and outbound Web-borne threats. - Security and Risk Consulting –
Expertise, processes and services to help you improve security, comply
with regulations and manage risk.
IBM
IBM Managed Security Services delivers the expertise, tools, and
infrastructure to secure clients’ information assets from Internet attacks
24/7/365. Standard services include:
- Security Intelligence Analyst –
See below. - Firewall Management – As with
Dell SecureWorks, this service offers full lifecycle management and 24×7
monitoring of Firewall appliances. - Unified Threat Management – An
expansion upon the traditional firewall that includes a wider range of
protections, including intrusion prevention, anti-spam, and content
filtering measures. - Event and Log Management – Nearly
identical
to
Dell’s
Log Monitoring offering, with the same range of supported devices and
networks. - Vulnerability Management – A
service to identify and prevent exposure to security flaws before they
are exploited. - Mobile Device Security – Security
services
specifically
designed
to secure the mobile device’s on a given enterprise’s network, including
company owned and BYOD units. - Network Detection – A system for detecting
intrusions and attempted incursions into an enterprise network. - Security Information and Event Management (SIEM)
– An offering for remediating and managing security events
and issues. - Identity and Access Management – Managed
monitoring
and
supervision
of permission control for various networks and devices. - Hosted Application Security Management – A
security service specifically designed to protect hosted applications
installations on-premise and in the cloud. - Distributed Denial of Service (DDoS) Protection
– Protection against DDoS attacks designed to bring down a
company’s Web site, app, or other online asset. - Application Security – Security for installed
applications. - Email and Web Security – Security for an
enterprise’s corporate email and Web-based communications systems, as
well as their Web site. - X-Force Hosted Threat Analysis – A team of
specifically tasked personnel given the job of analyzing and preventing
potential threats from harming a customer.
The MSS Security Intelligence Analyst helps:
- Clients who need help understanding and prioritizing vulnerabilities.
- Clients looking for deeper insight regarding security technologies.
- Clients looking to keep up on security trends in order to anticipate
changes and plan accordingly. - Clients who are under attack and need detailed security advice
quickly. - Network or security administrators who desire assistance in
interpreting security data, and/or adjusting security device policies in
response to security events.
Broadcom
Broadcom purchased Symantec’s Cyber Security Services in 2019. The Cyber
Security Managed Security Services minimize the potential business impact
of increasingly sophisticated and targeted attacks by reducing the time it
takes to detect, assess and respond to security incidents. The MSS
portfolio includes:
- Information Security – An integrated set of data protection and cloud
security solutions to help organizations protect data wherever it
resides. - Identity Security – Can balance digital trust and great user
experiences—in any environment, on any device and through any
application. - Symantec Endpoint Security – Keeps sensitive information stored on
devices. Includes support for storage and data center devices and
Endpoint Security Complete (includes mobile endpoints); Threat Hunting
Center; Managed EDR; and Endpoint Management. -
Network Security – Web and email security offerings, as well as a shared
set of advanced threat protection technologies. It includes: Secure Web
Gateway; Web Isolation; Email & Email.Cloud; Content Analysis with
Sandboxing; and Security Analytics/SSLV
Verizon Enterprise
Verizon’s Managed Security Services – Monitoring and Analytics solutions
include:
- Premium Monitoring and Analytics – Monitors and
manages the security devices that control network traffic with log
monitoring and analysis, incident investigation, and handling by the
SOC. - Advanced Threat Intelligence and Monitoring –
Proactively monitors and hunts for signs of targeted and complex attacks
with in-depth, packet-level analysis using automated and human
analytics. - Advanced Threat Detection – Offers expert help in
analyzing netflow traffic as it travels the IP network, and then
provides detailed analysis of indicators of compromise or actual
attacks. - Netflow Monitoring – Automated collection and
analysis of netflow data from Verizon’s IP backbone network, to discover
early indicators of compromise and suspicious communications.
Market Trends
[return to top of this
report]
While enterprise planners may take a risk on an up and coming
application provider, network security is another matter. This, no doubt,
explains the regular, almost automatic, appearance of security industry
stalwarts, like IBM and Verizon Enterprise, at the top of most network
security provider compilations. Needless to say, this trend should
continue.
Where differentiation among the major providers may occur – and where
opportunity lies for future niche vendors – is in the providers’ handling
of new and emerging computing and networking paradigms, particularly:
- The Rapid Adoption of Cloud Computing – With
respect to cloud computing, the successful managed security services
provider will be expected to manage not only the client’s enterprise
network but the various enterprise-cloud network connections.
- The Under-Reported, but Potentially More Disruptive,
Transition to IPv6 – Internet Protocol version 6 is the next
generation of the IP protocol, that has succeed IPv4 and will become the
basis for future enterprise intranets, and the Internet. IPv6 provides
easier administration, an expanded addressing scheme, and, most
importantly, tighter security. Ironically, however, the path to tighter
security may lead to lesser security during a prolonged and complicated
implementation cycle. -
Bring-Your-Own-Device (BYOD) –
A movement in which enterprise users, who are also consumers, pressure
enterprise IT departments to allow the connection of consumer-grade
devices such as smartphones and tablets to enterprise networks. Like
the first PCs, these devices provide little security and expose
enterprise networks to malware infiltration along their endpoint
perimeter. -
Targeted Attack Protection
– According to Gartner, “An emerging driver is support for the
protection from and detection of targeted attacks through MSSP
knowledge of the external threat environment, through insight gained
from monitoring events from a broad and global customer base, through
MSSP-based advanced analytics, or through MSSP monitoring of
customer-deployed next-generation protection and detection
capabilities.”2
Additional challenges for network security providers will be vertical,
as specific sectors expand their network operations. Examples include:
- Utilities – Increasingly, “smart grid” components
will be connected to enterprise networks over the Internet. This is a
major concern since one of the reasons electric grids are relatively
secure today is their lack of connectivity.
- Healthcare – Hospitals and other healthcare providers
want electronic medical records and tools for inventory tracking and
allocation. Ensuring compliance with the Health Insurance Portability
and Accountability Act (HIPAA) is imperative.
The network security provider community will benefit from the cloud
computing phenomenon as cloud computing further legitimizes the notion of
managed services. In fact, what could be a more compatible pairing than
cloud computing and network security provision (which could be positioned,
from a marketing perspective, as “network security in the cloud”)?
Strategic Planning Implications
[return to top of this
report]
Considering the stakes – the integrity and confidentiality of enterprise
information, and the smooth and reliable operation of enterprise
information systems that support critical enterprise business functions –
the selection of a network security provider is a matter of strategic
importance to the enterprise and a key predictor of enterprise success.
The search should be conducted through the enterprise request for
proposal (RFP) process, in which enterprise stakeholders, including IT,
Security, and Finance, are afforded the opportunity to probe the
credentials and qualifications of prospective network security providers.
Table 1 offers a categorized list of key provider questions.3
|
Relevant Experience |
|
|---|---|
|
1 |
How many outsourcing contracts do you have |
|
2 |
How many of your clients participate in |
|
Asset Separation |
|
|
3 |
Are the physical assets associated with |
|
Tier Two Providers |
|
|
4 |
Are any subcontractors involved in service |
|
Independent Evaluations |
|
|
5 |
Do you enlist third-party providers to |
|
Background Checks |
|
|
6 |
How extensive are employee background |
|
7 |
As part of the RFP process, are key |
|
Personnel Training |
|
|
8 |
What type of training do service personnel |
|
9 |
Are service personnel |
|
10 |
Are service personnel trained to conduct |
|
Intellectual Property |
|
|
11 |
Is any and all intellectual property |
|
12 |
What measures are employed to ensure that |
|
13 |
Is all network traffic encrypted? If not, |
|
Service Level Agreement |
|
|
14 |
Does the standard service level agreement |
|
15 |
What is the process for addressing alleged |
|
Site Visits |
|
|
16 |
Are unannounced site visits permitted (as |
|
Service Reporting |
|
|
17 |
What types of information are available in |
|
18 |
Can trend analysis reports be |
|
19 |
Is real-time access to network and system |
|
Intrusion Detection/Prevention |
|
|
20 |
What is the precise process for managing a |
|
Business Continuity |
|
|
21 |
In the event of a disaster affecting the |
|
22 |
What is the worst case scenario for the |
|
23 |
What is the disaster recovery/business |
|
Contract Termination |
|
|
24 |
If the outsourcing agreement expires or is |
|
Try Before You Buy |
|
|
25 |
What types of network security support can |
|
Technology |
|
|
What specific strategies are employed to |
|
|
26 |
Cloud computing – |
|
27 |
Social networking – |
|
28 |
Mobility – Acceptance of |
|
29 |
Virtualization – |
|
30 |
IPv6 – Transition to and |
References
1 “Global Market Size of Outsourced Services from 2000 to 2019
(in billion U.S. dollars)*” accessed May, 19, 2020, https://www.statista.com/statistics/189788/global-outsourcing-market-size/
2 Kelly M. Kavanagh. “Magic Quadrant for Global MSSPs.”
Gartner, Inc. February 26, 2014.
3 Adapted from “Request for Information (RFI) on Information
Security Outsourcing.” Network Computing and CMP Media, LLC.
Web Links
[return to top of this
report]
- AT&T: http://www.att.com/
- Broadcom: http://www.broadcom.com/
- Dell SecureWorks: http://www.secureworks.com./
- IBM: http://www.ibm.com/
- Verizon Enterprise: http://www.verizonenterprise.com/
[return to top of this
report]