Marketscope for Managed Security Services in Europe

MarketScope for Managed Security Services in
Europe
Published: 24 October 2011
Analyst(s): Carsten Casper
G00219325
The market for managed security services in Europe is mature and changes
slowly. IT infrastructure and communications service providers dominate,
security specialists fill a niche, and growth continues.
What You Need to Know
This document was revised on 27 October 2011. The document you are viewing is the
corrected version. For more information, see the Corrections page on gartner.com.
Managed security services (MSSs) in Europe show all the signs of a mature market, which
continues to justify a Gartner MarketScope as the survey methodology.
During the past 12 months, the European MSS market grew as anticipated, and will probably reach
$2.5 billion by year-end 2011. We expect growth to continue, with a compound annual growth rate
of 14% from 2011 to 2015. IT management is not the largest, but is still the fastest-growing
segment of the security services market.
Vendors Added or Dropped
We review and adjust our inclusion criteria for Magic Quadrants and MarketScopes as markets
change. As a result of these adjustments, the mix of vendors in any Magic Quadrant or
MarketScope may change over time. A vendor appearing in a Magic Quadrant or MarketScope one
year and not the next does not necessarily indicate that we have changed our opinion of that
vendor. This may be a reflection of a change in the market and, therefore, changed evaluation
criteria, or a change of focus by a vendor.
Our "MarketScope for Managed Security Services in Europe" in May 2010 surveyed 16 European
managed security service providers (MSSPs). For 2011, 17 MSSPs met our inclusion criteria and did
not meet our exclusion criteria. Table 1 shows which providers we surveyed during the past four
years. In 2011, Telefonica returned, T-Systems was dropped, and Open Systems was added for the
first time. Dell acquired SecureWorks, and the company appears at a different position in the list.
Apart from these changes, the provider landscape has been fairly stable.

Table 1. MSSPs Surveyed in MarketScopes 2008-2011
May 2008 September 2009 September 2010 October 2011
AT&T AT&T AT&T AT&T
Atos Origin Atos Origin Atos
BT Global Services BT Global Services BT Global Services BT Global Services
Getronics
Cable & Wireless
Computacenter Computacenter Computacenter
CSC CSC
Dell (SecureWorks)
HCL Technologies HCL Technologies HCL Technologies HCL Technologies
EDS, an HP Company HP HP
IBM Internet Security Systems (ISS) IBM ISS IBM Global Technology Services IBM Security Services
Integralis Integralis Integralis Integralis
Open Systems
Orange Business Services Orange Business Services Orange Business Services Orange Business Services
SecureWorks
Symantec Symantec Symantec Symantec
Page 2 of 28 Gartner, Inc. | G00219325

May 2008 September 2009 September 2010 October 2011
Tata Communications Tata Communications
Telefonica Telefonica
T-Systems T-Systems T-Systems
VeriSign VeriSign
Verizon Business Verizon Business Verizon Business Verizon
Wipro Technologies Wipro Technologies Wipro Technologies Wipro Technologies
Source: Gartner (October 2011)
Gartner, Inc. | G00219325 Page 3 of 28

Geographic Scope, Inclusion and Exclusion Criteria
Although the market grew in volume, we did not revise our inclusion criteria regarding the minimum
number of managed devices (700 firewalls and intrusion detection system [IDS]/intrusion prevention
system [IPS]) and the minimum number of customers in Europe in 2011 (50 external customers; for
the complete inclusion criteria, see the Inclusion and Exclusion Criteria section). We did, however,
amend the exclusion criteria in order to focus this market analysis on truly regional providers. As a
result, Savvis (with a U.S. focus), SSP Europe and T-Systems (with a Germany focus) meet the
exclusion criteria and have not been included in this research.
Several other providers have a subregional focus in Europe: Atos in Benelux/France,
Computacenter in the U.K./Germany, Open Systems in Germany/Austria/Switzerland, Orange
Business Systems in Benelux/France/U.K., and Telefonica in Southern Europe. They have not been
excluded, because they have significantly more than 10% of their business outside their European
home countries. They have sales staff in several European countries and can support clients with
regional (rather than local) requirements. This MarketScope has a strong focus on European clients,
but these clients have operations all over the world. While 100% of them demand coverage in
Europe, 40% also ask their provider to manage devices in Asia/Pacific, and 30% want their provider
to cover devices in North America.
Overall, we track around 100 MSSPs worldwide, with about one-third of them in Europe. The ones
that do not appear operate mostly in one country (for example, S12sec in Spain), provide a very
specialized security service (such as Qualys for vulnerability scanning) or do not provide standalone
security services (for example, Unisys). For example, the following providers were considered,
but not included: Boxing Orange, CGI Group, CompuCom, Dimension Data, KPN/Getronics,
Outpost24, Retarus, S21sec, S2 Grupo, Savvis, SecureIT, Sentor, SSP Europe, Telindus,
Trustwave, T-Systems, United Service Providers and Unisys.
Landscape of Different Types of Providers Remains Relatively Stable
The market for managed and related security services continues to evolve, but the types of players
are still the same. There are few stand-alone security players left in the Pan-European market. Most
providers sell security services bundled with infrastructure management and outsourcing (for
example, Atos, Computacenter, CSC, Dell, IBM Security Services, HCL Technologies, HP and
Wipro Technologies) or bundled with communications services (for example, AT&T, BT Global
Services, Orange Business Services, Tata Communications, Telefonica and Verizon). Only a few
European providers focus on IT security (for example, Integralis [now part of NTT Communications],
Open Systems and Symantec). All providers in this MarketScope offer MSS as a discrete service.
European security providers service approximately 6,500 clients in Europe, and operate about
28,000 firewall and unified threat management (UTM) devices, 5,500 network IPS/IDS and 14,000
server IPS/IDS as well as 2,400 secure message and Web gateways. They also manage or monitor
hundreds of Web application firewalls and customer-owned security information and event
management (SIEM)/log management products. The large European players serve the U.K. and
Ireland; Benelux; Germany, Austria and Switzerland (DACH); France; and Southern and Eastern
Europe in fairly equal proportions to the population and gross domestic products of those countries.
Page 4 of 28 Gartner, Inc. | G00219325

Methodology
We conducted our survey of MSSPs simultaneously in North America, Europe and Asia/Pacific. We
contacted about 100 providers of MSS in these regions. Of them, 46 replied to our worldwide
scoping questionnaire. They included information about all the regions in which they operate. Based
on this information, we selected a subset of providers per region that met our inclusion criteria.
These providers had to answer a more detailed questionnaire and provide references. The
questionnaire was the same in all regions. In Europe, 17 providers met our European inclusion
criteria.
We also contacted reference clients and conducted phone interviews, as well as online surveys.
Reference clients were not only asked for information about their providers, but also questioned
about other providers on their shortlists.
The assessment in this MarketScope was performed on the basis of survey data collected in May
and June 2011, and client reference information collected in June, July and August 2011.
Strategic Planning Assumption
By 2015, 30% of enterprises that use public cloud infrastructure as a service will also use MSSPs
for security monitoring.
MarketScope
This survey focuses on these security services (including managed customer premises equipment
[CPE]), provider-hosted devices and cloud delivery. They are listed in order of popularity to
European clients. Devices near the top of the list are managed and monitored most often, according
to the reference clients contacted during this market analysis:
■ Firewall
■ Network IDS/IPS (see Note 1)
■ Web application firewall
■ Secure Web gateway devices (see Note 2)
■ Vulnerability scan devices
■ Secure message gateway devices (see Note 2)
■ Server/directory/application/database management system log sources
■ Server IDS/IPS
■ Desktop/endpoint security client
Gartner, Inc. | G00219325 Page 5 of 28

■ Multifunction firewall/UTM device
■ Customer-owned SIEM/log management products
■ Data loss prevention (DLP) devices
Firewall management and monitoring are still the most widely consumed security services.
However, the use of Web application firewalls, secure Web and email gateway devices, vulnerability
scanning, and log management has increased significantly — now being consumed by roughly 30%
to 40% of European clients. On the other hand, fewer organizations rely on network-based IDS/IPS
services (only about half of them do, compared with 70% in 2010). Consumption of desktop/
endpoint security and SIEM management has increased only slightly. DLP still closes the list.
European clients are not pressured to deploy DLP, and most discussions evolve around policy
design and implementation, not the management of DLP devices.
In addition to these infrastructure-based security services, most European providers offer
complementary security services. The ones that are consumed most often are near the top of the
list:
■ On-site technical support for security products
■ Security consulting (policy, organizations and architecture)
■ Security system integration
■ Threat intelligence information (vulnerability research)
■ Application security (security testing and code review)
Note: Identity-related services (authentication and token management) are not covered in this
research.
Pricing and Service-Level Agreements
Pricing is difficult to compare from provider to provider and from year to year, because each client
has different requirements regarding types of services (firewall, IPS, email/Web and so on), volume
(from one firewall to several thousand firewalls), delivery model (CPE-based, hosted and cloud),
geographic coverage, level of engagement (monitoring/management), integration (with IT
infrastructure management or with communication services), service quality, response times,
service-level agreements (SLAs) and language support. Price is a key factor in most purchase
decisions, but comparisons are difficult outside of a specific RFP.
Our observations on pricing for management and monitoring of virtualized security devices remain
unchanged. There is still not best practice. Here are some approaches we encountered in Europe:
■ The provider says that it will pass on benefits of virtualized infrastructure to the client, but no
pricing details are revealed.
■ The monitoring price for a virtualized device is the same as the monitoring price for a CPE
device, but the management price for a virtualized device is less than the management price for
a CPE device.
Page 6 of 28 Gartner, Inc. | G00219325

■ Pricing for virtualized infrastructure is split into a device monitoring part (fixed fee) and virtual
firewall monitoring part (digressive fee for each virtual firewall). The same applies to
management of virtualized infrastructure.
SLAs have not changed significantly. Most providers offer 15 minutes or 30 minutes as the fastest
possible response times (sometimes in the standard, sometimes only in the "premium" package).
However, this only relates to the notification of the client. Resolution times vary widely, and
obviously depend on the nature of the issue. A few providers even display an incident immediately
on the customer portal, giving customers information in real time.
Some providers make an attempt to innovate with SLAs and pricing. Below are some examples:
■ Firewall pricing depends on bandwidth commitments (not consumption).
■ No minimal fixed cost for usage-based pricing (for example, vulnerability scans).
■ Reduced pricing for permission to offshore security operations.
■ Customers who bring new clients can benefit from a discount on the combined service volume.
■ Client satisfaction is measured after each interaction as a key performance indicator.
■ Outsourcer commits to a price decrease per year (such as 5%) rather than an upfront payment.
In general, contracts have become more specific and concrete. Some providers have indicated that
they now move from service-level objectives to service-level agreements. Clients that have been
disappointed by a previous provider's performance push hard to include penalties in new contracts.
Such a penalty typically amounts to a percentage of the monthly charge up to a maximum of one
monthly charge of the service cost and is paid as a credit or an immediate payout (potentially with
an "earn-back" clause for subsequent SLA compliance).
Types of Services Offered
Delivery models continue to change, and the topics "cloud computing" and "virtualization"
dominate many discussions with European clients. However, the change is not massive; rather, it
develops at varying speeds, depending on the service in question. Up to 5% of revenue is shifting
from CPE to non-CPE delivered services every year, and non-CPE-based delivery is at
approximately 10% for firewalls, UTMs and network IDS/IPS; more than 15% for Web application
firewalls; and up to 35% for secure messaging. SIEM management, log sources and server IDS/IPS
are still predominantly operated on customer premises. Vulnerability scanning is often executed
remotely, but usually with the help of some additional devices installed on customers' premises.
Virtualization also plays an increasing role. A concern raised by some clients is that monitoring
capabilities for virtualized infrastructure are not as detailed as the ones for on-premises equipment.
Moreover, a report might be available only on request, rather than through the portal. This will be
acceptable for some clients, but impossible for others. This is similar to different customers'
attitudes to determining the security product vendor. While some customers explicitly require that
the provider takes over the management of their existing infrastructures (into which they invested
Gartner, Inc. | G00219325 Page 7 of 28

heavily), others accept whatever product the provider suggests and are also more open to
virtualized versions of these products.
Relationships Between Providers and Customers
White-labeling of services (that is, offering security services under the brand name of another
provider) seemed a trend in 2010, but did not gain in importance in 2011. The only exception
continues to be vulnerability scanning where most European providers collaborate with Qualys (12
out of 17). In the area of threat intelligence and vulnerability notification services, the picture is less
consistent, and European MSSPs collaborate with up to seven partners to provide this information.
Integration of network/IT services and security services also deserves particular attention. Client
satisfaction can go both ways. Some clients said that they only consume the security services of
this provider, because it's part of a larger outsourcing deal, and they did not have any choice but to
include security. Other clients also criticize such an integrated approach, but in fact, they are
happier with the security services than with the main part of the outsourcing deal.
Clients also need to exercise caution regarding new types of security services. Some providers will
fill the gap with third-party service offerings — which is certainly acceptable — but contract
management can become an issue if the client is locked into a contract with the third party, rather
than its own security provider. Once the incumbent provider starts offering the same service, the
client must be allowed to quit the third-party contract and transition back to the legacy providers,
which does not always seem to be the case.
Some clients appreciate a clear segregation of duties, but few actually phrase it as a requirement.
Overall, there are basically three types of security services:
1. Management of security infrastructure, including hosted or cloud-based security infrastructure.
In-house infrastructure is still sometimes managed by an internal team, often by network
operations.
2. Monitoring of security infrastructure, including log management, correlation, SIEM and
advanced portal capabilities. Especially in large contracts, there is a tendency to let the MSSP
do the monitoring while in-house staff or another partner (such as a telecommunication provider
or an IT outsourcer) is managing the infrastructure.
3. Vulnerability scanning services. These are often provided by Qualys, sometimes by other
vendors or the MSSP itself, and usually in a combination of all of the previous.
In summary, clients engage up to three different providers for the different tasks. Alternatively, an inhouse
team takes care of these tasks. This is often the case for infrastructure management,
sometimes for monitoring and rarely for vulnerability scanning.
Operational Concerns
There are some indications that the follow-the-sun approach with which several providers operate is
not always the best solution. Clients mentioned the following issues:
Page 8 of 28 Gartner, Inc. | G00219325

■ There is the danger that difficult customer issues are passed from security operations center
(SOC) to SOC like a hot potato. While the local SOC focuses on the immediate needs of local
clients, the needs of remote clients receive a lower priority. Clients have explained that their
European SOC serves them very well, while the North American SOC does more harm than
good.
■ Given the increasing need to store data in the country (or at least the region) of origin, clients
are concerned that sensitive data is sent to countries with less protection. This can already be a
problem regarding backup data centers in other regions, but it is an immediate issue when data
is passed around on a daily basis. Fortunately, this is critical for only very few clients, and while
some might bring up this concern during contract negotiations, very few will actually make SOC
location an exclusion criterion.
Related to the location of the primary data center is another concern: cultural differences. Staff from
other countries or even from other regions of the world may not only speak with a strong accent,
but also have a different attitude toward service delivery and customer satisfaction. However, these
differences are decreasing year over year. As one reference client expressed it: If you're going
offshore, then you should plan for cultural adjustments. You can't expect everybody else to adapt to
you — you have to adapt as well.
Decision Criteria
The main drivers to engage an MSSP are still to reduce costs, to reduce capital expenditures, and
to supplement or replace in-house expertise and in-house resources. In Europe, regulatory
compliance plays less of a role than in the U.S.
More specifically, we asked our European reference clients for their main reasons for choosing their
service provider. Unlike last year, viewing the provider as a strategic partner is not as important a
decision factor as in 2010 (28% in 2011 versus 52% in 2010). The enumeration below shows the
decision factors in decreasing order of importance:
■ Security expertise
■ Pricing (total cost of contracted services)
■ Understanding of business needs
■ Industry experience
■ Quality of response to RFP or presentation of capabilities
■ View as a strategic partner
■ Perceived viability and/or financial strength
■ Positive experience with provider
■ Good feedback from references
■ Project implementation methodology
Gartner, Inc. | G00219325 Page 9 of 28

These priorities favor the specialist provider, the one that can show security, business and industry
expertise, not the large incumbent provider of IT or network operations who likes to be preselected
as a strategic partner. This is emphasized by the fact that the reason quoted most often for rejecting
a provider's offer is "did not demonstrate understanding of business needs."
Few providers know how to differentiate themselves from the competition. Many claim to be
"trusted advisors" and to have "global coverage." Feedback from reference clients is different.
Pricing, service quality and lack of SLAs are often reasons for dissatisfaction. Sometimes, mistakes
are covered up, and documentation is bad. Clients often use two or more security providers (one for
email security and one for firewall management). They also compare the performance of the
network provider against the performance of the security infrastructure monitoring provider. For
example, a firewall and a router, both managed by different providers, are connected. In case of an
outage, the client sees and compares the reaction time of both companies. One client said: "Our
network provider informed us that the router was down, and our firewall provider did not even
notice. It also happened that penetration testing by a different provider has revealed that ports were
not monitored." This has surfaced in 2010 and now again in 2011. Several reference clients were
not willing to take this any longer and gave "fair" to "poor" ratings, although most clients are still
happy with their provider, and one-quarter rated them as "excellent."
Purchasing Behavior
The bulk of the contracts for MSS in the European region are valued from $150,000 to $750,000 per
year (67% of contracts), while 11% of contracts are below the range, and 18% are above that
range. The number of midsize contracts (versus large or small contracts) has increased compared
with 2010.
The typical contract size in Europe is still much greater than in Asia/Pacific, where 60% of the
contracts have a value of less than $150,000 per year. On the other hand, the typical contract size
in Europe is similar to the typical contract size in the U.S., where 11% of the contracts are more
than $1.5 million in annual value.
Only one-quarter of the European reference clients has been customers of their providers for less
than one year; three-quarters have had their contracts for more than one year. The typical contract
duration is still three years, but occasionally clients do not conduct a full tender with a detailed
request for proposal when the contract expires after three years. If there are no major concerns,
then they prefer to extend the contract for another three years, after which they would do a fullscale
market analysis again.
The question of whether it is a good or a bad thing to outsource security services to non-European
providers came up less often in discussions with reference clients than last year. Gartner's clients
are increasingly looking for advice on how to secure and control such offshoring, not whether this is
the right option at all.
Security Marketing
The marketing message of a European MSSP often reflects the providers' attitude to service
delivery. Some providers focus on technical details, insights about the changing threat landscape
Page 10 of 28 Gartner, Inc. | G00219325

and security product innovations that cater to the needs of "lean in" customers — that is,
customers who want to get the maximum out of the security services for which they believe they
pay a premium. Other providers market to the needs of the "lean back" customer — that is, a
customer who has very different core competencies (that is, not IT security) and simply wants the
assurance that security has been taken care of. Such a provider emphasizes simplicity, costeffectiveness,
global operations with local adjustments and integration (of networks and security or
IT operations and security). Enterprise clients need to look beyond these marketing messages,
because some providers cater to both types of audiences. Although there is no right or wrong, it is
important that client expectations and provider capabilities match.
Outlook
The market for MSS is changing in various ways, including cloud delivery and virtualization. In 2012,
the market for MSS in Europe will continue to grow significantly in volume and also in terms of
breadth of features and services. New or enhanced services will include distributed denial of service
(DDoS) detection and mitigation, malware/botnet detection, fraud detection, DLP selection and
implementation, reputation-based services, tokenization, and mobile security. These services will
continue to be complemented on occasion with various identity and access management (IAM)
services (role management, authentication and privileged user monitoring), VPN services and more
powerful log management services. Management of customer premises security devices will still be
the dominant delivery model, but the percentage of hosted, security-as-a-service (SecaaS) and inthe-cloud
security services will increase steadily.
There is still no widely accepted standard for the pricing of monitoring and the management of
virtualized security infrastructure, and given the variety of options, it may never come. However,
clients should ask for a significant advantage over premises-based services and should keep
pushing for lower price points. Pricing for the hardware and pricing for the logical service have to be
separated and priced individually, whether or not management and monitoring are addressed
together.
The split of the MSS market into IT outsourcers that offer security services, network providers that
offer security services, and security specialists has stabilized, and the market will continue this way
in 2012. Pure-play security providers will continue to have their place and new players (for example,
from Europe or India) will increase in size and reach, and enter the regional European market, trying
to differentiate themselves with innovative technology and a flexible portfolio of supported products.
Market/Market Segment Description
For the purposes of this research, Gartner defines "managed security services" as the remote
management or monitoring of IT security functions delivered via remote security operations centers,
not through personnel on-site. MSS does not, therefore, include staff augmentation or any
consulting, development and integration services.
MSS includes:
■ Monitored or managed firewall or IPSs
Gartner, Inc. | G00219325 Page 11 of 28

■ Monitored or managed IPSs
■ DDoS protection
■ Managed secure messaging gateway
■ Managed secure Web gateway
■ Security information management
■ Security event management
■ Managed vulnerability scanning of networks, servers, databases or applications
■ Security vulnerability or threat notification services
■ Log management and analysis
■ Reporting associated with monitored/managed devices and incident response
This MarketScope evaluates service providers that offer monitored/managed firewall and intrusion
detection/prevention functions, rather than those whose main focus is on other elements of the
services listed.
Inclusion and Exclusion Criteria
Inclusion Criteria
To be included in this MarketScope, an MSSP must have these qualifications:
■ The ability to remotely monitor and/or manage firewalls and intrusion detection/prevention (IDP)
devices from multiple vendors via discrete service offerings
■ At least 700 firewall/IDP devices under remote management or monitoring for external
customers in Europe
■ At least 50 external customers in Europe with those devices under management or monitoring
■ Reference accounts in Europe relevant to Gartner customers
Exclusion Criteria
Providers were excluded from this MarketScope of regional providers if they:
■ Have more than 90% of their European customers and more than 90% of their devices installed
in Europe in only one country
■ Offer MSS only to end users that buy other, non-MSS services
■ Offer services that monitor or manage only the service provider's own technology
For example, vendors that have only MSS offerings, such as DDoS protection or vulnerability
scanning, but not device monitoring and management, are not included. Providers of primarily Web
Page 12 of 28 Gartner, Inc. | G00219325

and email hygiene and trust services (for example, certificate authorities) are not included. Other
vendors offer MSS primarily to hosting customers, with limited offerings to others. As these
providers expand the scope of their MSS offerings, they may be included in future MarketScopes.
Rating for Overall Market/Market Segment
Overall Market Rating: Positive
With a portfolio of mature basic services and an array of innovative options, the MSS market in
Europe is mature, with a solid growth perspective, despite — or to some extent because of — a
continuously difficult global economic climate. Secure infrastructure management is a prerequisite
for businesses that have to cut costs and operate under regulatory scrutiny and tight competition.
Outsourcing of security to nearshore or offshore countries has become a normal business option for
most organizations. Where security concerns remain, physical operations in Europe are an option
for most providers in this MarketScope. MSS customers usually extend their outsourcing contracts
and occasionally change providers, but they rarely move services back in-house, which is still
considered the more costly option.
These factors have resulted in the MSS market in Europe being forecast to grow at a 14%
compound annual growth rate from 2011 to 2015 (with the market size for 2011 forecast at $2.5
billion), which means it is still one of the growth sectors in the IT industry.
Gartner, Inc. | G00219325 Page 13 of 28

Evaluation Criteria
Table 2. Evaluation Criteria
Evaluation Criteria Comment Weighting
Overall Viability
(Business Unit,
Financial, Strategy,
Organization)
Geographic
Strategy
Viability includes an assessment of the provider's financial health, the
financial and practical success of the MSS unit, and the likelihood that
the MSS unit will continue investing in managed security services, and
researching and developing innovative security services. Additional
areas assessed include management experience, the number of
customers in Europe, investment in R&D, and understanding of
business and technology trends.
This includes the provider's strategy to direct resources, skills and
offerings to meet the specific needs of regions outside the native
area, directly or through partners, channels and subsidiaries, as
appropriate for the region and market. We considered the vendor's
ability to articulate the differences between the U.S. and European
MSS markets, as well as differences within Europe.
Product/ Service This is the provider's approach to service development and delivery,
which emphasizes differentiation, functionality, methodology and
feature sets as they map to current and future requirements. We
considered the number of target platforms vendors can manage.
Marketing Strategy This is a clear, differentiated set of messages, consistently
communicated throughout the organization and externalized through
the website, advertising, customer programs and positioning
statements. In addition, we considered how providers measure the
effectiveness of marketing programs.
Customer
Experience
This includes the ways customers receive technical and account
support. These can include ancillary tools, customer support
programs (and the quality thereof) and the availability of user groups,
SLAs and so on. We also assessed providers' implementation
processes and system integration and consulting capabilities.
Reference client feedback was particularly important in the rating for
this criterion.
Innovation This takes into account capital and human resource investments, and
the development of new services as displayed in the security service
strategy and the road map.
Market
Responsiveness
and Track Record
Source: Gartner (October 2011)
Ability to understand business and security technology trends and
assess competitors. This includes the ability to respond, change
direction, be flexible and achieve competitive success as new
opportunities develop, competitors act, customer needs evolve and
market dynamics change.
High
Standard
Standard
High
High
Standard
Standard
Page 14 of 28 Gartner, Inc. | G00219325

Figure 1. MarketScope for Managed Security Services in Europe
AT&T
Atos
BT Global Services
Computacenter
CSC
Dell (SecureWorks)
HCL Technologies
HP
IBM Security Services
Integralis
Open Systems
Orange Business Services
Symantec
Tata Communications
Telefonica
Verizon
Wipro Technologies
As of 26 October 2011
Source: Gartner (October 2011)
Strong
Negative
Vendor Product/Service Analysis
AT&T
RATING
Caution Promising Positive
x
x
x
x
x
x
x
x
x
x
x
x
x
x
Strong
Positive
AT&T is a venerable network service provider that tends to emphasize its global approach (it is
present in more than 200 countries), rather than regional differentiation. It offers MSS to European
multinational companies via SOCs in the U.S. and India, and plans to open another SOC in Eastern
Europe.
Its MSS strategy focuses on providing integrated network-based security to European-based
customers that possess a global footprint, utilizing services such as virtualized firewall, intrusion
prevention, Web filtering, DDoS and premises-based solutions. It is aggressively moving into cloud
and software-as-a-service-based security services.
Strengths
■ Global coverage of communications and security services
Gartner, Inc. | G00219325 Page 15 of 28
x
x
x

■ Its ability to leverage existing communications clients for upselling MSS
■ Its tight bundling of security services with network services and capabilities in cloud security
Challenges
■ Variable response to customer service requests remains an issue
■ Despite global brand and presence, rarely appears on MSS shortlists in Europe, and needs to
improve its visibility as a security provider to extend beyond the multinational company market
Rating: Promising
Atos
Atos (formerly Atos Origin) is an international IT services company with four primary service lines:
business consulting, system integration, managed operations and transactional services. In July
2011, Atos completed its acquisition of the IT Solutions and Services subsidiary of Siemens. This
analysis reflects the preacquisition situation.
Its security services strategy focuses on Atos High Performance Security, an integrated SecaaS
platform. The security portfolio includes endpoint security, server security, network security and
IAM. Other focus areas are governance/risk/compliance and cloud security. Most of its MSSP
contracts are part of larger IT outsourcing relationships. It targets the public sector, financial
services (card payments) and healthcare sectors.
Strengths
■ Experience in integrating security services with complex, large-scale IT programs (its IT security
services for the Olympics are an example)
■ Ability to work effectively and collaboratively with other service providers (for example, network
service providers) that its clients have engaged
■ Knowledge and skills of some of its technical MSS staff
Challenges
■ Pursuing information security with the same diligence as IT operations
■ Improving collaboration among and consistency of different countries' and teams' operations
■ Becoming more cost-efficient, reducing the tendency to overengineer security solutions
Rating: Positive
BT Global Services
BT is an established name in network and communications services in Europe. Because of ongoing
R&D investments and marketing that exhibits regional insights, BT also managed to shape a decent
Page 16 of 28 Gartner, Inc. | G00219325

security service profile. Customer feedback in Europe has also been more positive over the past
year. BT has an extensive security service portfolio with a focus on multifunction firewall/UTM
devices and secure message gateways.
Its MSS differentiation focuses on security embedded in the network, skilled resources and a global
infrastructure. Targeting mainly large enterprises, its key messages emphasize the basics —
simplicity, cost reduction, compliance and asset protection.
Strengths
■ A resilient operations infrastructure and BT's responsiveness in incident reporting
■ The quality of its internal operational processes (for example, quality assurance)
■ The skills of its engineers and the ability to listen, respond and adjust to client requirements
Challenges
■ Sharing information more openly and making it available in real time, rather than on request
■ Cost savings in order to keep pricing competitive must not result in staff shortage
Rating: Strong Positive
Computacenter
Computacenter is a European provider of outsourcing, outtasking, consulting and support services.
It operates primarily in the U.K. and in Germany, and has two SOCs in each of these two countries.
Its MSS strategy emphasizes a holistic approach to security (client, network and data center),
integrating MSS into other outsourcing deals and customer intimacy. It differentiates on agility,
value for money and customer relationships. Its customer growth in 2010 was above average.
Computacenter has had recent success in the automotive, pharmaceutical and finance industries.
Strengths
■ Providing cost-effective services from a European vendor
■ Acting as a strategic partner, is able to understand infrastructure and business requirements
■ Having the ability to leverage the existing client base for upselling managed security services
Challenges
■ Reducing the perceived gap between promise and performance
■ Improving service consistency and quality
Gartner, Inc. | G00219325 Page 17 of 28

■ Improving knowledge of industry-specific needs and requirements
Rating: Positive
CSC
CSC is a global provider of IT-enabled business solutions and services. This ranges from
consulting, to solution design through to implementation and management of the solution.
Headquartered in the U.S., it provides MSS via security operations centers in the U.K., Australia,
Malaysia and the U.S.
It emphasizes the need to address security from a business risk perspective, not just a technology
perspective. This is a message that tends to resonate with European client organizations. In Europe,
its traditional customers are from within its outsourcing base, although more recently, it has
targeted the public sector and financial services for its MSS.
Most customers in Europe use CSC for the management of firewalls, customer-owned SIEM/log
management and endpoint security clients. For cloud-based Web and email, CSC chooses to work
with partners.
Strengths
■ Having the capability to embed an information risk manager as a single point of contact in the
client's organization
■ Being able to work with partners to complete the security service portfolio
■ Being able to leverage its existing client base for upselling MSS
Challenges
■ Being more flexible (and less commercially rigorous) in its response to changing client
requirements
■ Aligning communications between security and other operational teams
■ Improving the ability to leverage security and threat information from its large client base for the
benefit of individual clients and delivering enhanced portal capabilities
Rating: Positive
Dell (SecureWorks)
Dell SecureWorks Information Security Services is the result of Dell's acquisition of SecureWorks
(U.S.). With this acquisition, Dell benefits from SecureWorks' previous acquisitions of VeriSign's
MSS operations and dns (U.K.) in 2009 through 2011. Dell SecureWorks manages and/or monitors
security devices all over Europe, predominantly in the U.K., especially log sources, firewalls,
network IDS/IPSs and data loss prevention systems. Dell SecureWorks operates two SOCs in
Europe, provides a comprehensive portal, and also offers support in Spanish and French.
Page 18 of 28 Gartner, Inc. | G00219325

Strengths
■ Its clearly articulated strategy in Europe, its understanding of the market and its increasing
investments in R&D
■ Its ability and willingness to adapt to the changing needs of large clients
■ Its advanced portal (including asset information and various correlation capabilities)
Challenges
■ Mitigating the perception that a large vendor cannot provide customer intimacy
■ Continuing to establish a brand presence in the European security market
■ Ensuring consistency of service quality during acquisition integration
Rating: Positive
HCL Technologies
HCL Technologies is an India-based offshore provider that has already gained some traction in
Europe. HCL continues to show significant revenue growth in Europe.
HCL is strong in server-based security services (IDS/IPS and log collection) as well as endpoint
security client management. In addition, it offers application security services and IAM. It also
claims comprehensive portal capabilities. HCL focuses on providing flexible services based on a
large pool of skilled, experienced resources and can support delivery in a large number of European
languages.
Strengths
■ Consistent and mature service delivery, including a methodological, process-driven approach to
security management
■ Human resource management — expertise of staff and relatively low staffing turnover rate
■ Ability to pull in expertise, on demand, from a large resource pool
■ Cost-effectiveness, especially for standard platforms in the HCL support portfolio, and for
services that don't deviate from the standard offerings
Challenges
■ Improving management of nonstandard requests, specifically the ability to deal with requests
and issues that fall outside the scope of the existing formal processes
■ Improving strategic planning — clients would like to see more forward-thinking and innovative
suggestions for dealing with a constantly changing security environment
Gartner, Inc. | G00219325 Page 19 of 28

Rating: Positive
HP
HP offers enterprise security products and enterprise security services. Its managed security
services represent the capabilities of HP, EDS (acquired by HP in August 2008) and Vistorm
(acquired by EDS in April 2008). Vistorm was an established security services and consulting vendor
based in the U.K. With ArcSight, HP also owns one of the more widely deployed SIEM technologies.
In Europe, HP targets enterprise accounts in various industries, including the public sector, financial
services and utilities sectors, as well as organizations in the high-end small and midsize business
scale. Its European security customer base is stable.
HP's security service portfolio includes endpoint security, and firewall and network IPS
management. HP recently announced enterprise cloud services: vulnerability scanning, vulnerability
intelligence and endpoint threat management. It has five SOCs worldwide, two of which are in
Europe (the U.K. and Spain).
Strengths
■ Its experience in integrating security services with complex, large-scale enterprise IT solutions
■ It takes the time to develop a detailed understanding of the technical, commercial and
functional aspects of client business operations
■ Willingness to reduce service pricing if customer accepts management handled in another
country
Challenges
■ Improving the features and functionality of its MSS portal (which is currently available only in
English)
■ Ensuring that Vistorm's strengths are not lost in the HP enterprise
■ Improving HP's visibility as a security player in the broader European MSS market
Rating: Positive
IBM Security Services
IBM's security capabilities include managed security services and cloud-based security offerings
complemented by a portfolio of professional security services with a slight emphasis on server and
endpoint security (versus network security). IBM Security Services targets larger enterprises and
existing customers for its MSS. It emphasizes its reputation, global reach, and depth and breadth of
its solution offerings as key differentiators. IBM is the MSS provider that appears most often on
customer shortlists in Europe.
Page 20 of 28 Gartner, Inc. | G00219325

Strengths
■ Global security view based on large number of customers
■ Supports many European languages and has a presence in all major European countries
■ Experience with various security products (such as IBM and Cisco)
Challenges
■ Addressing client reports of inconsistencies in service delivery standards
■ Improving the flexibility of IBM processes and procedures to cater to changing customer
requirements
■ Realizing that cost is still often quoted as a major reason for not selecting IBM during
competitive bidding
Rating: Positive
Integralis
Integralis is a provider of security services originally based in Europe that has grown steadily over
the years and is now present in Europe, the U.S. and Southeast Asia with a total of nine SOCs. This
includes operations of Secode, a Scandinavian MSSP that was acquired in 2010 — like Integralis in
2009 — by NTT Communications, Japan. Integralis remains an independent subsidiary of NTT
Communications. Integralis provides a broad portfolio of network and server-based security
services, including data center, CPE and cloud-based services.
Strengths
■ Excellent technical skills of its workforce
■ Flexibility in dealing with clients' security requirements
■ Clients especially value Integralis' security architecture design capabilities
Challenges
■ Retaining its price competitiveness versus the offshore providers
■ Making sure that administrative back-end processes don't slip
■ Keeping the functionality of its portal competitive
Rating: Strong Positive
Gartner, Inc. | G00219325 Page 21 of 28

Open Systems
Open Systems is a specialized security service provider headquartered in Switzerland, with an
additional security operations center in Sydney. Its portfolio focuses on multifunction firewall/UTM
devices, Web application firewalls, secure Web/email gateways and traditional firewall/network IPS.
Open Systems operates a variation of the follow-the-sun model with its two SOCs. All Sydney
employees are recruited under Swiss law. They are trained in the headquarters and then sent to
Sydney three to four months in rotation. Open Systems is conscious of the demand for on-premises
delivery due to the need for storing sensitive data locally, and hence, it evaluates cloud delivery
options with caution.
Strengths
■ Comprehensive service portfolio with a focus on network-based security
■ Commitment to employee development resulting in low staff fluctuation, stable service quality
and high customer satisfaction
■ Customers' appreciation that the staff is client-focused, flexible and highly professional
Challenges
■ Maintain the balance between high growth, high quality and customized (rather than merely
packaged) security services
■ Expand the standard portfolio to include log management if clients demand it
■ Improve visibility in the European market for managed security services
Rating: Positive
Orange Business Services
Orange Business Services is the brand name under which France Telecom offers most of its
managed security services. The company is a sizable player in the MSS space in Europe because of
its large base of network and communications clients. Offerings include the management of
firewalls, network intrusion prevention devices and an above-average number of secure Web
gateways. Security services are available independently, but many sales combine aspects of
network operations, security services and security consulting.
The company's marketing emphasizes simplicity, flexible delivery models and reduced total cost of
ownership (TCO) in its MSS offerings. It has 10 SOCs globally, seven of which are in Europe.
Strengths
■ Focus on small and midsize businesses, especially in France/Benelux, but also active in all
other European regions
■ Its ability to leverage existing client relationships for selling security services
Page 22 of 28 Gartner, Inc. | G00219325

■ Its moving from device-based to hosted and cloud security services
Challenges
■ Express more clearly how it intends to stay abreast of threat and technological developments
■ Implement the road map for security services and articulate where R&D investments will be
made
■ Improve visibility in the enterprise security market segment
Rating: Promising
Symantec
Symantec is a vendor with a broad portfolio of security products and services. Managed services
include server and network IDS/IPS, firewalls, and endpoint security solutions. It has four SOCs
worldwide, operates a large network of security information sensors and employs a sizable staff of
security administrators. It offers a comprehensive security portal, has developed a technology- and
customer-oriented road map, and has detailed awareness of its regional competition.
Strengths
■ Its global view of the threat environment via its threat intelligence capability
■ Its responsiveness to client requests, and its flexibility
■ The quality of its support and sales resources
Challenges
■ Monitoring quality of support services provided by local partners
■ Realizing that, despite its massive brand presence in the security product market, Symantec still
has a comparatively low profile as an MSS player in Europe
Rating: Strong Positive
Tata Communications
Tata Communications is an India-based global communications provider. It provides MSS via five
global SOCs, one of which is in Europe. It targets large multinational organizations in the retail,
pharmaceutical, oil and gas, and financial services industries.
Its MSS strategy focuses on compliance, customer service, TCO and integration with the rest of its
service portfolio. While its European revenue base is still small, it showed the strongest customer
growth of all European MSSPs surveyed in 2010.
Gartner, Inc. | G00219325 Page 23 of 28

While Tata Communications meets the inclusion criteria in terms of device and customer numbers
in Europe, we could not verify the provider's portfolio and performance claims independently.
Strengths
■ Being able to leverage existing clients for upselling MSS
■ Supporting a broad range of security products
■ Understanding global market trends, and being able to present an insightful road map, having
obtained relevant certifications for its security services
Challenges
■ Establishing a measurable presence in the European market
■ Proving their understanding of regional and local requirements
Rating: Caution
Telefonica
Telefonica is a large, integrated telecommunications provider with international operations and a
strong position in Spain, also with a relevant customer base in most other European regions. It
provides management of Web application firewalls, network firewalls and IPSs. It also manages
endpoint security clients and operates some DLP devices.
Strengths
■ Flexibility in adapting to client requirements
■ Ability to foster and maintain strong local relationships
■ Sound knowledge of technology and client requirements
Challenges
■ Improving the quality of service delivery and service management to competitive standards, in
particular where subcontractors are involved
■ Accelerating service deployments and equipment updates
Rating: Positive
Verizon
Verizon is a major mainstream MSS provider with good coverage in Europe. It has an elaborate road
map and invests in reputational intelligence and secure mobility services. Verizon tends to integrate
security services into other networking and IT services. It has a solid presence in Europe, and
Page 24 of 28 Gartner, Inc. | G00219325

emphasizes its correlation capabilities, security expertise, global reach and risk-based security on
global IP networks. While not inexpensive, its prices are generally considered acceptable.
Strengths
■ Having global reach and expertise
■ The knowledge and skills of its European staff
■ Offering threat intelligence correlated from various sources
Challenges
■ Providing European clients with consistently high service quality from U.S. operations
■ Improving the quality of communications among staff in different teams managing different
services (for example, firewall administration versus antivirus versus IDS/IPS)
■ Avoiding becoming more bureaucratic, especially in back-office processes
Rating: Positive
Wipro Technologies
Wipro Technologies is an offshore IT service and system integration company based in India. It
provides managed security services to organizations in Europe from a primary control center in
India supported by five regional SOCs in Europe, which deliver services locally and improve crossborder
data privacy compliance. Wipro offers various delivery models, including a dedicated SOC,
an SOC at customer premises, cloud-based operations or hosted services. Its staff works as part of
the customer organization, co-managed and in a fully outsourced model. The majority of its
European MSS clients are also clients of other Wipro IT services.
Strengths
■ Its flexibility and willingness to help customers, even on short notice
■ The quantity and quality of its skilled staff
■ Its ability to upsell security services to existing clients
Challenges
■ Finding the right balance between tolerating some staff fluctuation in order to support very
competitive pricing and deploying experienced staff to provide the best service experience
■ Increasing brand visibility in the European security services market
Rating: Positive
Gartner, Inc. | G00219325 Page 25 of 28

Recommended Reading
Some documents may not be available as part of your current Gartner subscription.
"The Global Managed Security Services Provider Landscape"
"Toolkit: Selecting the Right Managed Security Services Provider"
"Magic Quadrant for MSSPs, North America"
"MarketScope for Managed Security Services in Asia/Pacific"
"Magic Quadrants and MarketScopes: How Gartner Evaluates Vendors Within a Market"
Evidence
For this research, we contacted about 100 managed security service providers, of whom 17 met the
selection criteria. They had to answer a detailed list of questions about their company and their
security services. In addition, we collected information on the providers' performance from Gartner
clients and provider reference clients through phone interviews and an online survey.
Note 1 Intrusion Detection System and Intrusion Prevention System
For the purposes of this research, we ignore the differences between IDSs and IPSs. Whenever we
use "IPS," we mean both.
Note 2 Secure Web and Email Gateway Services
Secure Web and email gateway services refer to the filtering of malware from Web and email traffic
at the gateway. This does not include filtering at the endpoint.
Vendors Added or Dropped
We review and adjust our inclusion criteria for Magic Quadrants and MarketScopes as
markets change. As a result of these adjustments, the mix of vendors in any Magic
Quadrant or MarketScope may change over time. A vendor appearing in a Magic
Quadrant or MarketScope one year and not the next does not necessarily indicate that
we have changed our opinion of that vendor. This may be a reflection of a change in the
market and, therefore, changed evaluation criteria, or a change of focus by a vendor.
Gartner MarketScope Defined
Gartner's MarketScope provides specific guidance for users who are deploying, or have
deployed, products or services. A Gartner MarketScope rating does not imply that the
vendor meets all, few or none of the evaluation criteria. The Gartner MarketScope
evaluation is based on a weighted evaluation of a vendor's products in comparison with
Page 26 of 28 Gartner, Inc. | G00219325

the evaluation criteria. Consider Gartner's criteria as they apply to your specific
requirements. Contact Gartner to discuss how this evaluation may affect your specific
needs.
MarketScope Rating Framework
Strong Positive
Is viewed as a provider of strategic products, services or solutions:
■ Customers: Continue with planned investments.
■ Potential customers: Consider this vendor a strong choice for strategic
investments.
Positive
Demonstrates strength in specific areas, but execution in one or more areas may still be
developing or inconsistent with other areas of performance:
■ Customers: Continue planned investments.
■ Potential customers: Consider this vendor a viable choice for strategic or tactical
investments, while planning for known limitations.
Promising
Shows potential in specific areas; however, execution is inconsistent:
■ Customers: Consider the short- and long-term impact of possible changes in
status.
■ Potential customers: Plan for and be aware of issues and opportunities related to
the evolution and maturity of this vendor.
Caution
Faces challenges in one or more areas:
■ Customers: Understand challenges in relevant areas, and develop contingency
plans based on risk tolerance and possible business impact.
■ Potential customers: Account for the vendor's challenges as part of due diligence.
Strong Negative
Has difficulty responding to problems in multiple areas:
■ Customers: Execute risk mitigation plans and contingency options.
■ Potential customers: Consider this vendor only for tactical investment with shortterm,
rapid payback.
Gartner, Inc. | G00219325 Page 27 of 28

Regional Headquarters
Corporate Headquarters
56 Top Gallant Road
Stamford, CT 06902-7700
USA
+1 203 964 0096
European Headquarters
Tamesis
The Glanty
Egham
Surrey, TW20 9AW
UNITED KINGDOM
+44 1784 431611
Asia/Pacific Headquarters
Gartner Australasia Pty. Ltd.
Level 9, 141 Walker Street
North Sydney
New South Wales 2060
AUSTRALIA
+61 2 9459 4600
Japan Headquarters
Gartner Japan Ltd.
Aobadai Hills, 6F
7-7, Aobadai, 4-chome
Meguro-ku, Tokyo 153-0042
JAPAN
+81 3 3481 3670
Latin America Headquarters
Gartner do Brazil
Av. das Nações Unidas, 12551
9° andar—World Trade Center
04578-903—São Paulo SP
BRAZIL
+55 11 3443 1509
© 2011 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This
publication may not be reproduced or distributed in any form without Gartner’s prior written permission. The information contained in this
publication has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or
adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. This publication
consists of the opinions of Gartner’s research organization and should not be construed as statements of fact. The opinions expressed
herein are subject to change without notice. Although Gartner research may include a discussion of related legal issues, Gartner does not
provide legal advice or services and its research should not be construed or used as such. Gartner is a public company, and its
shareholders may include firms and funds that have financial interests in entities covered in Gartner research. Gartner’s Board of
Directors may include senior managers of these firms or funds. Gartner research is produced independently by its research organization
without input or influence from these firms, funds or their managers. For further information on the independence and integrity of Gartner
research, see “Guiding Principles on Independence and Objectivity” on its website, http://www.gartner.com/technology/about/
ombudsman/omb_guide2.jsp.
Page 28 of 28 Gartner, Inc. | G00219325