Gartner has recognized Trustwave as a Representative Vendor in the analyst firm’s March 2022 Market Guide for Managed Security Services (MSS). In addition, Gartner previously recognized Trustwave as a leader in its MSS solution in its 2019 Gartner “Magic Quadrant for Managed Security Services, Worldwide.”
The March 22 report contains Gartner’s updated insights on the MSS market and recommendations for buyers interested in acquiring an MSS product. The guide points out changes that have taken place in the MSS market, with buyers no longer searching for a complete MSS package but instead searching for specific tools, such as threat intelligence, threat assessment, managed detection and response (MDR) and sometimes using Software-as-a-Service offerings to pull these products together from several different vendors.
With that said, Gartner noted the MSS market did grow 8.3% in 2020, reaching $12.7 billion in revenue, with a significant portion of this total revenue being derived from Managed Detection and Response services that vendors often offer as part of an MSS product.
Trustwave has positioned itself to handle this increase, specifically in light of the move to the cloud as organizations went remote due to COVID-19.
Trustwave is strategically positioned as a cloud-first security services organization; regardless of where our clients are in their cloud journey, we are well equipped with the cloud expertise, cloud partnerships and alliances, and our scalable cloud-native technology to help clients reduce complexity and deliver a more focused, secure transition to the cloud.
Gartner’s Key Findings
- Managed security services (MSS) providers offer an array of security services that vary from provider to provider. This breadth of service offerings provides wide choice but increasingly overlaps with capabilities offered by other market segments.
- Differentiation and comparison between MSS providers can be hard for buyers to quantify, as service capabilities and delivery models vary greatly from provider to provider.
- SaaS security capabilities have taken precedence for many buyers, significantly reducing the requirement to utilize a third-party provider to maintain security technology.
- Non-security-specific vendors in the IT outsourcing (ITO) and network service provider (NSP) markets commonly offer implementation and management services for security technologies, reducing cost by co-contracting network, desktop and security outsourcing.
Changes in the MSS Market
Traditionally, Gartner defined MSS as providing organizations with a variety of management and operational services specific to security technologies and business outcomes for security. These capabilities include security monitoring, detection and response, exposure assessment and management, and security consulting and security technology implementation. MSSs are delivered in various modes, in the providers’ cloud infrastructure, as consultative engagements, or through staff augmentation and on-premises.
However, Gartner said that the term MSS has become less relevant to buyers over the last two years. Instead, MSS is viewed as a generic catch-all descriptor to use when organizations need help with security and, more frequently, is less service-oriented and more consultancy-driven.
Gartner noted that this change has made it more difficult for buyers to compare MSS providers due to the disparity and variability in service offerings and the complexity of multiple intertwined services. Gartner found that buyers request specific capabilities more frequently than looking to a single provider for generic or broad security assistance.
When it comes to security, Gartner said buyers are interested in several specific areas. These include detection and response or security assessments (which are commonly delivered as a more frequent repeatable service rather than a one-off). Furthermore, the typical buyer for the wider group of security requirements met by MSSs regularly requests technology implementation and staff augmentation. They also have a broader desire to use third parties to accelerate the build of an internal security operations center (SOC) capability rather than look at longer-term outsourcing options.
Trustwave understands the buyer’s position. Our client engagement is far from a transactional, point-product fit-it-and-forget-it engagement; rather, we partner with our clients to help them understand their unique security challenges more holistically.
Trustwave guides our clients through their transformation efforts with more clarity and focus as it relates to their overall strategy, policies, capabilities, and architecture; and, for those that may not have these defined, Trustwave cyber advisory helps to build a robust security framework and roadmap that helps to boost their overall maturity. This approach helps our clients realize more value from their initial MSS engagement and positions Trustwave as a trusted security advisor for ongoing client projects.
Gartner’s Recommendations for Choosing an MSS Provider
Security and risk management leaders responsible for security operations should:
- Focus on the specific security needs of their business when approaching security service providers, looking specifically at the individual markets for managed detection and response (MDR), vulnerability assessment (VA) and incident response (IR).
- Separate consultative and service-driven requirements to ensure service delivery is as consistent as possible and customized capabilities are appropriately defined.
- Define expected outcomes and required deliverables in detail, evaluating internal security response processes to identify how security services will be consumed.
Trustwave offers complete security solutions as a service to help protect your systems, networks, and people. We create this solution by combining Trustwave’s continuously developed technology, powered by our Fusion platform, and our elite Trustwave SpiderLabs threat intelligence and expertise. Trustwave’s field-proven service excellence and analyst-lauded approach drives consistent and continuous outcomes, helps to mitigate risk, manage complexity, and provide security, network and compliance expertise.