Think about all of the industry activity with malware detection and response and what comes to mind? Most people would probably focus on technology vendors like Bromium, Cylance, Damballa, FireEye, and Palo Alto Networks since these firms have garnered headlines, raised vast fortunes of VC funding, and even pushed through successful IPOs.
Yup, all of these technology vendors seem to be doing just fine, but there is another parallel success story in play - albeit a rather stealthy one. Advanced malware detection and response services revenue is actually growing at about twice as fast as product revenue. Much of this growth is coming from the mid-market but enterprise organizations are also jumping on the bandwagon. According to ESG research, 60% of enterprise organizations already working with professional/managed security services have increased their use of these services "substantially" or "somewhat" over the last 2 years.
Why are so many firms seeking cybersecurity help? Combine the increasingly dangerous threat landscape with the cybersecurity skills shortage and you've got a paradigm shift cocktail. Additionally, many firms realize that chasing anomalous behavior and malcode demands time, resources, and the right technologies. Given this, an average regional bank, process manufacturing company, or teaching hospital may not want to play cyber cops and robbers anymore.
ESG research also provides some details on what types of incident detection/response services are most popular with enterprise organizations.
*45% of enterprise organizations are investing in, "cybersecurity training services for IT and non-IT employees."
*41% of enterprise organizations are investing in, "penetration testing services."
*41% of enterprise organizations are investing, "managed network security services."
*39% of enterprise organizations are investing in, "risk assessment services for existing policies and technology controls"
*39% of enterprise organizations are investing in, "vulnerability scanning services."
It is also worth mentioning that around 23% of organizations have simply outsourced incident detection and response completely or are using a service provider in these areas for staff augmentation and additional support.
So MSSP and professional services are growing substantially in the SMB and enterprise market. In my humble opinion, this means:
1. Services vendors need to invest in marketing to establish leadership, visibility, and specialization. While there are lots of good cybersecurity services firms, none is perceived as a clear market leader. In other words, the market is wide open for AT&T, BT, Cisco, Dell, IBM, HP, Unisys, Verizon Business, and Symantec to market visionary security services, institute aggressive sales incentives, or establish thought leadership in the market. Given the current lack of market definition, there is plenty of room for the traditional federal SIs like Boeing, Booz Allen, CSC, Leidos, Lockheed, and Raytheon to jump into a leadership role as well. Finally, there is no need to "boil the ocean." For example, Cisco, can focus on helping customers design, build, and operate network security architecture tied into SDN (note: Cisco made an announcement today about its managed threat defense services). HP can leverage ArcSight to focus on security data and process integration. Booz, CSC, and Unisys can work with critical infrastructure organizations on NIST cybersecurity framework assessments and best practices. There is no shortage of possibilities.
2. Dell can lead in security services and use security services to break from its traditional mold. Dell SecureWorks deserves to be highlighted as it has been extremely successful in the mid- and small enterprise market and will likely continue to ride cybersecurity services momentum into the enterprise. This could also become an area where Dell can distance itself from its overall "me-too" market image.
3. Market investment will continue. As services continue to trump product dollars, look for more M&A and grassroots activity. For example, we've already witnessed FireEye's acquisition of Mandiant. I could see Alert Logic and Proofpoint being scooped up while Barracuda will likely invest heavily on homegrown MSSP services in the next few years.
4. Security services firms will take a leadership role in STEM and cybersecurity education programs. In spite of their recent successes, MSSP and professional services organizations are struggling to support organizational growth with the right staff and skills. This is one reason why firms like Lockheed, HP, IBM, and Raytheon are already investing in STEM and cybersecurity education. Look for more security services firms to cooperate with Universities, donate time and equipment, fund scholarships, participate in cybersecurity awareness programs with DHS, NIST, NSA, and NSF, and extend their cybersecurity training programs across the globe.