12 managed security-services providers you should know

A variety of managed security-services providers and the services they offer, from antispam to Web filtering.

12 managed security-services providers you should know

Cost-savings, compliance and off-loading busy-work are three big reasons an increasing number of enterprises are turning to managed security-services providers

AT&T

Large network providers like BT and Verizon have acquired their managed security expertise, but AT&T has crafted a set of managed security services using its experience securing its own network. AT&T's go-to-market strategy focuses on selling these services to its network infrastructure customers. "When customers purchase communications services, they are expecting us to address security as part of the solution," says Brian Perry, executive director of product management at AT&T. Services are available in conjunction with customer premises equipment or in the cloud. Enterprises also can enlist AT&T's professional-services arm for such functions as network monitoring, log review and log retention.

Category: Network service provider

Customers: American Nuclear Insurers, Banner Bank

BT

In October 2006, BT acquired Counterpane Internet Security, one of the first pure-play MSSPs. The Counterpane acquisition allowed BT to offer security on top of its network-based VPN services, and gave the company access to the U.S. market. Legacy Counterpane services, now called Event Monitoring and Correlation and powered by BT Counterpane, are available in conjunction with customer premises equipment. BT's managed firewall service, e-mail services and some managed vulnerability-scanning services are provided in the cloud. BT also offers security-related professional services.

Category: Network service provider

Customers: CLSA Asia Pacific Markets, Procter & Gamble, Scottish Water, Visa Europe

IBM Internet Security Services

One of the world's largest systems integrators, IBM already had its own managed security-services business when it acquired security technology vendor Internet Security Systems for $1.3 billion in 2006. A security hardware and software developer, ISS also had a thriving MSSP business. IBM competes head-to-head with big network providers and other large integrators offering managed security services, such as Computer Sciences Corp.; Getronics, a subsidiary of Dutch telecom giant KPN; and Science Applications International Corp. Services are available in conjunction with customer premises equipment or in the cloud, or through IBM's professional services organization.

Category: Traditional outsourcer and security technology provider

Customers: Procter & Gamble

Integralis

Integralis got its start in Germany as a systems integrator with a focus on security but now calls itself a pure-play MSSP. The company has a strong practice in Europe and also is making a name for itself with U.S. midsize to large enterprises in such highly regulated verticals as financial services, energy and healthcare. In July, Integralis acquired the managed security-services business of Neohapsis, a security consultancy that had merged with KSR, a start-up MSSP founded by former Oracle CIO Mark Iwanowski. "The acquisition of Neohapsis' Centris system lets us manage the full IT stack for our customers," says Andrew Lev, group senior vice president of marketing, alliances and channels at Integralis. Services are available in conjunction with customer premises equipment, in the cloud, or through Integralis' professional services organization.

Category: Pure-play MSSP

Customers: MetLife, Sony BMG

MegaPath Networks

MegaPath, which began as an ISP in 1999, is a VPN provider that also offers managed security services through a network of Fortinet unified threat management devices. The company has built a loyal following among retail customers. "We looked at AT&T, Covad and a couple of other players, but MegaPath seemed to understand our retail model better than the others," says Alan Stukalsky, CIO at Church's Chicken in San Antonio, Texas. Church's uses MegaPath's service nationwide to connect its 260 stores. Virtela Communications has a business model similar to MegaPath's in that the company began life as a VPN provider, but Virtela targets larger enterprises and offers a broader range of managed security services. MegaPath primarily offers services in the cloud but also has some VPN services based on customer premises equipment.

Category: Network service provider

Customers: Burger King, Church's Chicken, Subway

Perimeter eSecurity

Perimeter eSecurity says it offers 50 managed services, more than any other MSSP. Like many of the other pure-plays, the company got its start supplying services to small businesses in the financial services sector but now sells to larger enterprises as well. About 60% of Perimeter customers have fewer than 250 employees, but 20% are Fortune 500 companies. Midsize enterprises (500 to 1,000 employees) make up the remaining 20%, says Doug Howard, chief strategy officer at Perimeter. Services are available in conjunction with customer premises equipment or in the cloud.

Category: Pure-play MSSP

Customers: Boiling Springs Savings Bank, Farmers Insurance Group, Global Learning Centers, New Tribes Mission, Power Federal Credit Union, Swett & Crawford Group, Ulster Savings Bank, United Air Lines, Vermont State Employees Credit Union

Savvis

Savvis got its start in 1995 as a network provider for financial services companies, then expanded into Web hosting. The company, which now operates 29 data centers worldwide, calls itself an "IT infrastructure service provider." Because of its network provider background, Savvis has a strong focus on cloud-based services, but it also offers customer-premises-equipment-based services, plus professional services.

Category: Network service provider

Customers: iJet Intelligent Risk Systems, StarCompliance Software

SecureWorks

Like Perimeter eSecurity, SecureWorks got its start with small financial services firms. In 1999 the company developed an intrusion-prevention technology called iSensor, which appealed particularly to small and midsize banks. In 2006, SecureWorks merged with LURHQ, another pure-play MSSP. That merger gave SecureWorks access to Fortune 500 accounts. The company offers services in conjunction with customer premises equipment or in the cloud, as well as professional services.

Category: Pure-play MSSP

Customers: Big Rivers Electric, Glenview State Bank, Incyte, NutriSystem, Pacific Gas and Electric Co., SunCorp Corporate Credit Union

Solutionary

Solutionary fits in the pure-play MSSP category with Perimeter eSecurity and SecureWorks, but the company adds a strong focus on compliance management and professional services. Solutionary offers a unique product called SecurCompass, which is Web-based security assessment software delivered as a service. SecurCompass determines the relative security of a user's network and business practices by comparing them to those of hundreds of other companies that have used the software. Solutionary services are available in conjunction with customer premises equipment or in the cloud.

Category: Pure-play MSSP

Customers: Undisclosed

Symantec

Symantec is one of the last independent security-software vendors with an MSSP business. The company's chief rivals Internet Security Systems and Cybertrust have been swallowed up by IBM and Verizon, respectively. Symantec was one of the first technology providers to acquire an MSSP business when it paid $145 million for Riptech in 2002. That deal gave Symantec dozens of Fortune 500 managed services customers. Security-related professional services are available, too. Most of Symantec's services are CPE-based, but the company offers in-the-cloud messaging services.

Category: Security technology provider

Customers: Kettering Medical Center Network, Screen Actors Guild - Producers Pension and Health Plans

Verizon Business

Last summer, Verizon Business purchased Cybertrust for an undisclosed sum in a deal that makes the combined company the world's largest MSSP with more than 2,500 enterprise customers. Verizon Business already had acquired some managed-security expertise in 2006 with its purchase of MCI, which had bought security company NetSec a year earlier. "The addition of Cybertrust gives us greater depth globally," says Cindy Bellefeuille, director of security product management at Verizon Business. "It also gives us a wider portfolio of services and lets us dip into the SMB market." Verizon offers services in conjunction with customer premises equipment or in the cloud; professional services include managed network access control.

Category: Network service provider

Customers: First Advantage, Smiths Group, University of Western Sydney

VeriSign

Since December 2007, VeriSign has been searching openly for a buyer for its MSSP business. So far, the company has not had any takers, which could be problematic. "This has been hanging over its head for eight months now, and that's a difficult position to be in when you're trying to sell to enterprise customers," says Kelly Kavanagh, principal research analyst at Gartner. "There's a huge question mark over who the acquirer will be and what the implications will be for existing customers." VeriSign offers services in conjunction with customer premises equipment, and has a professional services arm.

Category: Security technology provider

Customers: Avery Dennison, GlaxoSmithKline, Merrill Lynch

Want more?

Go to our special " Trend Watch: Security " supplement for more information on managed security services plus these other trends that affect enterprise network security: Information protection, identity-centric access control, and security event management.