Authored by Cathy Huang, Senior Research Manager, IDC Asia-Pacific.

Comparing MSS Offerings in Asia-Pacific

The recent “IDC MarketScape: 2016 Asia-Pacific Managed Security Services” report evaluated 17 prominent managed security services providers (MSSPs) in the region and identified six market leaders: IBM, NTT Com, CSC, BT, Symantec and Verizon. You’d be surprised how similar some of these vendors’ messages and go-to-market strategies sound if you pay close attention.

The most commonly used terms to describe their MSS offerings include “end to end,” “transformative,” “advanced,” “use of analytics and automation,” and “cloud security,” to name a few. Only after speaking with their customers and analyzing each option critically, however, will you would discover how different they are in reality.

Finding Flexibility

Take flexibility to deliver MSS and onboard MSS customers as an example. The flexibility element is a good demonstration of an MSSP’s capability to leverage cloud architecture and an analytics-driven platform, powered by cognitive systems or any advanced analytics and automation technology. In fact, this links to their target customer segments.

While the majority of the MSSPs evaluated in the study primarily target large enterprises, they demonstrate great flexibility to deliver their MSS offerings and onboard their customers with wide range of options, including self-service, that tend to have a broader spectrum of customers. More importantly, these MSSPs are well-positioned to meet the growing demands of small and midsize businesses.

Scrutinizing SOCs

Another important differentiator is an MSSP’s security operations center (SOC) staffing, capabilities and location. The perception of the SOC as an operations center that processes security alerts is rapidly changing, since they now cater to more complex requirements. This is timely — we are seeing a growing need for broad skills, high levels of automation and seasoned security professionals for more specialized, analytics-focused work.

Some MSSPs boast of staffing their SOCs with Ph.D.-level data scientists ready to extract security context from the vast data stores available, in addition to entry-level monitoring staff. Many have also poured heavy investments into advanced analytics and automation technology. While this is a sound approach, mature MSSPs place equal focus on retaining and training their valuable security talents.

Balancing Business Objectives

While aligning IT security with business outcomes sounds perfectly logical, it is difficult to achieve in reality. The DNA of these two groups — security professionals and line-of-business (LOB) professionals — are too different. This presents communication challenges.

This is slowly changing, however, with improving cybersecurity proficiency in the Asia-Pacific region. A proficient and optimized security program is represented by complex interplay of technology, processes and people. These are all governed by risk management capabilities and driven by a strategy that enables an organization to undergo digital transformation safely.

Mature organizations generally prefer to leverage an external MSSP to create a strong business case for their security investment. More importantly, MSSPs offer the expertise to assist enterprise customers in educating their board on crafting a business-aligned security strategy. Today, only a handful of MSSPs have demonstrated such business acumen and understanding of their clients’ objectives and processes.

The Asia-Pacific MSS market is a very competitive one, with many providers vying for customers. The industry is seeing lots of consolidation, which creates further complexities. For these reasons, it takes a great effort to identify the right MSSP for your organization.

Download the full IDC MarketScape report to learn more

More from Security Services

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Ermac malware: The other side of the code

6 min read - When the Cerberus code was leaked in late 2020, IBM Trusteer researchers projected that a new Cerberus mutation was just a matter of time. Multiple actors used the leaked Cerberus code but without significant changes to the malware. However, the MalwareHunterTeam discovered a new variant of Cerberus — known as Ermac (also known as Hook) — in late September of 2022.To better understand the new version of Cerberus, we can attempt to shed light on the behind-the-scenes operations of the…

ITG05 operations leverage Israel-Hamas conflict lures to deliver Headlace malware

12 min read - As of December 2023, IBM X-Force has uncovered multiple lure documents that predominately feature the ongoing Israel-Hamas war to facilitate the delivery of the ITG05 exclusive Headlace backdoor. The newly discovered campaign is directed against targets based in at least 13 nations worldwide and leverages authentic documents created by academic, finance and diplomatic centers. ITG05’s infrastructure ensures only targets from a single specific country can receive the malware, indicating the highly targeted nature of the campaign. X-Force tracks ITG05 as…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today