Transcription
NEAT EVALUATION FOR UNISYS:Managed Security ServicesMarket Segment: OverallThis report presents Unisys with the 2017 NelsonHall NEAT vendor evaluation for ManagedSecurity Services (MSS) for the Overall market segment. It contains the NEAT graph ofvendor performance, a summary vendor analysis of Unisys in MSS, and the latest marketanalysis summary for MSS. An explanation of the NEAT methodology is included at the endof the report.The vendors evaluated are: Atos, CGI, Capgemini, CSS Corp, DXC Technology, IBM, Infosys,SecureWorks, TCS, and Unisys.IntroductionNelsonHall has assessed and evaluated Unisys’ proposition against demand for ManagedSecurity Services (MSS), and has identified Unisys as a Leader in the Overall market segment,as shown in the NEAT graph on page 2. NelsonHall 20171Licensed for distributionApril 2017
NEAT Evaluation for Unisys: MSSNEAT Evaluation: Managed Security Services (MSS)The Overall market segment reflects Unisys’ overall ability to meet future client requirementsas well as delivering immediate benefits to MSS clients.Buy-side organizations can access the MSS NEAT tool here. NelsonHall 20172Licensed for distributionApril 2017
NEAT Evaluation for Unisys: MSSVendor Analysis Summary for UnisysOverviewUnisys offers a full suite of security services, from professional services for initial advisoryservices, security design and implementation, managed security services, to physical securityand security solutions with Stealth.Unisys’ cybersecurity consulting and advisory services consist of: Cybersecurity strategic program development Security operations analysis, design, and implementation Cybersecurity assessment and architecture design IoT/BYOD strategy development, tool selection, and implementation Cyber threat intelligence program development.Unisys’ MSS consist of: SIEM Security Device Management IAM and GRC Stealth Services.Unisys’ managed SIEM service primarily leverages LogRhythm as its SIEM solution, however,it uses other technologies in some cases, e.g. when the client has an existing technology inplace.Leveraging LogRhythm, Unisys monitors a large number of events which are correlated downto 340m security events per day. Using its Security Intelligence application (previouslynamed the Unisys Noise Cancellation Advanced Analytics Platform (UNCAAP)), Unisys thenidentifies distinct events that require action.FinancialsNelsonHall estimates Unisys' CY 2016 managed security services revenues to be 175m, withthe following split, by activity: SIEM: 55%, 96m Security device management: 25%, 44m IAM and GRC: 13%, 23m Stealth services: 7%, 12m. NelsonHall 20173Licensed for distributionApril 2017
NEAT Evaluation for Unisys: MSSStrengths Unisys has a strong security intelligence capability (previously known as UNCAAP), whichreduces the correlated events down to a small number of distinctive security issues innear real-time, and reduces the number of false positives and negatives Unisys has a pragmatic approach to vulnerability management and remediation, with itsmethodology including a client's residual risk acceptance informing and being informedby vulnerability reporting, analysis and prioritization, and asset discovery Unisys’ Stealth offerings elevate its cybersecurity offerings; rather than protectingagainst threats across a client’s network, important data is safeguarded by making iteffectively undetectable. Besides the benefit to the client that Stealth brings withincreased security, it also requires the client to assess the sensitivity of each of its endpoints, a useful practice when considering cybersecurity. A large proportion of Unisys'investments in cybersecurity are around the Stealth offering, enabling clients tointegrate the offering in less time with the use of software based Stealth modules, andwith Stealth(aware) Unisys' cybersecurity offerings are led through its strong consultancy services which arerun by its highly experienced leadership. This leadership is demonstrated through its newresiliency services, which leverage CISOs and ex-armed forces staff who have experiencein reacting to similar events, for its wargames and training.Challenges Unisys' SIEM service, leveraging LogRhythm as its primary SIEM, is currently availableworldwide, however it lacks clients outside the U.S. Despite requiring a lower number of cybersecurity analysts than competitors, Unisys isin competition with a number of low cost Indian based ITS providers which areincreasingly focusing on cybersecurity Growth in cybersecurity services could be restricted by declining revenues in its servicesand cloud and IT infrastructure lines. Unisys is addressing this issue with a dedicated,direct MSS sales team. NelsonHall 20174Licensed for distributionApril 2017
NEAT Evaluation for Unisys: MSSStrategic DirectionUnisys has organized its security offerings around attacker’s kill chain model: Reconnaissance: stalk your targets (Unisys offers security analytics and firewalls) Weaponization: customize your malware (Unisys offers endpoint security and logmanagement) Delivery: infect a device with access to the target (Unisys offers email, user, and IAMsecurity) Exploitation: leverage the target’s vulnerability (Unisys offers anti-malware, patchmanagement, and vulnerability management) Installation: transfer your malware to the target (Unisys offers event analytics) Command and control: send commands to the target (Unisys offers SIEM services) Action on objectives: malware does its job (Unisys offers DLP and endpoint security).Additionally, Unisys offers professional services, managed security services, and Stealthacross this kill chain.Unisys is looking at bolstering its security capabilities around consulting and managedservices offerings in both cloud and application spaces, as well as its identity managementwork in the business process services (BPS) space.Unisys will continue to roll out the multi-tenant security monitoring offering that uses theLogRhythm platform as its base, to Europe, followed by Asia Pacific. The multi-tenantLogRhythm offering is targeted towards clients of smaller sizes which have smaller staticenvironments than its managed SIEM clients, which typically have larger complexenvironments. In the near future, Unisys will be expanding the LogRhythm offering to secureAWS and Azure clouds.OutlookIn its managed security services, Unisys has a strong IP led by its security intelligence(previously UNCAAP) and BeATo applications. Using this IP and its strong methodologies incybersecurity, Unisys has a measurable difference in the number of FTEs dedicated tosecurity, compared with competitors in the market.While Unisys' IPs allow for growth by reducing the dependence on FTE growth to support newclients, its declining cloud and IT infrastructure revenues could potentially limit the growth incybersecurity revenues in the coming years. To combat this and its dependence on a few largeclients, Unisys is making its managed security services more modular and, with theintroduction of the security monitoring and SOC-lite offerings, preconfigured so that it canmore easily target smaller engagements.In 2017, expect: Unisys to continue the rollout of its multi-tenant LogRhythm based offering, to Europeand Asia Pacific. Unisys will also be adding cloud security into the LogRhythm securityoffering, with AWS and Azure clouds secured The opening and scaling up of the Augusta, Georgia SOC in early 2017. This center willfocus on niche services and will house the Cyber Threat Intelligence team NelsonHall 20175Licensed for distributionApril 2017
NEAT Evaluation for Unisys: MSS Advancements to the MSS portal Unisys is currently undergoing an assessment to investigate expanding its endpointsecurity tool portfolio. NelsonHall 20176Licensed for distributionApril 2017
NEAT Evaluation for Unisys: MSSMSS: Market SummaryBuy-Side DynamicsKey challenges for organizations looking to outsource MSS are: Increasing cost of cybersecurity, while demonstrating ROI Access to cybersecurity skills and up-to-date information Ability to respond quickly to threats Ability to gain a holistic view of cybersecurity Strengthening social engineering around security Uneven workloads.Market Size & GrowthThe current global MSS market size is estimated by NelsonHall at 9bn and is on target toreach 17.6bn by 2021, a growth of 12.2% CAGR.Growth will be driven by: Regulatory pressure Responses to an increasing number and complexity of attacks The introduction of complementary services.North America accounts for 43% of the MSS market. Vendors with American ties are slow tomake progress in APAC. Vendors will continue to look for growth in APAC, firstly throughsupporting clients from Australia based SOCs, then with CoEs stationed in e.g. Singapore andHong Kong.Success FactorsCritical success factors for vendors within the MSS market are: Ability to develop a strong go-to-market that demonstrates vendor strengths incybersecurity research/delivery Ability to have a strong level of cybersecurity research that analyzes past events tostrengthen indicators of compromise and reduce the number of false positives andnegatives Ability to keep abreast of upcoming changes in cybersecurity regulations. High-levelvendors, working with the public sector, and industry alliances can influence theseregulations The development of strong cybersecurity talent and recruitment programs. Theseprograms partner with universities to hire graduates, and target white-hat hackers andpreviously untapped members of the talent pool, through diversification NelsonHall 20177Licensed for distributionApril 2017
NEAT Evaluation for Unisys: MSS The development of security operations centers in regions to support specific clients.Vendors have additional FTEs in countries outside of SOCs to support languages otherthan English Ability to demonstrate the ROI of cybersecurity services. Vendors run wargame scenariosand vulnerability assessments to demonstrate how a cyber-attack can affect a client’soperations For traditional ITS providers, the ability to involve cybersecurity teams for bid supporton ITS contracts The ability to rationalize the services from acquired parties. For example, the acquisitionof HPE ES by CSC (where HPE ES is the stronger party in terms of cybersecurity). Thecombined company, DXC Technology will benefit from the strong overlap incybersecurity tools used by both parties, whatever the overlap in cybersecurity centersand services that require rationalization.OutlookOver the next few years: Regulations will come into force, e.g. GDPR in 2018, which will affect organizations withEU operations. These regulations will inform the introduction of cyber regulations inemerging markets Security threats that risk corporate reputation and regulations will force cybersecurityto be a hygiene factor Vendors to continue to restructure and relaunch cybersecurity portfolios around cloudsecurity and to rationalize acquired offerings Vendors to focus branding of security offerings around securing clients’ reputation As more robust, automated security tools are developed, the requirement for vendorsto perform SIEM rule tuning reduces, allowing vendors and clients to focus on moreadvanced threats Vendors will embed true AI, machine learning, and automation into all theircybersecurity offerings to detect and respond to threats more quickly and accurately. Astandout example of this is IBM investing in integrating Watson for cybersecurity.Vendors unable to add AI will partner with the typical tool providers The lack of effectiveness of typical encryption will require advanced encryptiontechniques to be built into technologies such as blockchain In 2020, revenue from threat management services such as cyber resiliency services willovertake security management to be 24% of the managed security market. Vendors thathave partnered with cybersecurity insurers will see the most demand for cyber-resiliencyservices Technology supporting securing new developments such as IoT and full DNS recordscanning will require new approaches of collecting, analyzing, and storing security dataon a much larger scale. The use of quantum computing for security such as quantumcryptography should be assessed. NelsonHall 20178Licensed for distributionApril 2017
NEAT Evaluation for Unisys: MSSNEAT Evaluation for MSSNelsonHall’s (vendor) Evaluation & Assessment Tool (NEAT) is a method by which strategicsourcing managers can evaluate outsourcing vendors and is part of NelsonHall's Speed-toSource initiative. The NEAT tool sits at the front-end of the vendor screening process andconsists of a two-axis model: assessing vendors against their ‘ability to deliver immediatebenefit’ to buy-side organizations and their ‘ability to meet client future requirements’. Thelatter axis is a pragmatic assessment of the vendor's ability to take clients on an innovationjourney over the lifetime of their next contract.The ‘ability to deliver immediate benefit’ assessment is based on the criteria shown in Exhibit1, typically reflecting the current maturity of the vendor’s offerings, delivery capability,benefits achievement on behalf of clients, and customer presence.The ‘ability to meet client future requirements’ assessment is based on the criteria shown inExhibit 2, and provides a measure of the extent to which the supplier is well-positioned tosupport the customer journey over the life of a contract. This includes criteria such as thelevel of partnership established with clients, the mechanisms in place to drive innovation, thelevel of investment in the service, and the financial stability of the vendor.The vendors covered in NelsonHall NEAT projects are typically the leaders in their fields.However, within this context, the categorization of vendors within NelsonHall NEAT projectsis as follows: Leaders: vendors that exhibit both a high ability relative to their peers to deliverimmediate benefit and a high capability relative to their peers to meet client futurerequirements High Achievers: vendors that exhibit a high ability relative to their peers to deliverimmediate benefit but have scope to enhance their ability to meet client futurerequirements Innovators: vendors that exhibit a high capability relative to their peers to meet clientfuture requirements but have scope to enhance their ability to deliver immediate benefit Major Players: other significant vendors for this service type.The scoring of the vendors is based on a combination of analyst assessment, principallyaround measurements of the ability to deliver immediate benefit; and feedback frominterviewing of vendor clients, principally in support of measurements of levels of partnershipand ability to meet future client requirements. NelsonHall 20179Licensed for distributionApril 2017
NEAT Evaluation for Unisys: MSSExhibit 1‘Ability to deliver immediate benefit’: Assessment criteriaAssessment CategoryOfferingsDeliveryPresenceBenefits Achieved NelsonHall 2017Assessment CriteriaSIEMApplication securityEndpoint securityIAMThreat database maturityPenetration testingAbility to offer security as part of a larger ITS contractInsider protectionIoT security servicesLevel of automationDashboard or portal offeredAbility of offer dedicated deliveryDelivery in support of U.S.Delivery in support of U.K.Delivery in support of Rest of EMEADelivery in support of APACDelivery in support of LATAMOffshore focus for shared service MSSOnshore focus for shared service MSSOnsite support of MSSLanguage supportScale of FTE supportSecurity IPSingle touch pointFinancial services security presenceGovernment security presenceManufacturing security presenceRetail security presenceEnergy & utilities security presenceDetection and response timeCost reductionThreat avoidanceImproved visibility through dashboard or portal10Licensed for distributionApril 2017
NEAT Evaluation for Unisys: MSSExhibit 2‘Ability to meet client future requirements’: Assessment criteriaAssessment CategoryAssessment CriteriaInvestment in CybersecurityArea of investment in centers: onshoreArea of investment in centers: offshoreInvestment into security dashboardsInvestment in automationInvestment in threat databaseInvestment into advanced cybersecurity servicesInvestment into IoT securityInvestment into insider protection and physical securityInvestment into network securityInvestment into application securityCommitment to MSSIndustry specific security researchSecurity FTE growthFinancial ratingLikelihood to partner for security servicesFor more information on other NelsonHall NEAT evaluations, please contact the NelsonHallrelationship manager listed below.Sales EnquiriesNelsonHall will be pleased to discuss how we can bring benefit to your organization. You can contactus via the following relationship manager:research.nelson-hall.comSimon Rodd at simon.rodd@nelson-hall.comImportant NoticeCopyright 2017 by NelsonHall. All rights reserved. No part of the publication may be reproduced or distributed in any form, or by any means, orstored in a database or retrieval system, without the prior written permission of the publisher. The information provided in this report shall beused only by the employees of and within the current corporate structure of NelsonHall’s clients, and will not be disclosed to any other organizationor person including parent, subsidiary, or affiliated organization without prior written consent of NelsonHall. NelsonHall exercises its best effortsin preparation of the information provided in this report and believes the information contained herein to be accurate. However, NelsonHall shallhave no liability for any loss or expense that may result from incompleteness or inaccuracy of the information provided. NelsonHall 201711Licensed for distributionApril 2017
This report presents Unisys with the 2017 NelsonHall NEAT vendor evaluation for Managed Security Services (MSS) for the Overall market segment. It contains the NEAT graph of vendor performance, a summary vendor analysis of Unisys in MSS, and the latest market analysis summary for MSS. An explanation of the NEAT methodology is included at the end
