IDC Technology Spotlight: Threat Visibility and Management Are Critical in Managed Security Services

A look at the threat management landscape and how Comcast Business is helping address the security needs for companies of all sizes.

October 05, 2020
CCB_CommunityHero_09302020_IDC_Whitepaper

Sponsored by Comcast Business

Written by Christina Richmond, Program Vice President, Security Services, and Martha Vazquez, Senior Research Analyst, Security Services

Introduction

As cyberattackers become better, faster, and increasingly sophisticated in their efforts to trespass on organizations' infrastructure, security teams — both big and small — are forced to upgrade their ability to detect and respond to intrusions. These professionals face a growing number of security alerts leading them down rabbit holes that may or may not reveal a true threat. Managed security service providers (SPs) offer threat visibility across aggregated and anonymized customer data. Providers such as Comcast Business can offer security monitoring and threat detection across network traffic.

As the digital transformation and cloud adoption waves perpetuate, we stand at an inflection point in security technology advancements. Many, but not all, organizations are moving to a software-defined and/or cloud-based architecture. Companies with a hybrid IT architecture seek legacy on-premises security appliances and software-based security within the network. Virtual service-chained security offers increased speed, agility, and modern security. Buyers that are brand loyal to their network providers naturally turn to these providers for help in seeing real threats, combatting verified adversaries, and responding to the serious incidents that inevitably arise.

Understanding Virtual Network Security and Security as a Service in Relationship to Managed Security Services

For several years now, carriers and internet SPs have been building out network function virtualization (NFV) where network components run in software on top of ordinary hardware to prevent vendor lock-in, including but not limited to security technology. Virtual network functions, or VNFs, and security as a purpose-built function, reside within this new architecture. Today, there are more than a dozen security features such as firewalls, web application firewalls, web filtering, network access controls, virus scanning, intrusion prevention systems and intrusion detection systems (IPS and IDS), distributed denial-of-service (DDoS) mitigation, and data loss prevention (DLP). These tools are more easily knitted together and tailored to customer needs in near real time. Another term to keep in mind regarding NFV and VNF is uCPE, which is universal customer premises equipment (CPE) often used along with virtualized security offerings.

As-a-service security is related to VNFs in ease of use and near-real-time configuration. Unified threat management (UTM) and next-generation firewalls (NGFWs) — often used interchangeably — are offered as a service and delivered in a cost-effective and scalable manner.

Secure web gateways (SWGs) apply and enforce corporate user security policies, block access to malicious websites, and help protect data from unauthorized access. Users connect to a website via a SWG tool, which offers web visibility, and performs URL filtering, web visibility, malicious content inspection, web access controls, and other security measures.

Benefits of Managed Security Services

The rising tide of known and unknown threats and the rapid migration to cloud-based architectures create complexity that point solutions no longer solve. Adversaries boast complex and persistent attacks that companies of all sizes struggle to identify. Small and midsize companies are breached more often than larger firms (see Figure 1), and sadly, not all will survive an attack. Whether or not the enterprise has the resources to staff a security operations center (SOC), it often still requires deeper threat context and visibility than an on-premises SOC can offer.

FIGURE 1: Number of Breaches by Company Size

Smaller organizations are breached more frequently than larger companies.

Q. How many security breaches/incidents has your entire company experienced in the past 12–24 months?

IDC_ManagedSecurityServices_img1

n = 370
Base = Respondents who experienced a security breach in the past 12–24 months
Source: IDC's Managed Security Services/Managed Detection and Response Survey, May 2020


Working with a service provider that has a broad purview of the threat landscape can reduce a threat before it even reaches the organization's systems. In fact, 57% of respondents in a recent IDC survey on managed security services claimed that the top reason for engaging with managed security SPs is to protect against advanced security threats (see Figure 2). Managed security SPs that offer flexible delivery models across on-premises, hosted, and cloud environments provide even broader threat visibility for proactive detection of and response to malicious activities.

FIGURE 2: Threat Visibility Is Key in Managed Security Services

Targeted threats against organizations drive the need for services that protect and defend.

Q. What are the top reasons for using a managed security services provider?

IDC_ManagedSecurityServices_img2

n = 402
Source: IDC's Managed Security Services Survey, November 2019


Key Trends

Managed security services is the fastest-growing segment of security services, with a growth rate of 14% over a five-year period and $28 billion expected in worldwide revenue in 2020 alone. And it's no wonder. Security is complicated, and legacy security architectures tend to sprawl, including tens — if not hundreds — of security vendor products in the larger environments. In addition, many organizational technology stacks now exist both in on-premises datacenters and in datacenters hosted by cloud providers, carriers, and internet SPs, creating a challenging hybrid landscape to secure. Moreover, COVID-19 has introduced new budgetary and staffing constraints while accelerating digital transformation efforts, especially migration to cloud architectures. Further complicating matters, security has always been challenging to small and midsize firms, which have been hit the hardest in the current economic environment.

Buyers choose to outsource their day-to-day security management and monitoring to providers for many reasons, but IDC survey research shows a need to protect against advanced threats and a desire for 24 x 7 support. Organizations seek to engage internet SPs for security often because of an existing relationship and because security offerings are adjacent to the breadth of network security already embedded within the internet SP.

Smaller and midsize organizations (up to 5,000 employees) seek monitoring services, highly responsive staff, and consistent awareness of security threats. Enterprise companies (5,000 employees and more) add in the requirement for a one-stop shop as well as a range of security capabilities (see Table 1).

TABLE 1: Most Important Managed Security Capabilities by Company Size

Q. When selecting a third-party security service provider for managed and/or consulting services, please rate each item in terms of importance to your organization.

IDC_ManagedSecurityServices_img3

n =402
Source: IDC's Managed Security Services Survey, November 2019


As we continue in the post-COVID-19 world, we will see an increasing number of small and midsize companies seeking assistance with security as they struggle to run the day-to-day operations of their business. Larger enterprises already on the journey to redefine their digital business will realign resources from some or all of their security operations to enhance the customer experience and offer digitized products and services. Small, midsize, and enterprise customer segments will find reasons to seek a security provider such as Comcast Business as the internet SP builds out its security service offerings.

Considering Comcast Business

Comcast Business is an internet SP that offers cybersecurity services to help defend multiple customer environments against fast-changing and malicious attacks with a portfolio of security options delivered via on-premises devices, software-defined functions, and cloud-hosted solutions across multiple vendor relationships.

The philosophy of Comcast Business in building out its security services has been to harness its vast expertise in threat mitigation and package it for customers. The company's strategy is to support small, midsize, and enterprise clients with a variety of security solutions and a cadre of partners.

The flavor of security services that customers desire tends to run parallel to company size and can be generalized as:

  • "Do it for me" — Small
  • "Do it with me" — Midsize
  • "Help me do it better myself" — Enterprise

Comcast Business has designed offerings for organizations of all sizes, whether they aim to perform security operations on their own with a bit of assistance (as in the enterprise segment) or need a service provider to do it for them or with them (as in the small and midsize segments).

Comcast Business Security Portfolio

Comcast Business has built and continues to expand flexible security offerings that range from plug-and-play solutions to a set of Comcast managed services either on-premises, hosted, by the internet SP or in the cloud. Comcast Business solutions are designed to target business segments from small business to the Fortune 1500 with Comcast Business SecurityEdge.

Comcast Business SecurityEdge is a cloud-based cybersecurity solution that updates small and medium-sized business (SMB) protection against security breaches by helping block connected devices of employees and guests from accessing malicious websites and infected links. Offered alongside Comcast Business Internet, it is deployed without the need for additional hardware.

For midmarket and enterprise customers, Comcast Business extends its cybersecurity portfolio to include DDoS mitigation service. DDoS mitigation is offered in tandem with Comcast Business Ethernet Dedicated Internet to help stop the flood of unwanted traffic to a company's network. In order to provide clean traffic, Comcast detects malicious activity within Layers 3, 4 and 7 which it can then drop, rate limit or divert (in the case of layer 7) to scrubbing centers deployed nationwide.

For more advanced security needs, business customers can deploy managed security solutions via:

  1. On-premises managed security leveraging partnerships with key cybersecurity providers. Comcast provides flexibility and choice for the end customer with offerings that range from a premises-based managed firewall to a comprehensive unified threat management solution.
  2. A hosted secure web gateway. This gateway is designed with geographic redundancy to provide customers with advanced security features such as firewalls, web filtering, IDS/IPS, antivirus and antispam tools, alerts, and monitoring.
  3. Virtual UTM (vUTM), an on-premises uCPE/VNF-based UTM service for security, in partnership with Versa. This solution is embedded through the operating system and includes full management from Comcast Business. Features include network firewall, IP¬¬, port/protocol blocking and filtering, NGFW, SWG, web filtering, email, log and incident reporting, IPS/IDS, TLS decryption, network access controls, antivirus and antimalware too and DoS/DDoS prevention capabilities.
  4. UTM. Unified threat management (UTM) is a scalable cloud-based set of security services. Features include an NGFW or an application-aware firewall, SWG, email security, log visibility, access to the dashboard and reporting, IPS/IDS, antivirus and antimalware tools, malware sandboxing, DoS and DDoS prevention capabilities, and DLP.

In addition, Comcast Business offers remote access solutions through a variety of partnerships for mobile and at-home workers.

Comcast Business' dedication to cybersecurity services over the past several years is evident in the offerings outlined in this paper. The company's existing partnerships with vendors allow the internet SP to broaden its portfolio to include VNFs. The desire to be flexible across customer segments and to simplify security uniquely for each segment is a differentiator for the company.

Challenges

The managed security services market is growing rapidly but is also overly populated with providers. For their part, providers seek to gain dominance by offering advanced capabilities, which can strain research and development teams as well as security operations personnel.

Comcast Business can overcome these challenges by offering the toolsets outlined in this paper because the company is answering a critical call from its existing embedded customers. Comcast provides a unique platform for managed security on which it builds trust with existing customers.

Conclusion

Threat visibility is a key challenge for all organizations; detecting threats is increasingly difficult in modern and emergent architectures. Small, midsize, and large enterprises can benefit from outsourcing protection but also must seek threat monitoring and management to gain better visibility across the security stack. Comcast Business offers modern security capabilities with leading providers in a flexible suite of offerings across all modern delivery platforms and has inherent visibility into petabytes of its network data. Buyers working with an established internet SP or network provider seek security assistance to find, mitigate, and thwart adversaries before a serious incident occurs.

The managed security services market will continue its rapid growth, and IDC believes that Comcast Business will position itself as a strong contender if it continues to innovate and deliver with leading partners. It will be imperative that Comcast Business look far enough ahead and continue to seek a range of pathways for its security offerings.


The content in this paper was adapted from existing IDC research published on www.idc.com.

This publication was produced by IDC Custom Solutions. The opinion, analysis, and research results presented herein are drawn from more detailed research and analysis independently conducted and published by IDC, unless specific vendor sponsorship is noted. IDC Custom Solutions makes IDC content available in a wide range of formats for distribution by various companies. A license to distribute IDC content does not imply endorsement of or opinion about the licensee.

Copyright Notice

External Publication of IDC Information and Data — Any IDC information that is to be used in advertising, press releases, or promotional materials requires prior written approval from the appropriate IDC Vice President or Country Manager. A draft of the proposed document should accompany any such request. IDC reserves the right to deny approval of external usage for any reason.

Copyright 2020 IDC. Reproduction without written permission is completely forbidden.

As cyberattackers become better, faster, and increasingly sophisticated in their efforts to trespass on organizations' infrastructure, security teams — both big and small — are forced to upgrade their ability to detect and respond to intrusions.

This article is available exclusively to
Comcast Business Community Members.

Join the Comcast Business Community to read this article
and get access to all the resources and features on the site.

It's free to sign up

Sign Up

to get our newsletter

network-security

Help your business Bounce Forward™

Take on whatever’s next with technology solutions and services to help you Bounce Forward.

to get our newsletter