IDC Opinion

The Canadian security services market continues to evolve rapidly. As technological disruption leads to rapid digitalization of the Canadian economy, organizations are having to reimagine the architecture of the enterprise, and global disruptive events such as the COVID-19 pandemic are accelerating this process. Canadian organizations are no longer looking just for security products and policy management or regulatory compliance management services from external security services providers. Though these are still very important security functions, organizations today are seeking support from their security services providers (SPs) to deliver 24 x 7 security monitoring, improve detections for new and advanced threats, improve response times, and help them with the recovery process. In addition, organizations need support to understand and manage security risk, develop a long-term security program, and elevate their security maturity to secure their digital transformation.

As organizations incorporate intelligence and telemetry data from multiple sources such as multicloud, edge, endpoints, network, and OT/IoT for threat detection, they often face challenges of alert overload and false positives. The prevalent shortage of cybersecurity experts in Canada and globally makes it difficult for organizations to make sense of so much data and has motivated security services providers to invest more in the areas of machine learning/artificial intelligence (ML/AI), security orchestration, automation, and analytics. It has enabled security services providers to offer scalable security services that can be aligned to the unique needs of Canadian organizations of all sizes and industry verticals.

IDC believes that the following areas will drive the Canadian security services market forward while providing vendors with the opportunity to differentiate their offerings:

• One-stop shop — the breadth and scope of professional security services as well as managed security services (MSS) including advanced services such as managed detection and response (MDR) that will continue to grow among providers
• The use of advanced and emerging technologies that will provide greater visibility against sophisticated threats and provide enhanced use of automated processes
• The ability to deliver higher level of orchestration, automation, and openness in the core platform
• Cloud monitoring, visibility, and management capabilities that seamlessly enable multiple cloud implementations
• Flexible deployment models that match the customer’s preferences for adopting and consuming services
• Customer portal enhancements such as a mobile app and reporting templates to present to C-suite and board executives
• Hiring and retaining of top-notch security talent

Tech Buyer Advice

Assessing the current capabilities and strategic alignment of a security service provider against your IT and business needs can be a lengthy process. It’s important to fully understand the security requirement of your organization before selecting a provider. IDC recommends referencing common cybersecurity frameworks such as those provided by NIST, ISO 27001/27002, and CIS to ensure you have properly classified all assets on your network. Visibility into your network will aid in selecting the proper services from the right provider. 

IDC has rated several essential criteria that firms should consider when comparing one provider with the others. Key areas to consider during your selection process are:

• The breadth of the MSS portfolio. There is a broad spectrum of providers offering standardized services to heavily customized managed security services. Therefore, it is important for an organization to map various types of offerings to its IT requirements. The buyer in this market could be looking for traditional security controls such as firewalls, intrusion detection system (IDS)/IPS, security information and event management (SIEM), vulnerability scanning, and secure messaging. All providers in this document provide these capabilities, but these offerings have also expanded to include advanced services such as identity and access management (IAM), threat intelligence, web application scanning, managed detection and response, managed SOC, and vulnerability management/risk monitoring. MSS providers have also started to offer complementary services such as incident response (IR), forensics, and other digital consulting capabilities.
• Digital consulting capabilities. A sound security program needs a comprehensive approach, which includes evaluating the people, processes, and technologies involved. Vendors listed in this document can assist technology buyers to understand the current security maturity, gaps, and future requirements. Breadth of professional services includes security strategy and planning, training, compliance and auditing, security policy assessment and development, penetration and vulnerability tests, network architecture assessment, breach or incident response, and forensics.
• Use of security intelligence and machine learning. Threat intelligence and machine learning models are being used to complement or replace traditional SIEM solutions. Buyers need to be aware whether the security services provider that they are considering has a road map to deliver these advanced capabilities.
• Platform that provides visibility across endpoints, network, and cloud. A security partner should be able to demonstrate innovation capabilities in its core platform as well as its use of emerging technologies. A true value to the organization is the ability to choose a vendor that can provide complete visibility of a detection and response management life cycle.
• Integrations of orchestration and automation processes. Service providers are focusing more on orchestration and automation tools and integrating these technologies into their core delivery platforms. Along with advanced ML and AI, technologies such as orchestration and automation are assisting service providers to enhance SOC efficiency and help analysts prioritize, analyze, and respond to threats faster.
• Threat intelligence, threat hunting, and other advanced capabilities. Service providers are going beyond the normal abilities and deepening into areas such as threat intelligence. Threat intelligence has become an important component of advanced services such as MDR and is being integrated into MSS and MDR offerings. Some service providers are also providing regular usage of human-led or automated threat hunting from the integrated threat intelligence feeds and creating processes and playbooks from its discoveries.
• Cloud security strategy. One of the areas that continues to be developed and enhanced is cloud security. The ability of a provider to deliver flexible cloud models across multiclouds and work in environments for cloud services providers such as Amazon Web Services (AWS), Microsoft, and Google is important based on the organization’s needs. It is important to evaluate a service provider that will assist and provide recommendations for the organization moving to and utilizing these diverse IT environments.
• Evaluate customer portals. Customer portals provide a convenient, web-based view of all security-related activities. Portals have evolved to become more than a simple reporting tool and popular offerings include interactive visuals, user-defined dashboards, audit report generation, and health reporting capabilities.
• Security expertise and support. The tenure of the cybersecurity team and available skill sets is increasingly becoming a differentiator, and talent retention and training are critical to be a reliable security provider. Buyers must select a provider that will act as a trusted partner and as an extension to the IT team. Knowing that the provider understands the organization’s IT environment and challenges will simplify the ability to continue to make recommendations and tweaks and provide ongoing guidance along their security journey.

Methodology