Managed Security Services


THE Bottom Line

Linx has undertaken multiple Competitive Intelligence (CI) projects in the Managed Security Services (MSS) space. We have extensively interviewed key security vendors as well as Communications Service Providers (CSPs) who use and resell the security products of these vendors as services to their enterprise customers.


We have specific project experience in carrier MSS integration vs. outsourcing business models; white label MSS solutions deployed by carriers, particularly in the area of cloud services, security management services and security analytics; CSPs requirements for “a la carte” or point-specific best of breed technology solutions rather than a best of suite solution; pricing structures for MSS vendors; and CSP adoption of MSS solutions within the context of network function virtualization.


Our Methodology
For all of our projects, Linx relies on in-depth, double-blinded interviews with key executives at leading and niche players in the industry including vendors, service providers, customers and systems integrators / channel partners. Every study we complete is based on specific and detailed interview protocols established together with our clients that drive toward producing actionable intelligence. 

What does our research show?

MSS Delivery Approaches

Based on interviews with leading global CSPs, our competitive intelligence shows that in general, CSPs prefer the integration approach over the outsource approach to delivering their MSS solutions. What this means is that they would prefer to work with partners and have control over the process of selecting specific technologies and integrating it into their own MSS service, as opposed to outsourcing the whole operation.


Our CSP interviewees cited various reasons for this: they do not want to lose operational control, they find it difficult to select a partner they trust enough to actually outsource to, and they feel that they would not be able to leverage on their branding and in-house resource potential with the outsourcing approach. From the following examples, we see that the outsourced model is largely perceived as unfavourable by CSPs


  • Our interviewee, an ex-Director, Global Security Operations Center at CSP X, stated that as the head of the MSS division at CSP X, he would have to deal with two road maps if he decided to go the outsourcing route, which would require an excessive and unnecessary effort from his part and a loss of essential control over what he is able to offer his enterprise customers.

  • A former Senior Member, Technical Staff at CSP Y's Security Operations Center, on the other hand, said that as a Tier 1 CSP, going to a completely outsourced third party model would not be financially feasible for his company, because CSP Y have already invested considerably into establishing their MSS business for enterprise customers.

  • Our interviewee, an ex-Vice President and Chief Security Officer at CSP Z somewhat echoed this sentiment in the context of skillsets and human resources: our interviewee stated that being part of a company with 45,000 employees across the globe meant that CSP Z has a large pool of tier 1 and tier 2 level talent with thousands of people with the required technical skills to pick from.



MSS White Labeling

Our interviews with CSPs show that service providers are in general open to using white label solutions, particularly in the area of cloud services, security management services and security analytics. Over 85% of CSPs we have interviewed in our intelligence work have either used white label solutions or were open to using white label solutions. The other 15% of CSPs mention that their companies would not use white label MSS solutions due to their unwillingness to compromise on their brand awareness for their MSS portfolio among their enterprise customers.


Our interviewee, a former Chief Security Officer from CSP A explained why CSP A would not take this approach - a lot of their customers want to understand the branding behind the hardware solutions they have, and brand names such as Palo Alto, Tipping Point or Juniper are important to them. However, from the following examples, we see that the white label model is largely perceived as favourable by CSPs


  • Our interviewee, a former Senior Member of the Security Staff at CSP B's SOC pointed out that there were several vendors who offer CSP B several white label security solutions for its web applications. CSP B comes upon a lot of customers who use a heavy volume of web applications, social media, etc.. With the increased risk that these offerings bring, CSP B plans to strategically improve partnerships with web app security vendors on a white label basis.

  • Our interviewee from CSP D, a former Director of CSP D's Global SOCs said that the three key security areas for white label products in today’s market are big data, security management services and analytics.

  • Our interviewee from CSP E, a former Head of Security Engineering (part of this CSP's EMEA operations) stated that white label vendors are increasingly pushing CSP-focused solutions for enterprise MSS offerings in the area of cloud-based security and next generation firewalls.


Vendor Selection Crieteria

Based on our interviews with ex- executives at leading vendors in the MSS space, we can say that vendors that have a strong systems integration and services offering in the MSS space find it easier to sell into the CSP market. Also, based on our interviews with CSPs, we see that there is a shift to a more “a la carte” model for MSS services, where vendors are required to provide point-specific best of breed technology solutions rather than a best of suite solution, at least in context of large enterprises. SMBs and SOHO customers still prefer end-to-end MSS suites.


From our interview with a former Head of Sales Engagement at Vendor X, for instance, we gather that their SI capabilities are an advantage as they can leverage on their existing service capabilities. They can cross-train people and can do a number of things to be ready with a SOC and hit the ground running. According to this Vendor X interviewee, it doesn’t matter what product a vendor is offering, because there are so many quality products, that SIs like Vendor X don’t need to have in-house products.


We think that this service/integration-focussed approach is causing a shift to a more a la carte model for MSS services, at least in context of large enterprises where vendors and systems integrators are required to provide best of breed solutions, regardless of which vendor it comes from. For instance, our interviewee from CSP F (a former Chief Security Officer) provided an overview of his perception of this trend as follows:

  • In the past 5 years, MSS has gradually moved to more of an a la carte approach, as opposed to 5 years ago when vendors would sell just a firewall only service, or only sell IP authentication services. This means that enterprises are beginning to prefer an MSSP that can be more of a transformational strategy partner and can conduct the execution of a mix-and-match of various a la carte technologies for large enterprises. Here, CSPs get to provide many services that they can make a good margin on.


MSS for NFV not a Priority

An interesting common thread depicted by some of our interviewees is that CSPs do not have a high level of urgency when it comes to adapting/targeting MSS portfolios for NFV and virtualized environments. While they are strategically making advancements here, the CSPs we spoke to did not expect market demand for “NFV-specific” security solutions to scale up as yet. Hence, most CSPs we interviewed are putting their development efforts into strengthening their cloud security and big data analytics portfolios.


Our competitive intelligence shows that service providers display common trends when it comes to developing advanced security solutions and virtualization :


  1. CSP G – Their primary focus is to grow their MSS applications portfolio in a way that matches up to advanced security services 2.0 in order to meet the needs of cloud and big data and automated technologies. CSP G is starting to migrate its security solutions more towards behavioural based threat intelligence and heuristic event correlation rather than existing signature-based threat intelligence. Our interviewee mentioned that big data analytics are a key part of the supply dynamics that he has seen.

  2. CSP H: The first priority for CSP H, according to our interviewee, is to try to get out of the CPE business and get into the Virtualized business. Our CSP H interviewee explained that some of the large enterprise deals that CSP H has won have been based on the way CSP H has made margins. With the expense of having devices on the customer premises, especially when it comes to being responsible for installing, repairing, etc. - to be able to move out of the CPE business and move into the provider edge or provider data centre means much larger margins. That is something CSP H has been doing aggressively for 5+ years

  3. CSP I: According to the interviewee, generally speaking, the whole telecom market is heavily investing in virtualizing the IT infrastructure, and CSP I is no different from anyone else – they are prioritizing virtualizing security infrastructure to a degree, where it’s applicable. However, their focus here is mainly in the area of internal capabilities for internal use only, where they would first virtualize their IT infrastructure for their own use rather than for anyone else (i.e., their enterprise customers), and in conjunction with that, they use partners who happen to use security features for virtualized environments, but CSP I doesn’t take them to the market.


Pricing Models and Deal Sizes

Our analysis from various interviews shows that the CSP pricing structure has the following features:

Pricing Model:

Typically, the pricing is based on a per user per month basis. This is the most common pricing model and that goes hand in hand with the current pricing model for other products that the CSPs have been offered so that it is easier for them to augment it with their existing customers.


Bundles can range between a $1 - $2 per user to $10 - $15 dollars per user.


Per user pricing is rarely larger than $15 per user. However, this largely depends on the components that are bundled into the service.


Deal Sizes:

  • The average deal size for large businesses ranges between $5 - $10 million.

  • The average deal size for SMB and SOHO businesses ranges between $100,000 - $500,000.


How can Linx help?
Invest 30 minutes of your time with us on a complimentary webinar where we can determine together if our unique approach to actionable intelligence can have an impact on your organization. For a no obligation webinar appointment, e-mail us at:

For a more detailed look at our competitive intelligence, request a
confidential one-on-one webinar with our analyst team: