BAE Systems' SilverSky Deal Illustrates Security Services Demand

Customer demand for managed and professional security consulting services is increasing rapidly and technology vendors and large systems integrators are attempting to seize the opportunity by adding staff and, in some cases, acquiring established regional providers.

British defense industry giant BAE Systems said earlier this month it is acquiring SilverSky to integrate its cloud-based email and managed security services into its portfolio. Milford, Conn.-based SilverSky will be part of BAE Systems’ Applied Intelligence Division.

SilverSky said the deal allows it to expand its cloud-managed security and application services and focus on product innovation beyond email security and threat protection. The company said it has more than 5,500 customers.

[Related: Intel Exec Tells Partners Missed Security Services Opportunity 'Criminal']

Sponsored post

Vendors are increasingly combining security technologies and managed service capabilities to tap into the additional revenue opportunity, said Edward Ferrara, principal analyst at Forrester Research.

Acquisition activity has been steady, Ferrara said, citing FireEye’s $1 billion acquisition of incident response and digital forensics firm Mandiant and Hewlett-Packard’s $1.5 billion acquisition of security information event management vendor Arcsight in 2010, which had a professional services component.

’It’s a bit of a gold rush going on right now,’ Ferrara said. ’The security market is expanding and more and more players see an opportunity here.’

Regional managed services and security services vendors are potential acquisition targets.

Tokyo-based Nippon Telegraph and Telephone (NTT) has been steadily building out its services in the U.S. The company acquired Omaha, Neb.-based MSSP Solutionary last year. Deloitte added monitoring and threat intelligence to its consulting services through its acquisition of Vigilant last year.

IBM executives told CRN that the company is building out its managed services with an eye towards a variety of security services and may be looking to acquire strong security services providers. The company works closely with AT&T. Verizon is also expanding their incident response and managed security services for threat detection intelligence.

Part of what is prompting significant services growth is that the market for cybersecurity vendors has increased rapidly with point products in networking, analytics, threat intelligence and endpoint software, Ferrara said. The products are designed to detect advanced malware and identify and block targeted attacks, but most organizations don’t have the skilled staff to oversee a successful deployment and properly manage them to get the greatest benefit, Ferrara said

’There are too many point solutions out there or there isn't enough people who can implement and make this stuff work,’ Ferrara said. ’What is needed is a broader portfolio that includes both product and services.’

NEXT: Important Considerations

Organizations want the new advanced threat detection capabilities and they want it to integrate, but they far too often don’t consider the ongoing management and incident response capabilities associated with them, said Dewayne Adams, chief technology officer at Frederick, Md.-based solution provider and security consultancy, Patriot Technologies.

The company, Adams said, recognized the need to add vulnerability and risk assessments, staff augmentation and continuous security monitoring to its hardware and software and manufacturing and logistics services.

’The demand has been growing and growing over time and it is seen as a way to establish a trusted and lasting relationship to our clients,’ Adams said.

Despite the expansion of large systems integrators that provide security services, smaller regional solution providers that establish strong security practices are in place to capture opportunity from small and midsize businesses, Ferrara said. SMBs don’t have a big IT staff, often don’t want to add security personnel and are not interested in working with a big global provider, making a quality regional services provider a good option.

’It’s a big underserved market,’ he said. ’Midsize companies are in some cases more at risk than larger organizations that you read about in the paper.’

Larger organizations need assistance too, said Jamie Murdock, chief information security officer at Hudson, Ohio-based managed security services provider Binary Defense Systems. Murdock and his team are adding penetration testing vulnerability analysis, digital forensics and incident response to the company's list of security services. Binary Defense Systems, which launched this summer, is counting on its ethical hacking practice as a differentiator that will establish a strong customer base, Murdock said.

’Support is needed at every level,’ Murdock said. ’Environments have become more complex and organizations are struggling to keep up with the pace of change and the increasing sophistication of the attacks.’