Software Security Services of Third Party Vendors

Part
01
of four
Part
01

CISOaaS - Companies Serving Small-to medium Sized Businesses

By revenue, the top six companies in the US that provide CISO as a service to small- to medium-sized businesses are Verizon, Cisco, Deloitte, Rapid7, CoalFire, and Avalon Cyber.

Verizon

Cisco

Deloitte

Rapid7

CoalFire

Avalon Cyber

Research Strategy

To determine six top companies in the US that provide CISO as a service or vCISO to small- to medium-sized businesses, we started our research by looking into market reports on security advisory services. We found a precompiled list on the top companies in this industry provided by Markets and Research. However, since this is a paid report, the report overview did not mention how the rank was determined. We used this list as a starting point and focused on US companies. We also removed companies that have been mentioned in the previous research. After which, we looked into the remaining companies individually if they provide CISO as a service, vCISO, or security advisory to small and medium businesses and only included the top six that meet the mentioned criteria. Lastly, we ranked them according to their overall revenue since revenue generated by providing CISO as a service or cyber security advisory is not available.
Part
02
of four
Part
02

CISOaaS Companies Serving Small-to medium Sized Businesses: Analysis (1)

IBM's CISOaaS products and services are IBM Critical Data Protection Program, IBM X-Force Incident Response and Intelligence Services, IBM Promontory, IBM Data Protection Services, and IBM Managed Security Services. DXC Technology offers three CISOaaS services: Risk and Compliance Management, Data Protection and Privacy Services, and Intelligent Security Operations.

IBM

  • IBM is a global company that provides "application, technology consulting and support, process design and operations, cloud, digital workplace, and network services, as well as business resiliency, strategy, and design solutions."
  • It is the largest employer in technology in consulting, globally.
  • It was founded in 1911 and it is headquartered in New York City, in the United States.
  • IBM Security, through which CISOaaS is offered, is one of the company's main brands, along with IBM Cloud, IBM Watson, IBM Services, IBM Research, and IBM IT Infrastructure.

Number of Employees

  • At the end of 2018, IBM had 350,600 employees across its wholly-owned subsidiaries.
  • Additionally, there are 9,400 employees in its less-than-wholly owned subsidiaries and 21,000 of the complementary workforce.
  • It is estimated that this year, the number of employees in IBM's wholly-owned subsidiaries was reduced to 340,000. The company plans further layoffs as a part of its digital transformation.

Products and Services

  • IBM Critical Data Protection Program involves discovering, classifying, protecting, and monitoring data. It also includes establishing a data protection strategy.
  • IBM X-Force Incident Response and Intelligence Services. They provide a subscription service with constant access to top-notch consultants, a possibility to go through simulated cyber attacks, and deal with real attacks with a dedicated solution.
  • IBM Promontory offers expertise and tools to come up with strategies for data protection, minimizing the risk of financial fraud, and fit specific regulatory environments. It also assists in implementing those strategies.
  • For IBM Data Protection Services, the company uses the Total Privacy Management Framework to establish the privacy office, come up with data protection strategies, and handle all data privacy-related issues.
  • IBM Managed Security Services provides non-stop assistance with identifying threats, monitoring, and meeting regulatory requirements.

Competitive Advantage

  • IBM has a competitive advantage because it owns industry-leading security solutions, such as IBM QRadar and IBM Resilient.
  • Its security products and services have been named top in Gartner Magic Quadrant for ten years in a row.
  • The company also got recognized for its security services at SC Awards Europe.
  • IBM is one of the world's most recognizable brands, which also gives it an edge over other CISOaaS providers.

Pricing for CISOaaS

  • IBM does not disclose the pricing of its CISOaaS services. It only mentions their cost efficiency.
  • For example, it claims that IBM Managed Security Services allow to "save up to 55% on information security management."

DXC Technology

  • DXC Technology is a global company that helps its clients modernize IT and data architectures, organize operations in the cloud, and secure their data.
  • It has 6,000 private and public customers in 70 countries.
  • DXC Technology was founded in 2017 from "the spin-off of Hewlett Packard Enterprise's Enterprise Service segment and its merger with Computer Sciences Corporation (CSC)." It is headquartered in Tysons Corner, Virginia, United States.
  • Its network of 200+ partners includes 15 strategic partners, which are Amazon Web Services, AT&T, Dell Technologies, Google Cloud, HCL, HP, HPE, IBM, Micro Focus, Microsoft, Oracle, PwC, SAP, ServiceNow, and VMware.

Number of Employees

  • As of September 2019, the total number of DXC Technology employees was 128,727, out of which 24,304 were in the United States.

Products and Services

  • Through its Risk and Compliance Management advisory and management services, DMX offers "full strategic management of security risk and compliance." It helps identify the risks, come up with strategies that align with company-wide goals, manage their implementation and monitor the results.
  • DXC Data Protection and Privacy Services provide highly-skilled security experts, who help develop data protection strategy, build appropriate solutions, and maintain their efficiency. They offer services of varying sizes, ranging from one-time projects to enterprise-wide deployments.
  • Through DXC Intelligent Security Operations, the company provides complex management and advisory services, solutions to detect and monitor threats, ethical hacking to identify vulnerabilities, and a security platform.

Competitive Advantage

  • The company claims that it offers the most complex solutions in the security consulting market, assisting companies in each aspect of security and compliance.
  • It has a network of trusted security vendor partners, which are assessed and selected according to the highest standards.
  • It provides more than 3500 security experts with different deep specializations. Each of them has 5-10 of experience in security at the highest level.

Pricing for CISOaaS

  • Pricing is not available on the website or in other sources. For more information, it is necessary to contact the company.


Research Strategy

Both IBM and DXC Technology only provide the pricing of its products upon contacting the company. We considered it the most probable and credible source of such information. We started looking for the information by analyzing relevant parts of their respective websites, including the pages for specific products and product brochures. However, all we found was the information that pricing is available upon contacting the company and the statement that it allows saving "up to 55% on information security services."

We also looked through software review sites, such as G2. We hoped to at least obtain estimated prices from experts. However, not all of the solutions were featured on those sites. User comments for IBM's Managed Security Services suggest that they are cost-effective.

Finally, we analyzed articles from tech media, such as TechCrunch, Wired, and TechRadar, as well as cybersecurity media, like Help Net Security and Security Boulevard. We hoped that articles that provide overviews of the solutions would include prices or pricing estimates. Unfortunately, while there were articles about the upgrades of the companies' Security offerings, they didn't include the pricing information. Also, most of them were about security products that aren't relevant to this request.
Part
03
of four
Part
03

CISOaaS Companies Serving Small-to medium Sized Businesses: Analysis (2)

We have provided the requested details for the second two companies (Deloitte and Rapid7) identified in the previous request below.

Deloitte

DELOITTE OVERVIEW
  • Deloitte is a multinational professional services company, one of the big four accounting organizations in the world, and the largest professional services firm globally by revenue.
  • Deloitte offers the following professional services to businesses of all sizes globally: risk and financial advisory services, audit and assurance, consulting services, tax services, and mergers and acquisition services.
  • Deloitte US and its subsidiaries have 80,000 employees in the US.
DELOITTE US SERVICES
DELOITTE US COMPETITIVE ADVANTAGE
DELOITTE US PRICING OPTIONS FOR THE CISOaaS
  • Deloitte does not publicly reveal their pricing options for its Chief Information Security Officer-as-a-Service on the cybersecurity section of their website, or anywhere else. Clients have to request for the pricing by getting in touch with a cybersecurity manager.

Rapid7

RAPID7 OVERVIEW
PRODUCTS AND SERVICES
  • Rapid7 offers the following products that accelerate insights for security and IT teams:
  • The Rapid7 Insight platform for general insights
    • insightVM for Vulnerability Management
    • insightIDR for User Behavior Analytics and SIEM
    • insightAppSec for Application Security in the Cloud
    • insightOps for IT Operations.
    • metasploit for Penetration Testing
  • Rapid7 offers the following services: service consulting, product consulting, managed services, training and certification, and support and CSM.
  • Part of Rapid7's advisory services is the vCISO, where the company leverages the expertise of former security leaders to provide clients with a virtual CISO.
PRICING
Part
04
of four
Part
04

CISOaaS Companies Serving Small-to medium Sized Businesses: Analysis (3)

Avalon Cyber and CoalFIre are two leading companies in the cybersecurity space. Both companies have multiple offices and provide multiple solutions and products to its customers. Both companies also provide similar CISOaaS services. These points and more are discussed below.

Avalon Cyber

CoalFire

  • Overview:
  • Employees: 730
  • Products and Services:
    • Coalfire Labs is a service that mimics techniques and strategies used by adversaries and cybercriminals to attack the information technology infrastructure of a business.
    • CoalfireOne is an online platform that is offered to each client. This platform helps businesses view insights and do analysis and administrative management.
    • Compliance Services is a suite that helps businesses address compliance issues and find security risks, accelerate alignment, and helps to strengthen their brand.
    • Cyber Engineering services help businesses to design, integrate, optimize, and monitor security systems to operate effectively.
    • The Cyber Risk Advisory offers assessment, advisory, and assurance services to executive teams and boards of companies. Their CISO program management falls under this category.
    • Secure Cloud services help companies to secure their cloud infrastructure.
  • Company Advantage:
    • They have large well-known clients such as Diebold, 3M, AWS, Azure, and The Carlyle Group.
    • Their Secure Cloud services serve seven of the top ten SaaS companies and nine of the ten IaaS companies.
    • They have more than 17 years of experience in IT security and compliance serving both public and private organizations.
    • They offer services to thousands of clients across the US and Europe and have multiple accreditations including Amazon Web Services Certified Solutions Architect — Associate and Professional, Certified of Cloud Security Knowledge (CCSK), Certified Information Security Manager® (CISM®), Palo Alto Networks Accredited Configuration Engineer (ACE), and VMware Certified Professional (VCP5-DCP).
  • Pricing options:

Research Strategy

Even though we were able to find most information about these two cybersecurity companies in a straightforward fashion, we were unable to find the pricing for either company's CISOaaS options. Our search first started on each company's respective websites. On Avalon Cyber's website, the page discussing their vCISO offering only offers a list to a contact page. We checked in other areas of the website that may have had this information such as press releases (the cost could've been mentioned when this offering was launched) and in their Blog. This dilemma was also seen on the CoalFire website as there was only a link to a contact form and no mention of pricing.

We then decided to check several product review platforms, namely G2, Capterra, TrustPilot, and Featured Customers. We did this because we believed that there may be some reviewers who would talk about the costs for the services they get. Strangely, there was no page for Avalon Cyber on any of the above platforms, but we found pages for CoalFire. In our search, we realized that there wasn't any review we could use and that most of the testimonials on Featured Customers were mostly locked. The few that were provided for free did not have anything about their prices but were general statements about their help with projects at their respective companies.

As a final resort, we decided to use data provided from their cleints. For Avalon, we had to find clients such as Honeywell through press releases. CoalFire's clients were a bit easier to find because they listed them on their site. We focused on public companies and looked at annual reports and other material to see if there is anything that could mention how much these companies pay for services from either company. At this time we did not focus on the cost for CISOaaS and looked for generalized fees because we believed that it would be more likely to find something we could use this way. Having a general idea of the cost of their services could provide some insight into the CISOaaS pricing for each company. After our best efforts, there was nothing we could use. Considering that there are no prices for either company, we believe that it may be a common thing for cybersecurity companies to keep their pricing secret.
Sources
Sources

From Part 01
Quotes
  • "Small and medium-sized businesses have become attractive targets for cybercriminals. With solid cybersecurity strategy in hand, they can reduce the risk of attack."
Quotes
  • "In fiscal 2019 we delivered strong top-line growth and profitability, reporting revenue of $51.9 billion. "
  • "Revenue by product category and services: 58% Infrastructure platforms 25% Services 11% Applications 5% Security 1% Other"
Quotes
  • "Our team has former security leaders from a variety of industries, and we apply their knowledge to provide you a virtual CISO (vCISO). Working directly with your team, no matter the size, your vCISO will help strategize, plan, and execute the cybersecurity strategy that aligns with your business strategy. With our guidance, your organization will realize the best routes to enable and support the business, while still dramatically reducing information security risk and inefficiency."
Quotes
  • "Fourth quarter 2018 total revenue of $68.8 million and full year 2018 revenue of $244.1 million (under ASC 606)."
  • "Total revenue from North America was $207.7 million and comprised 85% of total revenue. Total revenue from rest of world was $36.4 million and comprised 15% of total revenue."
Quotes
  • "Avalon Document Services has $16.8M in estimated revenue annually."