Managed security services have been around for a long time now. But the market trend has moved on from basic managed security services such as managed antivirus, antispam, firewall, IDS/IPS, etc. to various new and innovative services which we will be discussing in this article. Managed security services offer vairous advantages to enterprises. For instance, finding security experts is still a challenge, and even if an enterprise manages to hire an experienced security expert, retainting him is another challenge, as they cannot offer them much growth.
With managed security services enterprises can save on costs, ie costs of hiring security experts, buying of new security devices as security technologies change quickly. Manged Security Services Providers (MSSPs) also help enterprises in improving security of an organization, as they themselves need to have topnotch secuity solutions in place, before they can offer services to other organizations.
However, when hiring a managed security provider, trust seems to be the biggest challenge of all. An MSSP needs to have good relationship with his clients, since they are responsible for the security of an enterprise. Often they will access the data which is highly senstive to an enterprise. No enterprise would want its information to land in public, or wrong hands. Similarly an enterprise might become dependent on an MSSP for various services. And even a small distruption at the service provider's end can result in losses to the client. Enterprises normally counter this by outsourcing to multiple vendors, rather than just one. In this case, during planning stage, you can ask for details such as, service providers current active security contracts with other clients or financial information of the service provider.
In this services domain, one major change has been the shift to the cloud architecture. Earlier anti-viruses used to load the entire pattern file into memory to detect malware. Now with technologies like file reputation and cloud, most anti-viruses vendors have lowered the size of their pattern files. This means anti-viruses have started to become less memory intensive when performing scanning tasks. Now, when a new file is discovered, whose patterns or reputation ratings in the cloud are not present, a hash of the file is generated and instantly sent to the cloud for analysis.
Vulenrability assesment/ Penetration testing
Also referred as ethical hacking, demand for these services has been constantly increasing. In such services, an MSSP performs a remote scan or simulates an attack to find out how vulnerable is the client enterprise. Some MSSP provide complete mangement where they also patch the vulnerabilies found. In vulnerability scanning, normally audit is done for open ports and services running on them, vulnerablities present in the OS and applications or vulnerabilities based on configuration error. Vulnerability scan is usually perfomed by using automated tools and can be scheduled on weekly or monthly basis. However, in peneration testing and ethical hacking services go one step further. These services simulate attacks with specific goals to find out how much damage can a attacker really do. These service can include attacks like social engineering, packet manipulation, session hijacking, SQL injection etc. Advantage of these services is that enterprises can be pro-active about their security, patch the holes in their network, even before they are targeted by hackers.
|Trend Micro Threat Management Solution|
|Trend Micro Threat management appliance can work with any existing network. It continuously monitors a network to detect malware or disruptive applications which might be present on the network. Appliance works at network layer to detect malware, all you need is to plugin the appliance to an existing network, to deploy clients on machines. Trend Micro uses 'in-the-cloud' threat management services for a more detailed analysis of the customer threat environment; and performs network-wide cleanup and policy enforcement on the infected endpoints. Most interesting part is the licensing of this appliance: an enterprise can choose to buy this appliance or it can deploy the appliance on need-basis, as a managed service.|
Log retention services
Enterprises need to maintain their logs for various regulatory compliances such as PCI, SOX, etc as well as for their internal security. However, retaining enterprise-wide logs can be a tedious process. A few MSSPs offer log retention services in which they maintain logs for the entire enterprise to help them meet compliance requirements, and provide logs to the clients on demand. Usually in this type of service, MSSP deploys an appliance at the client premises. This appliance usually has a log management solution along with a huge stroage space mostly in terabytes for archiving logs. Also logs kept in the appliance are encrypted as well as compressed.
Security monitoring service
While protecting against attacks, be it malware or target attacks, its important to constantly the monitor network and provide instant response in case of an attack detection. In this type of service an MSP continuously monitors an enterprise network and security devices such as firewalls, IDS/IPS, logs etc and provides instant alerts in case a security threat is detected. MSPs also provide incident analysis along with reports and details of what steps an enterprise should take in order to protect against such attacks in future. Depending upon the type of service taken, MSPs also provide response, in case an attack is in place.
Advantage is that there is a dedicated team of security experts monitoring your network, and they can quickly recognize patterns of attacks, and also they have information about the latest attack techniques as well as malware present in the wild, which might not be instantly available to your IT team. Many MSPs offer this service in conjunction with security operation management service, where the entire management of enterprise security is outsourced to a managed service provider.
Next: Managed Storage Services