Managed security services have been around for a long time now. But the
market trend has moved on from basic managed security services such as managed
antivirus, antispam, firewall, IDS/IPS, etc. to various new and innovative
services which we will be discussing in this article. Managed security services
offer vairous advantages to enterprises. For instance, finding security experts
is still a challenge, and even if an enterprise manages to hire an experienced
security expert, retainting him is another challenge, as they cannot offer them
much growth.
With managed security services enterprises can save on costs, ie costs of
hiring security experts, buying of new security devices as security technologies
change quickly. Manged Security Services Providers (MSSPs) also help enterprises
in improving security of an organization, as they themselves need to have
topnotch secuity solutions in place, before they can offer services to other
organizations.
However, when hiring a managed security provider, trust seems to be the
biggest challenge of all. An MSSP needs to have good relationship with his
clients, since they are responsible for the security of an enterprise. Often
they will access the data which is highly senstive to an enterprise. No
enterprise would want its information to land in public, or wrong hands.
Similarly an enterprise might become dependent on an MSSP for various services.
And even a small distruption at the service provider's end can result in losses
to the client. Enterprises normally counter this by outsourcing to multiple
vendors, rather than just one. In this case, during planning stage, you can ask
for details such as, service providers current active security contracts with
other clients or financial information of the service provider.
Managed anti-virus
In this services domain, one major change has been the shift to the cloud
architecture. Earlier anti-viruses used to load the entire pattern file into
memory to detect malware. Now with technologies like file reputation and cloud,
most anti-viruses vendors have lowered the size of their pattern files. This
means anti-viruses have started to become less memory intensive when performing
scanning tasks. Now, when a new file is discovered, whose patterns or reputation
ratings in the cloud are not present, a hash of the file is generated and
instantly sent to the cloud for analysis.
Vulenrability assesment/ Penetration testing
Also referred as ethical hacking, demand for these services has been
constantly increasing. In such services, an MSSP performs a remote scan or
simulates an attack to find out how vulnerable is the client enterprise. Some
MSSP provide complete mangement where they also patch the vulnerabilies found.
In vulnerability scanning, normally audit is done for open ports and services
running on them, vulnerablities present in the OS and applications or
vulnerabilities based on configuration error. Vulnerability scan is usually
perfomed by using automated tools and can be scheduled on weekly or monthly
basis. However, in peneration testing and ethical hacking services go one step
further. These services simulate attacks with specific goals to find out how
much damage can a attacker really do. These service can include attacks like
social engineering, packet manipulation, session hijacking, SQL injection etc.
Advantage of these services is that enterprises can be pro-active about their
security, patch the holes in their network, even before they are targeted by
hackers.
Trend Micro Threat Management Solution |
Trend Micro Threat management appliance can work with any existing network. It continuously monitors a network to detect malware or disruptive applications which might be present on the network. Appliance works at network layer to detect malware, all you need is to plugin the appliance to an existing network, to deploy clients on machines. Trend Micro uses 'in-the-cloud' threat management services for a more detailed analysis of the customer threat environment; and performs network-wide cleanup and policy enforcement on the infected endpoints. Most interesting part is the licensing of this appliance: an enterprise can choose to buy this appliance or it can deploy the appliance on need-basis, as a managed service. |
Log retention services
Enterprises need to maintain their logs for various regulatory compliances
such as PCI, SOX, etc as well as for their internal security. However, retaining
enterprise-wide logs can be a tedious process. A few MSSPs offer log retention
services in which they maintain logs for the entire enterprise to help them meet
compliance requirements, and provide logs to the clients on demand. Usually in
this type of service, MSSP deploys an appliance at the client premises. This
appliance usually has a log management solution along with a huge stroage space
mostly in terabytes for archiving logs. Also logs kept in the appliance are
encrypted as well as compressed.
Security monitoring service
While protecting against attacks, be it malware or target attacks, its
important to constantly the monitor network and provide instant response in case
of an attack detection. In this type of service an MSP continuously monitors an
enterprise network and security devices such as firewalls, IDS/IPS, logs etc and
provides instant alerts in case a security threat is detected. MSPs also provide
incident analysis along with reports and details of what steps an enterprise
should take in order to protect against such attacks in future. Depending upon
the type of service taken, MSPs also provide response, in case an attack is in
place.
Advantage is that there is a dedicated team of security experts monitoring
your network, and they can quickly recognize patterns of attacks, and also they
have information about the latest attack techniques as well as malware present
in the wild, which might not be instantly available to your IT team. Many MSPs
offer this service in conjunction with security operation management service,
where the entire management of enterprise security is outsourced to a managed
service provider.
Next:
Managed Storage Services