Managed Security Services

Managed security services have been around for a long time now. But the

market trend has moved on from basic managed security services such as managed

antivirus, antispam, firewall, IDS/IPS, etc. to various new and innovative

services which we will be discussing in this article. Managed security services

offer vairous advantages to enterprises. For instance, finding security experts

is still a challenge, and even if an enterprise manages to hire an experienced

security expert, retainting him is another challenge, as they cannot offer them

much growth.

With managed security services enterprises can save on costs, ie costs of

hiring security experts, buying of new security devices as security technologies

change quickly. Manged Security Services Providers (MSSPs) also help enterprises

in improving security of an organization, as they themselves need to have

topnotch secuity solutions in place, before they can offer services to other

organizations.

However, when hiring a managed security provider, trust seems to be the

biggest challenge of all. An MSSP needs to have good relationship with his

clients, since they are responsible for the security of an enterprise. Often

they will access the data which is highly senstive to an enterprise. No

enterprise would want its information to land in public, or wrong hands.

Similarly an enterprise might become dependent on an MSSP for various services.

And even a small distruption at the service provider's end can result in losses

to the client. Enterprises normally counter this by outsourcing to multiple

vendors, rather than just one. In this case, during planning stage, you can ask

for details such as, service providers current active security contracts with

other clients or financial information of the service provider.

Managed anti-virus



In this services domain, one major change has been the shift to the cloud

architecture. Earlier anti-viruses used to load the entire pattern file into

memory to detect malware. Now with technologies like file reputation and cloud,

most anti-viruses vendors have lowered the size of their pattern files. This

means anti-viruses have started to become less memory intensive when performing

scanning tasks. Now, when a new file is discovered, whose patterns or reputation

ratings in the cloud are not present, a hash of the file is generated and

instantly sent to the cloud for analysis.

Vulenrability assesment/ Penetration testing



Also referred as ethical hacking, demand for these services has been

constantly increasing. In such services, an MSSP performs a remote scan or

simulates an attack to find out how vulnerable is the client enterprise. Some

MSSP provide complete mangement where they also patch the vulnerabilies found.

In vulnerability scanning, normally audit is done for open ports and services

running on them, vulnerablities present in the OS and applications or

vulnerabilities based on configuration error. Vulnerability scan is usually

perfomed by using automated tools and can be scheduled on weekly or monthly

basis. However, in peneration testing and ethical hacking services go one step

further. These services simulate attacks with specific goals to find out how

much damage can a attacker really do. These service can include attacks like

social engineering, packet manipulation, session hijacking, SQL injection etc.

Advantage of these services is that enterprises can be pro-active about their

security, patch the holes in their network, even before they are targeted by

hackers.

Log retention services



Enterprises need to maintain their logs for various regulatory compliances

such as PCI, SOX, etc as well as for their internal security. However, retaining

enterprise-wide logs can be a tedious process. A few MSSPs offer log retention

services in which they maintain logs for the entire enterprise to help them meet

compliance requirements, and provide logs to the clients on demand. Usually in

this type of service, MSSP deploys an appliance at the client premises. This

appliance usually has a log management solution along with a huge stroage space

mostly in terabytes for archiving logs. Also logs kept in the appliance are

encrypted as well as compressed.

Security monitoring service



While protecting against attacks, be it malware or target attacks, its

important to constantly the monitor network and provide instant response in case

of an attack detection. In this type of service an MSP continuously monitors an

enterprise network and security devices such as firewalls, IDS/IPS, logs etc and

provides instant alerts in case a security threat is detected. MSPs also provide

incident analysis along with reports and details of what steps an enterprise

should take in order to protect against such attacks in future. Depending upon

the type of service taken, MSPs also provide response, in case an attack is in

place.

Advantage is that there is a dedicated team of security experts monitoring

your network, and they can quickly recognize patterns of attacks, and also they

have information about the latest attack techniques as well as malware present

in the wild, which might not be instantly available to your IT team. Many MSPs

offer this service in conjunction with security operation management service,

where the entire management of enterprise security is outsourced to a managed

service provider.

Next:

Managed Storage Services