Home > Information Security Magazine > Features > In MSSPs We Trust
EMAIL THIS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

In MSSPs We Trust
by Adam Stone
Issue: Feb 2005
printer-friendly
< PREV PAGE   |   1  |   2  |   3  |   NEXT PAGE  >

"M" Also Stands for Myriad
People talk about MSSPs as if the term refers to a single set of offerings. The truth is that the MSSP market is broken down into a number of subsets (see "Managed Security Services"). There are no all-or-nothing propositions; enterprises can pick and choose services that best fit their needs.

The MSSP space is dominated by device management and traffic monitoring and incident response services, such as those offered by VeriSign, Symantec Internet Security Systems and Counterpane Internet Security. In most instances, IDS sensors are placed on the customer's network to monitor traffic for anomalies and signatures. Most programs will correlate events from the networks to provide threat intelligence and attack forecasts.

"MSSPs have feelers out everywhere," says Yankee's Singer. "They're monitoring attacks all over the world in all different networks, so they will be the first to see certain attacks."

Depending on the level of service, an MSSP will either support the enterprise security team in responding to attacks, or unilaterally respond by closing firewall ports and dropping traffic. Services will also use agents to handle maintenance of firewalls rule sets, router configurations and IDS updates.

Completely separate from perimeter defense are the e-mail security services offered by such firms as Symantec, MessageLabs and Postini. These services replace the last hop in the e-mail transmission, performing deep scans and analysis of messages before they reach the destination network. They're primarily used for malware protection, but they also offer content filtering and antispam services. Antivirus services are offered by McAfee and Trend Micro.

Vulnerability assessment services, such as those offer by Qualys, Digital Defense and McAfee (through its Foundstone acquisition), probe enterprise networks for holes, providing security managers with detailed reports on their security postu...



re, trending data and remediation guidance.

VPN management services, such as those offered by FiberLink and Positive Networks, relieve enterprises of the burden of establishing and maintaining secure remote connections with individual users and branch offices.

Many MSSPs and large telecoms/ISPs will offer all or most of these services. Selecting the right service requires extensive due diligence, since not all services use compatible technologies and most require varying levels of access to network resources.

Essential is determining the level of trust you're willing to give a service provider, since it will see into your network and, in certain cases, have the ability to alter your traffic flows. VA services will know also where your weaknesses are; and monitoring and response services will know when you've been attacked and breached.

Each service provides a different piece of the security and risk management puzzle. MSSPs can either replace, supplement or support the existing security infrastructure, and most provide extensive reporting capabilities for demonstrating compliance with internal security policies, auditor requirements and regulations.

Cost savings, however, aren't always the chief objectives. Some management and monitoring services will charge as much as several thousand dollars per device per month. The value proposition isn't in the reduction of head count, but the increased security that the MSSP provides by augmenting the capabilities of your staff.

But there are potential savings. MSSPs alleviate the burden of having to build and maintain complex security infrastructures--firewalls, IDS/IPS, Web security--and hire and train staff to operate them.

When Orange County's Giangreco determined he needed a security information management system to collect and correlate security logs, the cost of purchasing a software solution ranged between $50,000 and $100,000--before adding staff training costs.

"We were either going to hire some pretty high-level people, or do some extensive training. Either one would have been pretty expensive," he says. The ballpark figure for development, training, salary and benefits for one FTE could be $250,000 the first year, plus $150,000 annually for personnel and maintenance, he says, compared to less than $90,000 per year for an MSSP.

"And the cost doesn't reflect the benefit of having a much larger and more highly skilled staff available than we would have maintained on our own," he adds.
< PREV PAGE   |   1  |   2  |   3  |   NEXT PAGE  >





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts