Managed security service

Last updated

In computing, managed security services (MSS) are network security services that have been outsourced to a service provider. A company providing such a service is a managed security service provider (MSSP) [1] The roots of MSSPs are in the Internet Service Providers (ISPs) in the mid to late 1990s. Initially, ISP(s) would sell customers a firewall appliance, as customer premises equipment (CPE), and for an additional fee would manage the customer-owned firewall over a dial-up connection. [2]

Contents

According to recent industry research, most organizations (74%) manage IT security in-house, but 82% of IT professionals said they have either already partnered with, or plan to partner with, a managed security service provider. [3]

Businesses turn to managed security services providers to alleviate the pressures they face daily related to information security such as targeted malware, customer data theft, skills shortages and resource constraints. [4] [5]

Managed security services (MSS) are also considered the systematic approach to managing an organization's security needs. The services may be conducted in-house or outsourced to a service provider that oversees other companies' network and information system security. Functions of a managed security service include round-the-clock monitoring and management of intrusion detection systems and firewalls, overseeing patch management and upgrades, performing security assessments and security audits, and responding to emergencies. There are products available from a number of vendors to help organize and guide the procedures involved. This diverts the burden of performing the chores manually, which can be considerable, away from administrators.

Industry research firm, Forrester Research, identified the 14 most significant vendors in the global market in 2018 with its 23-criteria evaluation of managed security service providers (MSSPs)--identifying Accenture, IBM, Dell SecureWorks, Trustwave, AT&T, Verizon, Deloitte, Wipro and others as the leaders in the MSSP market. [6] Newcomers to the market include a number of smaller providers used to protect homes, small businesses, and high networth clients.

Early history

An early example of an outsourced and off-site MSSP service is US West !NTERACT Internet Security. The security service didn't require the customer to purchase any equipment and no security equipment was installed at the customers premises. [7] The service is considered an MSSP offering in that US West retained ownership of the firewall equipment and the firewalls were operated from their own Internet Point of Presence (PoP) [8] The service was based on Check Point Firewall-1 equipment. [9] Following over a year long beta introduction period, the service was generally available by early 1997. [7] [8] The service also offered managed Virtual Private Networking (VPN) encryption security at launch. [8]

Industry terms

Six categories of managed security services

On-site consulting

This is customized assistance in the assessment of business risks, key business requirements for security and the development of security policies and processes. It may include comprehensive security architecture assessments and design (include technology, business risks, technical risks and procedures). Consulting may also include security product integration and On-site mitigation support after an intrusion has occurred, including emergency incident response and forensic analysis [1] [10]

Perimeter management of the client's network

This service involves installing, upgrading, and managing the firewall, Virtual Private Network (VPN) and/or intrusion detection hardware and software, electronic mail, and commonly performing configuration changes on behalf of the customer. Management includes monitoring, maintaining the firewall's traffic routing rules, and generating regular traffic and management reports to the customer. [1] Intrusion detection management, either at the network level or at the individual host level, involves providing intrusion alerts to a customer, keeping up to date with new defenses against intrusion, and regularly reporting on intrusion attempts and activity. Content filtering services may be provided by; such as, email filtering and other data traffic filtering. [10]

Product resale

Clearly not a managed service by itself, product resale is a major revenue generator for many MSS providers. This category provides value-added hardware and software for a variety of security-related tasks. One such service that may be provided is archival of customer data. [10]

Managed security monitoring

This is the day-to-day monitoring and interpretation of important system events throughout the network—including unauthorized behavior, malicious hacks, denial of service (DoS), anomalies, and trend analysis. It is the first step in an incident response process.

Penetration testing and vulnerability assessments

This includes one-time or periodic software scans or hacking attempts in order to find vulnerabilities in a technical and logical perimeter. It generally does not assess security throughout the network, nor does it accurately reflect personnel-related exposures due to disgruntled employees, social engineering, etc. Regularly, reports are given to the client. [1] [10]

Compliance monitoring

Conduct change management by monitoring event log to identify changes to a system that violates a formal security policy. For example, if an impersonator grants himself or herself too much administrative access to a system, it would be easily identifiable through compliance monitoring. [11]

Engaging an MSSP

The decision criteria for engaging the services of an MSSP are much the same as those for any other form of outsourcing: cost-effectiveness compared to in-house solutions, focus upon core competencies, need for round-the-clock service, and ease of remaining up-to-date. An important factor, specific to MSS, is that outsourcing network security hands over critical control of the company's infrastructure to an outside party, the MSSP, whilst not relieving the ultimate responsibility for errors. The client of an MSSP still has the ultimate responsibility for its own security, and as such must be prepared to manage and monitor the MSSP, and hold it accountable for the services for which it is contracted. The relationship between MSSP and client is not a turnkey one. [1]

Although the organization remains responsible for defending its network against information security and related business risks, working with an MSSP allows the organization to focus on its core activities while remaining protected against network vulnerabilities.

Business risks can result when information assets upon which the business depends are not securely configured and managed (resulting in asset compromise due to violations of confidentiality, availability, and integrity). Compliance with specific government-defined security requirements can be achieved by using managed security services. [12]

Managed security services for mid-sized and smaller businesses

The business model behind managed security services is commonplace among large enterprise companies with their IT security experts. The model was later adapted to fit medium-sized and smaller companies (SMBs - organizations up to 500 employees, or with no more than 100 employees at any one site) by the value-added reseller (VAR) community, either specializing in managed security or offering it as an extension to their managed IT service solutions. SMBs are increasingly turning to managed security services for several reasons. Chief among these are the specialized, complex and highly dynamic nature of IT security and the growing number of regulatory requirements obliging businesses to secure the digital safety and integrity of personal information and financial data held or transferred via their computer networks.

Whereas larger organizations typically employ an IT specialist or department, organizations at a smaller scale such as distributed location businesses, medical or dental offices, attorneys, professional services providers or retailers do not typically employ full-time security specialists, although they frequently employ IT staff or external IT consultants. Of these organizations, many are constrained by budget limitations. To address the combined issues of lack of expertise, lack of time and limited financial resources, an emerging category of managed security service provider for the SMB has arisen.

The organizations across sectors are now shifting to Managed Security services from the traditional in-house IT security practices. A trend of outsourcing the IT security jobs to the Managed Security Services vendors is picking up at an appreciable pace. This also helps the enterprises to focus more on their core business activities as a strategic approach. Effective management, cost-effectiveness and seamless monitoring are the major drivers fueling the demand of these services. Further, with the increase in the participation of leading IT companies worldwide, the end user enterprises are gaining confidence in outsourcing the IT security. [13]

Services providers in this category tend to offer comprehensive IT security services delivered on remotely managed appliances or devices that are simple to install and run for the most part in the background. Fees are normally highly affordable to reflect financial constraints, and are charged every month at a flat rate to ensure predictability of costs. Service providers deliver daily, weekly, monthly or exception-based reporting depending on the client's requirements. [14]

Today IT security has become a power weapon as cyberattacks have become highly sophisticated. As enterprises toil to keep at par with the new malware deviant or e-mail spoofing fraud gambit. Among different prominent players, Managed Security Service provider observe the growing need to combat increasingly complicated and intended attacks. In response, these vendors are busy enhancing the sophistication of their solution, in many cases winning over other security expert to expand their portfolio. Besides this increasing regulatory compliance associated with the protection of citizen's data worldwide, is likely to stimulate enterprises to ensure a high data-security level.

Some of the frontrunners in engaging managed security services are Financial Services, telecom, information technology etc. To maintain a competitive edge, MSS vendors are focusing more and more on refining their product offering of technologies deployed at clients. Another crucial factor of profitability remains the capability to lower the cost yet generate more revenue by avoiding the deployment of additional tools. Simplifying both service creation and integration of the products ensures unprecedented visibility as well as integration. Besides this, the MSS market would witness a tremendous growth in regions such as North America, Europe, Asia –Pacific and Latin America, Middle East and Africa. [15]

See also

Related Research Articles

Deep packet inspection (DPI) is a type of data processing that inspects in detail the data being sent over a computer network, and may take actions such as alerting, blocking, re-routing, or logging it accordingly. Deep packet inspection is often used for baselining application behavior, analyzing network usage, troubleshooting network performance, ensuring that data is in the correct format, checking for malicious code, eavesdropping, and internet censorship, among other purposes. There are multiple headers for IP packets; network equipment only needs to use the first of these for normal operation, but use of the second header is normally considered to be shallow packet inspection despite this definition.

Business Process Outsourcing (BPO) is a subset of outsourcing that involves the contracting of the operations and responsibilities of a specific business process to a third-party service provider. Originally, this was associated with manufacturing firms, such as Coca-Cola that outsourced large segments of its supply chain.

A service provider (SP) is an organization that provides services, such as consulting, legal, real estate, communications, storage, and processing services, to other organizations. Although a service provider can be a sub-unit of the organization that it serves, it is usually a third-party or outsourced supplier. Examples include telecommunications service providers (TSPs), application service providers (ASPs), storage service providers (SSPs), and internet service providers (ISPs). A more traditional term is service bureau.

Managed services is the practice of outsourcing the responsibility for maintaining, and anticipating need for, a range of processes and functions, ostensibly for the purpose of improved operations and reduced budgetary expenditures through the reduction of directly-employed staff. It is an alternative to the break/fix or on-demand outsourcing model where the service provider performs on-demand services and bills the customer only for the work done.

An information security audit is an audit of the level of information security in an organization. It is an independent review and examination of system records, activities, and related documents. These audits are intended to improve the level of information security, avoid improper information security designs, and optimize the efficiency of the security safeguards and security processes. Within the broad scope of auditing information security there are multiple types of audits, multiple objectives for different audits, etc. Most commonly the controls being audited can be categorized as technical, physical and administrative. Auditing information security covers topics from auditing the physical security of data centers to auditing the logical security of databases, and highlights key components to look for and different methods for auditing these areas.

A dedicated hosting service, dedicated server, or managed hosting service is a type of Internet hosting in which the client leases an entire server not shared with anyone else. This is more flexible than shared hosting, as organizations have full control over the server(s), including choice of operating system, hardware, etc.

Software as a service is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. SaaS is also known as on-demand software, web-based software, or web-hosted software.

<span class="mw-page-title-main">Radware</span>

Radware Inc. is an American provider of cybersecurity and application delivery products for physical, cloud and software-defined data centers. Radware's corporate headquarters are located in Mahwah, New Jersey. The company also has offices in Europe, Africa and Asia Pacific regions. The company's global headquarters is in Israel. Radware is a member of the Rad Group of companies and its shares are traded on NASDAQ.

A chief information security officer (CISO) is a senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. The CISO directs staff in identifying, developing, implementing, and maintaining processes across the enterprise to reduce information and information technology (IT) risks. They respond to incidents, establish appropriate standards and controls, manage security technologies, and direct the establishment and implementation of policies and procedures. The CISO is also usually responsible for information-related compliance. The CISO is also responsible for protecting proprietary information and assets of the company, including the data of clients and consumers. CISO works with other executives to make sure the company is growing in a responsible and ethical manner.

A vendor management system (VMS) is an Internet-enabled, often Web-based application that acts as a mechanism for business to manage and procure staffing services – temporary, and, in some cases, permanent placement services – as well as outside contract or contingent labor. Typical features of a VMS application include order distribution, consolidated billing and significant enhancements in reporting capability that outperforms manual systems and processes.

Mobile device management (MDM) is the administration of mobile devices, such as smartphones, tablet computers, and laptops. MDM is usually implemented with the use of a third-party product that has management features for particular vendors of mobile devices. Though closely related to Enterprise Mobility Management and Unified Endpoint Management, MDM differs slightly from both: unlike MDM, EMM includes mobile information management, BYOD, mobile application management and mobile content management, whereas UEM provides device management for endpoints like desktops, printers, IoT devices, and wearables as well.

Outsourcing relationship management (ORM) is the business discipline widely adopted by companies and public institutions to manage one or more external service providers as part of an outsourcing strategy. ORM is a broadly used term that encompasses elements of organizational structure, management strategy and information technology infrastructure.

<span class="mw-page-title-main">Symantec Endpoint Protection</span> Computer security software

Symantec Endpoint Protection, developed by Broadcom Inc., is a security software suite that consists of anti-malware, intrusion prevention and firewall features for server and desktop computers. It has the largest market-share of any product for endpoint security.

A multi-service business gateway (MSBG) is a device that combines multiple network voice and data communications functions into a single device. Targeted at small and medium enterprises (SMEs), the MSBG integrates critical functions such as routing, VoIP, and security into a single fault-tolerant platform, with a common control & management plane oriented around services. An MSBG may also include functionality such as web/e-mail server and filtering, storage, and wireless networking.

Secureworks Inc. is an American cybersecurity company. The company has approximately 4,000 customers in more than 50 countries, ranging from Fortune 100 companies to mid-sized businesses in a variety of industries.

<span class="mw-page-title-main">Information security operations center</span> Facility where enterprise information systems are monitored, assessed, and defended

An information security operations center is a facility where enterprise information systems are monitored, assessed, and defended.

Ademco Security Group is a Singapore-based security services company that sells monitoring services, manpower security services, unified security management, and enterprise security software. The company has approximately 8000 corporate and government clients across Asia, including Singapore, Malaysia, Philippines, Indonesia, Thailand, Vietnam, India, and China’s major cities.

Third-party management is the process whereby companies monitor and manage interactions with all external parties with which it has a relationship. This may include both contractual and non-contractual parties. Third-party management is conducted primarily for the purpose of assessing the ongoing behavior, performance and risk that each third-party relationship represents to a company. Areas of monitoring include supplier and vendor information management, corporate and social responsibility compliance, Supplier Risk Management, IT vendor risk, anti-bribery/anti-corruption (ABAC) compliance, information security (infosec) compliance, performance measurement, and contract risk management. The importance of third-party management was elevated in 2013 when the US Office of the Comptroller of the Currency stipulated that all regulated banks must manage the risk of all their third parties.

Endpoint security or endpoint protection is an approach to the protection of computer networks that are remotely bridged to client devices. The connection of endpoint devices such as laptops, tablets, mobile phones, Internet-of-things devices, and other wireless devices to corporate networks creates attack paths for security threats. Endpoint security attempts to ensure that such devices follow a definite level of compliance to standards.

The Co-Managed IT security service model entails security monitoring, event correlation, incident response, system tuning, and compliance support across an organization's entire IT environment. Co-Management allows organizations to collaborate with their managed security service providers by blending security expertise of the provider with the contextual knowledge of the customer to optimise security posture.

References

  1. 1 2 3 4 5 Sudhanshu Kairab (2004). A Practical Guide to Security Assessments. CRC Press. pp. 220–222. ISBN   9780849317064.
  2. Denise Pappalardo (1997-03-17). "Outsourcing Options". Network World.
  3. Pressure to deliver new IT projects despite security concerns felt by 80% of IT professionals
  4. "5 Pitfalls to Avoid When Choosing a Managed Security Service Provider". Archived from the original on 21 August 2016. Retrieved 29 July 2016.
  5. "CSO Magazine: Study shows those responsible for security face mounting pressures". February 11, 2014.
  6. The Forrester Wave™: Global Managed Security Services Providers (MSSPs), Q3 2018
  7. 1 2 Tim Greene (1997-03-17). "RBOC or ISP?". Network World.
  8. 1 2 3 "Security Services for the Internet Release". Archived from the original on May 16, 1997. Retrieved 24 November 2014.
  9. "Check Point Software Technologies ISP Market Initiative Partner Quote Sheet" . Retrieved 24 November 2014.
  10. 1 2 3 4 Brian T. Contos; William P. Crowell; Colby Derodeff; Dan Dunkel & Eric Cole (2007). Physical and Logical Security Convergence . Syngress. pp.  140. ISBN   9781597491228.
  11. "Managed Services". www.itb.com.sa. Retrieved 2020-11-15.
  12. Outsourcing Managed Security Services
  13. "Managed Security Services (MSS): An Opportunistic IT Security Segment, Globally". 17 December 2015.
  14. How to make the most of managed security services
  15. "Cloud-based Managed Security Services to Overtake On-Premise Deployment within 12 Months". 14 August 2015.

Further reading

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.