In typical computing terminology, managed security services (MSS) refers to network-based security services that are outsourced to a service provider. A company that provides such a service is termed as managed security service provider (MSSP) of which roots date back to the mid-90s in the era of Internet Service Providers (ISPs).
A recent industry research concluded that approximately 75 percent organisations manage IT security in-house while more or less 82 percent IT professionals have already formed an alliance with a managed security service provider (MSSP).
MSSs take a systematic approach to manage security needs of an organisation that may be conducted in-house or outsourced to a service provider overseeing information and network system’s security of multiple corporations. Functions of MSS include 24/7 monitoring and management of firewalls and intrusion detection systems, supervise upgrades and patches, respond to emergencies and perform security audits.
Categories of MSS
- Onsite consultation
This refers to the customised assistance in the evaluation of corporate risks, core business requisites for security and development of processes and policies. It may comprise a detailed security architecture design and assessment that include business risks, technological threats and procedure so on. Consultation might include onsite extenuation support and security product integration following the event of intrusion. This may include forensic analysis and response to emergency incidents.
- Client’s network perimeter management
The service involves installation, upgrade and management of virtual private network (VPN), firewall, intrusion detection of software and hardware and emails. Configurations are commonly and routinely performed on behalf of the customer. Management includes maintenance of the firewall traffic routing, monitoring and generation of regular traffic, sharing management reports with the customers.
Either at the network or individual host level, intrusion detection management involves catering intrusion alerts to potential customers. Besides this, keeping with the pace of latest defences against possible intrusion, regular report and maintenance of potential intrusion activities and attempts. Filtering of the content may be provided for email and other data files travelling to and fro.
- Product resale
For many MSS out there, product resale has been a major revenue generator however it isn’t clearly a managed security itself. The category offers value-added software and hardware for multiple security-related tasks. Archiving customer data is an example of one such service.
- Managed security monitoring
It’s the regular monitoring and analysis of critical system events throughout the network. This includes malicious hacks, unauthorised behaviour, performance anomalies, denial of service attack (DoS) and trend analysis. This is the first step to counter an incident.
- Vulnerability assessment & penetration testing
The process or service involves single or periodic scanning of the software for possible hacking attempts and to detect vulnerabilities in a logical and technical perimeter. In general, it doesn’t monitor the network security all through nor accurately reflects personnel-related exposures coming from social engineering and discontented employees so on. Reports are regularly shared with clients.
- Compliance monitoring
Monitoring of the event log for change management, not intrusion is included in the service. Determining changes to a system that disrupts security policy falls in the category for instance, a rogue administrator attempts to access into a system. In short, measuring compliance to a technical risk is part of the service.
To engage an MSSP
Criteria for engaging services of an MSSP is the same as with any other outsourcing model such as cost-effectiveness as compared to in-house solutions, need for 24/7 service, focus on core competency and ease of upgrading.
A pertinent factor to MSS is of outsourcing the network security over the critical corporation’s infrastructure to a third-party. Responsibility of security is client’s own therefore management and monitoring the MSSP is crucial.
Although organisation is responsible for defending its network against business risks and information security, working alongside an MSSP gives an edge over protection without disregarding the core activities.
The above information tells in detail about managed security services, its categories and potential for business corporations.