Today's security administrators are challenged to keep pace with evolving threats and compliance mandates, while simultaneously absorbing workforce cuts. Between increasingly targeted attacks and a tidal wave of privacy regulations, the consequences of security breach have never been greater. Many new countermeasures have emerged to manage this business risk, but who has the time to learn, deploy, and maintain them?
Managed Security Service Providers (MSSPs) are filling the growing gap between need and capability. From small offices with no IT staff to over-burdened enterprises, many companies now implement their security policy by partnering with an MSSP. This approach might save your business time and money while yielding more effective security—IF you choose the right partner to defend your networked assets.
Purchasing a managed security service means establishing a trust relationship with subject matter experts. It means asking that third party to assess your security requirements and vulnerabilities, then install and configure appropriate countermeasures. It means hiring an outsider to monitor and analyze traffic that threatens your networked assets—in some cases, taking action on your behalf to block intrusions or neutralize attacks. These and other security-related tasks can be shared to varied degrees, depending on the provider and service(s) you choose.
Available managed security services range from managed firewall and virtual private network (VPN) devices to intrusion prevention (IPS) and anti-virus/anti-spyware (AV/AS) solutions, and content filtering solutions. MSSPs leverage economies of scale to deliver these services with higher quality, at lower cost.
When an MSSP issues an RFP, conducts a field trial, and selects a "best of breed" platform, those efforts support hundreds of future installations. When an MSSP outfits a security operations center (SOC) with certified specialists and sophisticated Security Event Management (SEM) tools, those costs are amortized over thousands of devices. Customers get to benefit from the latest and greatest in security, while providers reap return on investment through monthly service fees.
This concept may be simple, but choosing the right MSSP is complex. When selecting a security partner, is it vital to consider history and reputation. You should evaluate the processes used by the MSSP to provision services, respond to incidents, support in-house investigations, and report on events. You must clearly understand the division of labor between you and your provider and how you will interact, not just during activation, but for the years to follow.
To assist our readers with this endeavor, ISP-Planet has conducted MSSP surveys since 1999. What follows is our fifth MSSP survey, conducted during Q4 2006. With this survey, we hope to provide you with insight into seven of today's most popular managed security services.
To create a representative sample, we invited over sixty providers—small to large, national to global—to complete an in-depth questionnaire. Invitees included past survey participants, companies that contacted us after our last survey, and many other players in the MSSP landscape.
http://www.isp-planet.com/technology/mssp/2006/mssp1a.html