It doesn't matter how good your security technology is if you can't detect and react quickly to intrusions. Such thinking is leading IT shops to add managed security services to their portfolios and prompting vendors to expand their offerings to accommodate these services.
The latest such vendor is Axent Technologies, which is transitioning from a product-based to a services-based business model.
Axent will debut this week its overarching managed security services model under the ServiceShield brand. The service package is a product of Axent's 1998 acquisition of Secure Network Consulting and is made up of several distinct offerings.
Axent will offer overarching Enterprise Management as an option, which includes all the company's services from assessment to management to emergency response.
The Enterprise package comprises Firewall Management, for basic shielding of a network; Integrity Management and Vulnerability Management services, for assessing the state of a network's security; Detection and Response Management, for managing emergency situations, such as the ILoveYou virus; and Insurability Management, a service that allows administrators to take out insurance against a major security breach that damages the business.
Enterprise customers can mix and match the offerings according to their needs, Axent officials said.
In the wake of recent security compromises, customers are more interested than ever in outsourcing security, said Greg Coticchia, Axent's vice president of marketing. "Hackers are getting more aggressive, and it's scary to the enterprise," Coticchia said. "There are just not enough security experts out there to deal with it."
Another recent entry to the managed security arena is Counterpane Internet Security, which received a boost last week with US$27 million in second-round financing. New investors include Goldman Sachs Group and Morgan Stanley Dean Witter Private Equity.
Counterpane launched its service last month. Its strategy, according to Bruce Schneier, Counterpane's founder and chief technology officer, represents a quantum shift in the way security is applied and managed within the enterprise.
"Prevention isn't the answer. Cryptographic systems still get broken," said Schneier, the creator of the Blowfish algorithm. "Detection [of break-ins] and response are the keys to real security."
Counterpane Secure Operations Centers is staffed by security analysts who interpret and help IT managers respond to intrusions or break-ins. A small bit of software runs on a client's site, but for the most part a customer's network infrastructure is kept intact for the service. Counterpane partners with several other Web security consultancies and services.
"Security is a process, not a product," Schneier said. "I don't mean [users should] throw out the door locks, but just don't rely on them."
Security companies Internet Security Systems and Aventail also refocused their operations on services this year.
