What can MSSPs do?
MSSPs can provide a variety of services, including firewalls, intrusion detection, VPNs, antivirus protection, and auditing of your security procedures.
Configuring a packet-filtering firewall is no activity for a novice. It requires a nuts-and-bolts understanding of internetwork communications, including protocols, ports, and sockets. And, because firewalls must keep pace with advances in network attack methods, they require frequent updates.
Packet filters are not foolproof either and are subject to IP spoofing attacks.
Some advanced firewalls now use stateful packet filtering, which tracks information across packets. This allows the context of each packet to be taken into account, thus making it easier to distinguish suspicious activity from legitimate network usage.
Even with all this complexity, firewalls are not bulletproof and should be considered the first line of defence.
Intrusion detection systems (IDSes) monitor network traffic for certain patterns of activity that could mean trouble and issue alerts when they find anything that varies from the norm. IDSes usually work by comparing the data that pass through to a database of predefined attack signatures.
The very fact that hackers try not to attract attention to themselves makes it difficult for the IDS to distinguish harmless activity from malicious intent, so IDSes often report false positives, but can also be susceptible to false negatives.
In addition, IDSes are essentially passive systems, although some more advanced IDSes are becoming more proactive in tracking intruders and distracting them from your essential systems.
For these reasons, IDSes need to be constantly supervised by experienced security staff, who can review the full context of the offending activity and determine whether or not concern is warranted.
While the benefits of a VPN are obvious--a secure connection to branch offices or business partners, or allowing staff to work from home--a VPN is also a door into your network.
The door might be deadlocked with encryption and authentication, but these measures are not impossible to get around. Again, expertise and supervision are required to make sure everything is in order.
One of the strongest security defences is devising, implementing, and enforcing a strong security policy. The need for policy is particularly pertinent when you consider that the majority of security breaches come from within--disgruntled employees (or ex-employees), or outsiders acting on information these employees provide.
Yet survey after survey has revealed a disturbing absence of security policies in IT departments. For example, a survey in September last year by outsourcing company CSC of North American companies with revenues of US$1 billion or greater revealed that 46 per cent had no security policy in place.
Even fewer had programs to monitor compliance with these policies, or to measure the return on investment for their security expenditure.
A generally accepted figure around the industry is that 70 percent of all companies have not implemented a security policy. On the other hand, awareness of security is on the rise, so these figures might be a little out of date.
What's in it for me?
Keeping all this in mind, it's clear that if you're constantly connected to the Internet, you're also constantly connected to a wide variety of threats that require a great deal of expertise and investment to defend yourself against.
The benefits of an MSSP include:
- The cost of the service is far less than hiring a full-time security expert, yet it can provide the technical know-how of a whole team of experts.
- Network activity is monitored in real time 24 hours a day, not just during work hours.
- The service can protect the internal network from unsecured VPN endpoints.
- The firewall and IDS solutions are far more effective because they are managed and monitored by security pros; the customer should not have to solve security problems.
- When an intrusion is detected, these pros can use the remote monitoring connection to determine whether the alarm is justified and to actually block the intruder's actions.
Insisting on 24-hour monitoring is essential to hiring an MSSP, according to Jeff Paine, principal consultant with security provider eSec. "Hackers don't respect business hours," he says.
"By using technology and expertise, managed service providers should be able to provide more comprehensive monitoring and management for lower cost than for the organisation to hire multiple specialists to work shifts around the clock (or incur the cost of developing their own systems)."
