Number three combo with extra VPN
Different MSSPs provide a variety of services in varying combinations. Most will look after firewalls, VPNs, monitoring, intrusion detection, and reacting to emergencies. Some also include antivirus protection (or only include antivirus protection).
Some also provide security consulting services, which can be a way to convince you to invest in their managed services, but not necessarily.
"We position ourselves as a security provider that can look at the overall issues a business is facing," says Getronics national marketing manager for managed services, Peter King.
"Realistically, the security threat is wider than just IT. Part of our offering is an organisational review, because 70 percent of companies don't even know if they have a security policy, or who owns it, or how it's supposed to be implemented or changed."
Getronics provides a full organisational review, that not only looks at a company's security policies, but also compares what the policy says and how it's actually implemented. Getronics staff also interview the client's staff to gauge their understanding of the security policy.
"The second part is to set up an external scan of an organisation, to review the external security aspects to see where the weak points are," says King.
"Third point is an internal one, where we use people that might otherwise be called hackers to work inside the organisation and see what they can exploit."
After completing this review, Getronics will present a client with a full report of its findings.
"A lot of organisations will say 'thank you' and deal with it internally. Other organisations will ask us to help them implement it, and others will just store that information away and do nothing," he says.
"There's one state government organisation that already has an organisation doing their security services and using our services as an audit."
Who can you trust?
Although the number of MSSPs in Australia is relatively small, there are still a variety of different options available.
Choosing a provider is first and foremost about matching your requirements to the provider's expertise. Beyond this, there are some criteria you should view as essential.
Damian Thompson, general manager of MSSP Zento says that a reliable provider must have:
- At least 18 month's working capital to support operations
- Dedicated 24 x 7 x 365 Security Operations Centre (SOC)
- Technologically advanced and secure data centre infrastructure
- Industry accredited and experienced IT security staff
- Multi-vendor support
- Service Level Agreements guaranteeing the delivery of managed services
"With the marketplace the way it is, this is not the time to have financial concerns about the company you're outsourcing your security to," he says.
McAfee's Ray McIntyre agrees. "You need your partners to be sound because you're in it for the long haul."
Having relationships with more than one vendor allows an MSSP to give customers a choice of services depending on their budget and requirements. "A lot of companies hitch their horse to one wagon," he says.
"Having multiple relationships, you're delivering much better value to the client because you're much more aware of what's going on in the marketplace," says Thompson.
"Some of the vendors such as Cisco and Nokia have very good software, but just relying on a single vendor's suite of software is a risk factor," adds Getronics' Peter King.
eSec's Jeff Paine says a good cue that an MSSP's staff are knowledgeable is if they are active contributors to security forums and symposiums.
"There are plenty of other considerations--the nutshell summary is that an organisation looking for an MSSP should try and compare the providers on a level playing field, and never assume anything about the service being provided," he adds.
"Ask the hard questions, and make sure the provider is capable and experienced. Organisations should be completely comfortable trusting the MSSP with their security before retaining their services."
Paine lists three more criteria:
- Scalability: the managed service should be adaptable to a changing network without sacrificing security.
- Seamless operation: it should not be intrusive on daily operations.
- Simplicity: increased complexity is counterproductive, managed services should not increase complexity.
McIntyre agrees that MSSPs should be seen and not heard. "You need to make sure they're deploying the correct technology, they need to be able to push out emergency patches and the like over the Internet from their SOC. You don't want someone constantly in your office tinkering with your systems."
Reporting is also an important issue, according to King. "You need an MSP who's able to prove to you how they're looking after you. We place a big emphasis on reporting. We want to show them where they have flaws so they can go and repair them."
