Managed security services: What's right for you?

Here are some best practices to consider before you shop around for an MSSP.

There are two steps to the MSSP process for an SMB:

1. Determine what functions, if any, should be sent off to the provider.
2. Shop for a provider and calculate costs.

MSSPs offer a wide range of services. They can monitor firewalls, run intrusion detection systems (IDS), monitor logs and handle incident response. To your pager-toting IT staff members, already bleary-eyed from long hours handling their already heavy daily routines, an MSSP can be a dream come true -- or their worst nightmare come true, if not overseen properly.

Here are some of the services offered by MSSPs. Keep in mind that you can usually pick and choose what you need without having to buy a whole package, too:

• Virtual private network (VPN) setup and management.
• Firewall management and review, which may also include VPN management.
• Intrusion detection and prevention systems (IDS/IPS).
• Monitoring and log review.
• Vulnerability scanning.

Determine your needs

Take a close look at what you really need. Do a thorough review of how your IT department currently handles information security and what it should offload. Can your existing IT staff members manage your firewalls? This is a basic part of the job description for a network manager and something they may already be handling effectively. They may also already be handling your VPN, if you have one, another function wrapped in firewall management.

More on outsourcing VoIP outsourcing: Save money and gain flexibility Microsoft security tools vs. third party Firm ditches J.D. Edwards in-house support for third party

If your organization is small, the user base limited and your network, as a result, equally manageable, there's no need to outsource your firewall work. But, on the other hand, if those same firewalls are generating logs big enough to fill the Smithsonian library, it could mean there are deeper issues with your network that may require outside review. Could heavy traffic mean you're the target of a denial-of-service (DoS) attack? Are you losing sleep over potential intrusions in the middle of the night?

This is a textbook scenario of where you might want to keep firewall management in-house, but send IDS, log review and incident response functionality out the door to an outsourced MSSP. Again, pick and choose the services carefully based on your needs. That's what an MSSP does. It can be a one-stop shop, but it doesn't have to be either.

One advantage of an MSSP, particularly in monitoring, scanning, IDS and incident response, is that established players have their own secure operations centers (SOC). SOCs are fully staffed round-the-clock with experienced information security personnel.

Larger MSSPs even have SOCs around the globe that can respond immediately to news of virus attacks, for example. They have their own intelligence networks monitoring reports of suspected phishing and other hacking activity. From this perspective, hiring an MSSP is like having a private FBI or CIA operation working for you. Most SMBs just don't have the staff to take on tracking vulnerabilities real time at that level. Your IT staff might get a chance, at best, to sneak a peek at an online hacker bulletin board and then not have the time or resources to respond to an attack.

Shop around

When you've decided what functions to outsource, shop for a provider. Once a preserve only of Internet service providers (ISP), the field has shifted to more independent players, especially those with the capability to monitor large chunks of Internet traffic.

Mountain View, Calif.-based Counterpane Internet Security Inc. offers real-time monitoring of its customers systems through to 24x7 SOCs. It can manage customers systems, handling security incidents as they occur, or provide security advice for customers still wanting to manage their own systems in-house during breaches.

Leuven, Belgium-based Ubizen N.V. has four SOCs around the world with customers in 50 countries. They have their own event analysis engine for tracking security events.

Other vendors with SOCs and device monitoring are RedSiren, Internet Security Systems Inc. and VeriSign Inc. Cybertrust offers a range of services from simple device monitoring of firewalls and routers to a full-blown SOC -- flexible for any size SMB.

Since these services are all under contract, prices are individually tailor-made and not publicly available. But expect to pay from $40,000 to $150,000 a year for a basic menu of MSSP services.

For an SMB, that's a lot of money. Is it worth it? That depends on your own evaluation of your systems and your particular needs.

Joel Dubin, CISSP, is an independent computer security consultant. He is a Microsoft MVP in security, specializing in Web and application security, and is the author of The Little Black Book of Computer Security available from Amazon.

Rate this Tip To rate tips, you must be a member of SearchCIO-Midmarket.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Information security management for the midmarket Droid does, but will IT support it? Information security program revamp adds outsourcer oversight and more From data breaches to risk management frameworks: Test your knowledge The challenge of managing risk when IT budgets tighten Why cybersecurity awareness is everyone's responsibility Information technology management e-book downloads for midmarket CIOs 10 must-have steps for an effective SMB information security program Your IT security budget: How to get more bang for the buck Using key risk indicators to sell your information security program IT security spending a bright spot in '09, with more growth predicted Security for the midmarket Information security program revamp adds outsourcer oversight and more Your IT security budget: How to get more bang for the buck Locking down security in the move to electronic medical records A CIO's advice for implementing single sign-on solutions Options for outsourcing security grow, offer IT budget savings Network access control: Pointers for getting the knack of NAC Stopping malware viruses from attacking Web 2.0 technology Virtual servers no escape from IT security management concerns Unified communications: Securing access to OCS Unified communications security: How safe is it? Outsourcing for the midmarket Virtualization management strategies ezine for CIOs IT and business management: Service, process and project performance Need for speed driving midmarket adoption of IT outsourcing services Cloud computing defies one definition, so here are a few of the latest Managed IT services for disaster recovery and business continuity Tech skills gap to fuel IT outsourcing growth among midsized users What do you know about data center outsourcing? Business knowledge management helps boost offshore strategy IT insourcing trends: Weighing the pros and cons The price of data center outsourcing: Security, costs and more explored RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.