As threats multiply, more companies outsource security to MSSPs

SMBs benefit from more efficient, automated threat detection and response

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Pay­roll. Cus­tomer rela­tion­ship man­age­ment. Employ­ee benefits.

These are a few of the com­mon cost-of-doing-busi­ness func­tions most com­pa­nies must expense and which many have cho­sen to outsource.

You can add net­work secu­ri­ty to that list. In the dig­i­tal age, all com­pa­nies must come to grips with ris­ing expo­sures to crim­i­nal hack­ing; and many, espe­cial­ly small and mid­size busi­ness­es, are dis­cov­er­ing a wel­come out­sourc­ing alter­na­tive: man­aged secu­ri­ty ser­vice providers, or MSSPs.

IT bud­gets, includ­ing secu­ri­ty spend­ing, remain tight. Yet most com­pa­nies, by now, have acquired a port­fo­lio of cyber­se­cu­ri­ty sys­tems. In response, more niche ven­dors have sur­faced as third-par­ty man­agers to care­take the secu­ri­ty sys­tems com­pa­nies of any size might find too cum­ber­some to man­age in-house.

MSSPs func­tion as a con­tract­ed Secu­ri­ty Oper­a­tions Cen­ter, or SOC, remote­ly mon­i­tor­ing and tweak­ing secu­ri­ty sys­tems for their clients 24 hours a day. Ser­vices typ­i­cal­ly include keep­ing anti-mal­ware updat­ed; pro­vid­ing secure back­up; and car­ry­ing out vul­ner­a­bil­i­ty patch­ing and web con­tent fil­ter­ing. They also can admin­is­ter intru­sion detec­tion; man­age vir­tu­al pri­vate net­works; mon­i­tor fire­walls and secu­ri­ty gate­ways; and do post-breach foren­sic analysis.

It’s “the largest and fastest grow­ing IT secu­ri­ty ser­vice,” says Steve Kel­ley, chief mar­ket­ing offi­cer for Trust­wave, which com­petes in the sec­tor. “Just about any busi­ness is at risk.”

In a sur­vey of in-house IT secu­ri­ty pro­fes­sion­als by Trust­wave that was released in Feb­ru­ary, 86 per­cent said they either already part­ner or plan to part­ner with an MSSP. That was up from 78 per­cent a year ago.

In 2014, the glob­al mar­ket for secu­ri­ty out­sourc­ing totaled $13.8 bil­lion, with an annu­al growth rate of 15.4 per­cent fore­cast through 2019, accord­ing to tech indus­try research firm Gart­ner. A large chunk of it comes from man­aged secu­ri­ty ser­vices, which account­ed for $7.9 bil­lion world­wide, it says.

With so many secu­ri­ty tools and ser­vices avail­able, the MSSP mar­ket remains heav­i­ly frag­ment­ed. Some of the house­hold brands—IBM, Ver­i­zon, AT&T and Symantec—offer a com­pre­hen­sive set of ser­vices for enter­prise clients that have a mul­ti­tude of end­points (desk­tops, work­sta­tions and mobile devices).

For exam­ple, IBM’s man­aged secu­ri­ty ser­vice divi­sion han­dles “threat data from more than 270 mil­lion end­points and man­ages approx­i­mate­ly 25 bil­lion secu­ri­ty events dai­ly for clients world­wide,” wrote Kel­ly Kavanagh and Toby Bus­sa, ana­lysts at Gart­ner, in their recent report about the state of the MSSP segment.

Carl Banzhof, LOGICnow vice president of engineering
Carl Banzhof, LOG­IC­now vice pres­i­dent of engineering

Anoth­er seg­ment of the man­aged secu­ri­ty mar­ket is com­posed of con­sult­ing tech­ni­cians who cater to very small busi­ness­es. These MSSPs are typ­i­cal­ly mom-and-pop shops them­selves with one or two employ­ees who assem­ble and inte­grate prod­ucts devel­oped by oth­ers, says Carl Banzhof, vice pres­i­dent of engi­neer­ing for LOG­IC­now.

LOG­IC­now pack­ages and white labels cloud-based secu­ri­ty solu­tions used by MSSPs cater­ing to very small busi­ness­es. Banzhof told Third­Cer­tain­ty LOG­IC­now caters to some 12,000 small MSSP shops that col­lec­tive­ly help pro­tect about 2 mil­lion end­points, includ­ing Microsoft Win­dows, Apple and Lin­ux end­points and servers used in small­er companies.

Typ­i­cal­ly, the aver­age man­aged ser­vice provider in our space ser­vices the client that has between five and 25 desk­tops,” he says.

Some of MSSPs’ ser­vices are more quo­tid­i­an and may be cum­ber­some for SMB own­ers who are try­ing to focus on oth­er aspects of their busi­ness. “You are try­ing to run your busi­ness on a dai­ly basis. You don’t real­ly think about, ‘Oh, I need to update all these Microsoft patch­es, or I need to update Adobe and make sure my antivirus is turned on,’” Banzhof says.

A chal­lenge in con­vinc­ing SMBs to out­source IT secu­ri­ty ser­vices is their ten­den­cy to under­es­ti­mate the risk—the it-can-nev­er-hap­pen-to-me men­tal­i­ty, Kel­ley says. “Cyber­crim­i­nals don’t dis­tin­guish large and small busi­ness­es. They’re look­ing for the eas­i­est house to rob, not nec­es­sar­i­ly the nicest house,” he says.

Relat­ed sto­ry: SMBs let their guard down on security

Some DIY small busi­ness own­ers often select their secu­ri­ty­ware from a large vari­ety of off-the-shelf prod­ucts that are installed by one-time ven­dors. They’re left to their own devices in updat­ing, man­ag­ing or scal­ing it as nec­es­sary. And they typ­i­cal­ly lack in-house skills to keep up with hack­ers’ rapid­ly evolv­ing tactics.

There’s a lot of tar­get­ed attacks that are hap­pen­ing tru­ly at small busi­ness­es now because the attack­ers real­ize that there is a cer­tain num­ber of the small busi­ness­es that house a great deal of sen­si­tive infor­ma­tion that’s more valu­able on the mar­ket,” Banzhof says.

In shop­ping around for MSSPs, clients should look par­tic­u­lar­ly for their capa­bil­i­ty in run­ning remote secu­ri­ty oper­a­tion cen­ters, Trustwave’s Kel­ley advis­es. Larg­er ven­dors with glob­al oper­a­tions can pro­vide a more “inter­na­tion­al fla­vor” on the threat intel­li­gence from sources world­wide. They have been exposed to more vari­ety of cas­es that can prove use­ful to clients, he says. AT&T, for exam­ple, runs eight secu­ri­ty cen­ters world­wide, accord­ing to Gartner.

But “a mere pres­ence of a (cen­ter) doesn’t actu­al­ly mean that the ven­dor is tru­ly legit. You don’t want some guy com­ing at grave­yard shift look­ing for the red light,” Kel­ley says.

SMB own­ers also would be wise to assess ven­dors’ expe­ri­ence in han­dling cloud data. Expand­ed use of cloud-based com­put­ing and respond­ing to it—as well as get­ting access to those environments—have been chal­leng­ing for many MSSPs, Gartner’s Kavanagh and Bus­sa wrote. “MSSP sup­port for pub­lic cloud envi­ron­ments is incon­sis­tent and evolv­ing,” they said.

More sto­ries relat­ed to net­work security:
New net­work defens­es leave intrud­ers with no place to hide
G Data moves to meet the need for man­aged secu­ri­ty services
Man­aged secu­ri­ty ser­vices help SMBs take aim at secu­ri­ty threats