The increased cost and complexity of securing the business IT infrastructure has opened the door for managed security service providers (MSSPs). In particular, small and medium businesses (SMBs) generally don’t have the security experience or resources to adequately protect their business from today’s security threats. The days of simply configuring firewalls and deploying anti-virus software are long gone.
Most organizations are not in the business of providing IT security. Existing IT staff has been primarily engaged with ensuring the IT infrastructure is operational. When considering the necessary expertise and the burden of installing, configuring and managing security products, many companies prefer to outsource these activities. Security has become too complex and costly to handle internally. At the same time, the risk of security exploits continues to rise. And a security breach can be devastating to a company brand and regulatory compliance violations are costly.
MSSPs are stepping in to fulfill this security outsourcing need. Also, some traditional VARs are complementing their offerings with managed security services. This may include firewall management, intrusion detection and prevention, log management, Web content filtering, penetration testing, vulnerability scanning, helpdesk and other services.
It’s interesting to compare MSSP managed service offerings. For example, an MSSP may provide vulnerability assessments, penetration testing and comprehensive risk reports. While it’s essential to know the overall security posture of a company, it’s even more important to actually mitigate the risks. Security products are now available that combine risk assessment with mitigation. For example, endpoint vulnerability scans are performed to detect issues and then systems are automatically patched and properly configured. This type of solution can be deployed to ensure all endpoint systems are proactively secured daily, minimizing risk of exploit. Risk detection and mitigation are combined into one effective process.
In some cases, MSSPs are building out major cyber centers to provide a complete outsourced security service. Economy of scale is provided by centralizing security staff expertise, hosting security products and providing security related helpdesk services.
Security vendors themselves are moving to support the MSSP market with products that include features to assist in managing multiple clients. Again, contributing to the efficiency of scale required my MSSPs.
SecPod Technologies has designed Saner Business to support MSSPs with a product that combines risk assessment and mitigation. This type of solution is a key component of a managed security service offering.