Quote: sales@farpost.com
24/7 Support: support@farpost.com

Benefits of Engaging an MSS Provider

The results from engaging a reputable, competent MSSP have the potential to be far superior to anything an organization can achieve on its own. Described in this section are reasons for contracting with a MSSP and some of the benefits that may result from the relationship. All of these factors can contribute to reducing the risks faced by the client through a combination of risk mitigation and risk/liability sharing between the client and the MSSP [Navarro 01].

Cost

The cost of a managed security service is typically less than hiring in-house, full-time security experts [Wilbanks 01]. An MSSP is able to spread out the investment in analysts, hardware, software, and facilities over several clients, reducing the per client cost [Hulme 01]. As one example, an MSSP claims it can set up and monitor security on a 250-user network on a single T1 (1.5 Mbps) Internet gateway for about $75,000 a year, excluding hardware. Replicating these actions within the organization produces similar hardware costs, plus at least $240,000 in annual compensation to hire three full-time specialists, based on data from the magazine InformationWeek's most recent Salary Survey [Hulme 01]. A client organization can convert variable costs (when done in-house) to fixed costs (services), realize a tax advantage by deducting MSSP fee expenses from current year earnings versus depreciating internal assets, and experience cash flow improvements resulting from the transfer of software licenses (and possibly personnel) to the MSSP [Alner 01].

Staffing

A shortage of qualified information security personnel puts tremendous pressure on IT departments to recruit, train, compensate, and retain critical staff [Hulme 01]. The cost of in-house network security specialists can be prohibitive [Wilbanks 01]. When outsourcing, the costs to hire, train, and retain highly skilled staff becomes an MSSP responsibility. An MSSP is likely to retain security experts by offering a range of career opportunities and positions from entry level to senior management, all within the information security field [Navarro 01]. In addition, if a client organization can outsource repetitive security monitoring and protection functions, then they can then focus internal resources on more critical business initiatives [Pescatore 01a].

Skills

An in-house staff member who only deals with security on a part-time basis or only sees a limited number of security incidents is probably not as competent as someone who is doing the same work full-time, seeing security impacts across several different clients, and crafting security solutions with broader applicability [Hulme 01].

MSSPs have insight into security situations based on extensive experience, dealing with hundreds or thousands of potentially threatening situations every day, and are some of the most aggressive and strenuous users of security software [Navarro 01, DeJesus 01].

Facilities

MSSPs can also enhance security simply because of the facilities they offer. Many MSSPs have special security operations centers (SOCs) located in various parts of the country. These are physically hardened sites with state-of-the-art infrastructure managed by trained personnel. [DeJesus 01]

Objectivity and Independence

An organization may have multiple, ad hoc solutions to handle the same types of security problems. There may be no enterprise-wide management of security or of strategy. Moving security to a capable security service provider may help simplify and strengthen the enterprise's security posture [DeJesus 01]. An MSSP can provide an independent perspective on the security posture of an organization and help maintain a system of checks and balances with in-house personnel. An MSSP can often provide an integrated, more coherent solution, thereby eliminating redundant effort, hardware, and software.

Security Awareness

It is difficult for an organization to track and address all potential threats and vulnerabilities as well as attack patterns, intruder tools, and current best security practices. An MSSP is often able to obtain advance warning of new vulnerabilities and gain early access to information on countermeasures. An MSSP can advise on how other organizations handle the same types of security problems. [Alner 01, Navarro 01]

An MSSP is likely to have contact with highly qualified and specialized international security experts as well as other MSSPs. These resources can be brought to bear to diagnose and resolve client issues.

Prosecution

The MSSP are often well connected to law enforcement agencies around the world and understands what forensic analysis and evidence are required to successfully support legal proceedings.

Service Performance

When an organization contracts for security monitoring services, the service can report near real-time results, 24 hours a day, 7 days a week, and 365 days a year. This is a large contrast with an in-house service that may only operate during normal business hours. MSSPs can be held accountable for the service standards they provide. They guarantee service levels and assure their availability; failing to do so can have financial repercussions.

Their operational procedures are designed to ensure uninterrupted service availability. Also, if the MSSP is providing service systems, then it is their responsibility to upgrade software and hardware and to maintain a secure network configuration. Because MSSPs have strict contractual obligations to their clients and must maintain their reputation in the marketplace, their control procedures are generally both well documented and carefully enforced [Alner 01]. In all instances, the client needs to verify these performance characteristics.

Service Security and Technology

Service security solutions and technologies such as firewalls, intrusion detection systems (IDSs), virtual private networks (VPNs), and vulnerability assessment tools are far more effective because they are managed and monitored by skilled security professionals. For example, when an intrusion is detected, MSSPs can use a remote monitoring connection to determine whether the alarm is justified and block further intruder actions. A managed service can protect the client's network from unsecured VPN endpoints [Wilbanks 01]. For products developed by the MSSP and used in their services, the client organization receives an enhanced level of product support [Navarro 01].

The MSSP may use other third party provider products as the basis for providing service (such as firewalls and IDSs). Based on the size of the MSSP's client base, the MSSP may be able to influence the product provider to improve the security of their products by, for example, addressing new attacks and vulnerabilities.