The adoption of managed intrusion prevention services is on the rise. Key drivers include the increased skill and sophistication of network attacks, the growing number of ways to access a network, and the complexity of defending against intrusion attempts.
Where a firewall and VPN software were once sufficient protection, attackers can now gain access via compromised smartphones, infected memory sticks or insufficient Wi-Fi security.
Managed intrusion prevention services feature the following capabilities:
- Monitoring of all packets entering or leaving clients’ sites.
- Installation of intrusion prevention hardware and software at customer interfaces to the Internet and at key points within the networks.
- Use of behavioral techniques and signature-based detection methods.
Managed intrusion prevention vendors provide agility and flexibility
Cisco Systems, Dell and IBM, as well as smaller vendors, provide managed intrusion prevention services. These large vendors leverage their ability to quickly spot similar attacks in widely differing geographies. For example, when the same type of new attack occurs on a bank in Europe and on a bank in Asia, defenses can quickly be implemented for all the vendor’s bank customers worldwide. Smaller intrusion prevention vendors offer specialized services for unique customer requirements, such as HIPAA requirements tailored to the specific requirements of a small rural health clinic, rather than those of a large urban hospital.
Cisco’s offering is available through network service providers that use Cisco hardware and software to support their end-user customers. For service providers without the requisite skills, Cisco personnel support their end-user customers directly while also training these network service providers to assume this role. Both IBM and Dell provide intrusion prevention services directly to their customers.
Managed intrusion prevention services offer cost savings and heightened expertise
Managed intrusion prevention services present two main advantages over in-house network staff: cost and expertise.
Cost benefits include the following:
- Reduced-cost around-the-clock coverage: For all but very large firms, the cost of maintaining in-house staff dedicated to network security can easily exceed the cost of outsourcing to a dedicated security service provider. Effective network protection requires 24/7 monitoring. Security service providers spread the cost of around-the-clock coverage, reducing the per customer cost.
- Reduced capital costs. Many outsourcing firms provide and install hardware such as intrusion prevention devices, anti-spam filters and Web monitoring equipment. The cost of the equipment is included in the outsourcer’s monthly charge, eliminating the need for large, up-front equipment purchases. Cost may also be reduced since service providers can negotiate lower prices on large equipment purchases.
Managed service providers offer security expertise such as the following :
- Constant monitoring of the latest reports of hacker activity from organizations such as the SANS Institute and from the antivirus vendors. These reports must be monitored daily since an attack method successful in one place will be quickly replicated in others.
- Latest knowledge of the constantly evolving hacker attack methods by sophisticated criminal organizations that are, in some cases, funded by foreign governments.
- Up-to-date knowledge of the latest PCI, HIPAA and Basel II standards as required by retail, medical and banking organizations. This specialized knowledge dedicated to specific markets can help companies anticipate upcoming changes and ensure their customers are prepared when changes go into effect.
Service provider considerations for managed intrusion prevention
Outsourcing intrusion prevention is successful only if the service provider is thorough, competent and delivers on promises. Potential disasters can occur when a provider fails to stay up-to-date, is unable to deliver on 24/7 coverage promises, and/or applies a one-size-fits-all approach instead of tailoring coverage to the requirements of each client.
These are some other key considerations or actions:
- Ensure that your prospective service provider has sufficient resources to address your issues in a timely fashion: Providers should maintain sufficient staff to deal with problems with more than one customer.
- Research and investigate the service provider's internal controls and employee screening: This will reduce the risks of employee carelessness or fraud. Outsourcing security means increasing the number of people who have access to your critical data and details about your network.
Managed intrusion prevention services offer numerous advantages over maintaining in-house security expertise, but doing your homework up front will help avoid potential risks and failures.
About the Author: David B. Jacobs of The Jacobs Group has more than 20 years of networking industry experience. He has managed leading-edge software development projects and consulted to Fortune 500 companies as well as software startups.
This was first published in September 2011