Eliminate security dilemma

Not only the quantity, but also the quality of cyber attacks has been steadily increasing for several years; especially the numerous advanced web attacks, the so-called Advanced Persistent Threats (APTs), aim at stealing critical corporate data and make life difficult for IT departments. Traditional security concepts based on perimeter protection with firewalls, VPN systems, anti-virus software and web filter solutions are often reaching their limits. And even if local infrastructures are completely sealed off, more and more insider attacks using privileged user accounts are jeopardizing the confidentiality of data.

For companies, this results in the need to constantly expand existing security solutions or even implement new systems on a regular basis. But this is where the real problem begins, because the effort involved is considerable and overwhelms many companies whose personnel and budget resources for these tasks are limited.

Comprehensive end-to-end security

Many companies are therefore taking a different route. They opt for Managed Security Services (MSS). When selecting an MSS offering, however, a number of key aspects should be taken into account, especially since different definitions of the term are still in circulation - even from the provider side. For example, there are opinions that this involves the operation of IT security infrastructures or security-as-a-service solutions.

These definitions fall short, however, because they would be merely selective approaches. Both pure security operations and a security-as-a-service approach that is limited to a specific challenge, for example APT defense, are merely individual components of comprehensive managed security services.

In fact, MSS is about a holistic solution concept that covers the entire end-to-end security service. First of all, this concerns infrastructure management, which includes subareas such as device management, change management, asset management or device health monitoring. In addition, an end-to-end approach includes security analysis, proactive monitoring and reporting. In MSS projects, infrastructure and technology management are often merely the basis for higher-value services. Generally speaking, this also means that it is not a matter of outtasking in the classic sense, i.e., the outsourcing of individual operational activities, but much more comprehensively the outsourcing of risks, i.e., ultimately also end-to-end risk management.

Specifically, the MSS service spectrum must cover areas such as network and endpoint security, application and content security, identity and access management, vulnerability and threat management, and security information and event management.

The offer of an MSS provider should contain the following elementary components:

• Security and Health Monitoring
• Security Reporting
• Backup and recovery of security systems
• Incident Management
• Encrypted connections for the transfer of log, monitoring and backup data as well as for remote access
• Out-of-band management for emergencies
• 7×24 service desk
• Dedicated Service Manager

Furthermore, in terms of data protection and data security, it is essential that a provider operates redundant data centers on a local level, be it in Germany, Austria or Switzerland.

The combination of local presence and global threat intelligence is indispensable

For the German-speaking market in particular, in addition to the purely functional components of an MSS offering, the legal and regulatory aspects relating to data protection, access and storage are also of crucial importance. In other words, the local presence of an MSS provider is important, because only in this way can the regulatory and language requirements be optimally covered. Conversely, however, this does not mean that only purely local providers can be considered for MSS use, because they generally do not have a valid global database for proactive security monitoring. However, only global threat intelligence can be the basis for implementing comprehensive protection against acute - and even completely new - threats.

Unlike a purely local MSS provider, a global provider can monitor and analyze messages and faults from a wide range of IT infrastructures from several thousand customers worldwide. Based on this data, it can then generate a real-time picture of the threat landscape, which in turn is used to create efficient cyber defense solutions.

Conclusion

Today, IT security is a key criterion for the success and competitiveness of a company. Industrial espionage in particular is an acute threat for many companies, and defending against attacks requires an ever-increasing amount of effort. Many companies also lack experts who can deal with all the current issues surrounding IT security and implement and operate adequate security solutions. One way out of this dilemma is Managed Security Services; the strong growth in this market segment demonstrates the increasing importance of these services for companies of all sizes and industries.

Author Kai Grunwitz is Senior Vice President Roof at NTT Com Security