Andrea Danti - Fotolia
IT security has become an arms race as cyberattacks become more sophisticated and businesses endeavor to keep up with the latest malware variant or spearphishing gambit.
Among channel players, managed security services providers (MSSPs) see the need to deal with the increasingly complex and targeted assaults. In response, MSSPs are boosting the sophistication of their services, in some cases acquiring other security specialists to broaden their offerings. MSSP consolidation could signal a maturing market, but the trend may also reflect the need to combat an expanding set of security threats.
Consider the following:
* In August, IBM acquired Lighthouse Security Group LLC, an MSSP based in Lincoln, R.I. Lighthouse's identity and access management offering will be integrated into IBM's managed security services.
* Also in August, Nippon Telegraph and Telephone acquired Solutionary Inc., an MSSP based in Omaha, Neb. At the time, Solutionary said the acquisition would improve the company's worldwide security intelligence capabilities and expand its research and development budget.
* In December, BAE Systems completed its acquisition of SilverSky, an MSSP with headquarters in New York. BAE Systems said SilverSky added cloud-based email and network security technology to its existing security services portfolio.
Also looking to bolster its portfolio was Masergy Communications Inc., which acquired Global DataGuard Inc., an MSSP, in 2014. John Dumbleton, senior vice president, business development, at Dallas-based Masergy, said his company had been delivering services such as managed firewall and content filtering prior to the deal. The company decided to extend its capabilities through acquisition, considering a dozen candidates before purchasing Global DataGuard. Masergy in December completed the integration with the MSSP's technology and operations.
"We wanted to acquire a managed security company with unique IP [intellectual property] and technology, not just a company that also did managed firewall," Dumbleton said.
He said Global DataGuard provides technology that lets Masergy differentiate itself in the market, contrasting the purchase with transactions focused strictly on increasing scale. Specifically, Global DataGuard provides Masergy with a predictive network behavioral analysis technology, which builds a profile of a business' typical network behavior and then flags deviations as potential security breaches.
Dumbleton said Global DataGuard's technology helps it deal with the new threat landscape.
"I think everyone needs to up their game," he said.
A growing market for managed security services
The MSSP sector, while more than a decade old, continues to show the vibrancy of a much younger market. Research and Markets, in a January report, projected that the market will expand from $14.3 billion in 2014 to $31.9 billion by 2019, a compound annual growth rate of 17.3%.
John Dumbletonsenior vice president, business development, Masergy
This uptick is evident across a range of customer types:
Large enterprises are seeking out more advanced managed security services, spanning threat management, vulnerability management, antimalware, scanning and testing, said Josh Shaul, vice president of product management at Trustwave, an MSSP based in Chicago.
Those companies look for an enhanced set of services to help them withstand "the constant barrage of attacks," Shaul said. "IDC calls this trend 'MSS 2.0,' and analysts are all pointing to growth in this area."
IDC describes MSS 2.0 providers as marketing a "greater depth and breadth of offerings, complementary services, threat intelligence and proactive security talent development."
Distributed organizations, such as franchises, hotel chains and restaurant groups, represent another important source of MSSP demand. Shaul referred to those companies as prime targets for cybercriminals.
"They are ... 100% focused on their business operations and driving revenue from selling pizzas or hotel rooms and have no time for security," Shaul explained.
As a result, distributed businesses partner with MSSPs to cover the security basics for each of their locations, while also obtaining more advanced managed services to protect their corporate-level data center assets, Shaul said.
Small and medium-sized businesses (SMBs), meanwhile, are also clamoring for managed security services. The Research and Markets report cites "SMB deployments" as fueling the sector's rapid growth.
SMBs, like corporate customers, also desire a broader range of security services. Shaul said smaller businesses that were once solely interested in Payment Card Industry Data Security Standard (PCI DSS) compliance now realize they need security that goes beyond checking the PCI DSS audit box.
Expanding security services
Dumbleton said Masergy's midsize to large enterprise customers are rethinking their security approaches as they battle zero-day and highly targeted attacks as well as insiders attempting to exfiltrate sensitive data. At a time where data breaches are on the rise, organizations are looking to improve threat detection as well as perimeter defense.
"It's the notion that the current defense-in-depth strategies, while you have got to have them, are simply not enough in the threat landscape we are living in today," Dumbleton said. "You need to balance defense and detection."
Craig D'Abreo, vice president of security operations at Masergy, said some forms of malware can't be detected with traditional signature-based technology. With the addition of the network behavioral analysis technology inherited from Global DataGuard, Masergy aims to bolster its detection capabilities. Network behavioral analysis doesn't rely on signatures, but instead detects anomalous activity in a network's traffic.
D'Abreo said the behavior-based method creates profiles on assets in the customer's network. A receptionist's desktop, for example, might typically check for email, conduct Google searches and visit a particular server. But if an attacker infiltrates that workstation, it may begin to visit a different set of file or database servers on the corporate network, D'Abreo noted.
"We can see these differences in behaviors," he said.
In another nod to improved detection, Global DataGuard also provided Masergy its security incident and event management (SIEM) technology. D'Abreo said enterprise customers tend to invest in several security technologies that typically operate independently of one another. But in the case of sophisticated malware, no single system can detect the attack, he noted.
SIEM addresses this lack of integration, pulling in data from multiple sources. Masergy's SIEM service, for example, captures and analyzes logs from firewalls, host intrusion detection/prevention systems, Microsoft Windows events and syslog-producing devices, according to the company. The data capture enables event correlation, alerting and reporting.
Cosentry Inc. also moved beyond firewall monitoring as it widened the scope of its security offerings. The Omaha-based hosting provider, which focuses on colocation, private cloud and multi-tenant cloud services, provides managed security services on top of those different platforms. The company late last year updated its managed security services. In addition to firewall management, Cosentry now offers managed intrusion detection/prevention, vulnerability scanning, penetration testing and log monitoring.
"Not just a few customers, but basically every customer, looking to us for hosting services or colocation services is looking to us ... for a security offering," noted Craig Hurley, Cosentry's vice president of product management.
Trustwave has also been bolstering its managed security service lines. The company's Managed Security Testing service, launched in 2013, offers cloud-based scanning and testing. Last year, Trustwave added automated application and database security testing to that particular managed service, "so IT pros can do more thorough testing across all applications, databases and networks," Shaul said.
Trustwave also launched Managed Anti-Malware Service last year, which targets advanced malware attacks.
In some cases, partnering helps MSSPs extend their reach. Cosentry, for example, partners with Solutionary to support customers who need more advanced services such as event correlation, Hurley said.
In another alliance, Datashield, an MSSP, in December linked up with DataView Technologies, which provides business intelligence consulting and implementation services. The arrangement unites two fast-growing fields: big data and IT security.
To wit, DataView's customers pull together data from various sources -- internal systems such as accounting as well as external data feeds -- for business analytics. Data may be housed in a central repository, but this pooling of data creates a security vulnerability.
"Now that you've brought the data into one place, how do you protect that?" asked Louis Rubino, CEO of DataView, based in North Reading, Mass.
He said large enterprises have in-house staff to manage security, but SMBs lack the resources to provide 24x7x365 protection. That's where Datashield comes in. The company's security operations center provides network monitoring, detection, analysis and reporting.
Rubino said managed security services are geared toward SMBs, which would struggle to obtain the technical skill sets required to run a continuous monitoring operation.
"It is a natural fit for that market," he said.
Advice for selling SMB security services
Read about adding next-gen firewalls into your security portfolio
SMB security landscape plagued by deficient security plans and practices, report says