Manage Learn to apply best practices and optimize your operations.

Managed security service strategy calls for vigilance

Targeted threats require constant attention, plus unified threat management with intrusion detection, patch management and content filtering.

Threats to IT infrastructure are becoming more targeted, a trend that is rewriting the rules for VARs and IT services companies that sell managed security services.

In the past, spammers and hackers created malware that they would cast out in a wide net with the hope of a random strike. But today's zero-day attacks often are focused on specific industries and companies. Those attacks might center on stealing data, but they could also have some other purpose -- such as using a company's server hardware or network to launch a denial of service attack against an Internet service provider.

That's why ongoing vigilance is central to an effective security defense, as are unified threat management solutions combining intrusion detection, ongoing patch updates and content filtering for incoming and outgoing communications. Solutions must change dynamically over time in order to remain effective.

"There is no set and forget; this is all about care and feeding and ongoing expertise that evolves over time," said Norman Currie, vice president for management solutions at Accuvant Inc., a Denver-based security services company. "You have to create a system of checks and balances."

Constant vigilance required

Many measures that can help protect companies come down to "good computer hygiene," said Michelle Drolet, CEO and co-founder of Towerwall Inc., an IT security services firm in Framingham, Mass.

That includes making sure malware pattern files are updated and that software subscriptions are kept up to date -- both of which VARs and MSPs can offer as ongoing managed services.

But security channel partners also need to reach beyond network infrastructure into the software applications that their customers are using. That's because applications -- particularly those being accessed via a Web interface -- are increasingly being used as an entry point into corporate networks, Drolet said.

"We absolutely recommend application penetration testing, because nine times out of 10 we find something that could lead to a compromise," she said.

Towerwall also advises ongoing monthly reviews of its clients' environments and policies under its consulting arrangements, so that it can assess whether changing business requirements warrant different security measures.

"The people piece needs to be in place," Drolet said.

Role of social networks

Speaking of people, the security challenges perpetuated by social networks and social media can no longer be ignored. Corporate policies governing the way employees use both require more attention, said David Dadian, CEO of, a managed service provider in Ho-Ho-Kus, N.J.

"Initially the concern within companies was the amount of time being spent on social networks, so there were lockdown requests with productivity in mind," he said. "But now companies are using them to promote the business, so you can't just shut things down across the board. You need to consider different sorts of access for different sorts of users."

That reality has prompted companies to create strategies for filtering outbound content for obvious breach problems, such as confidential information, types of data or trigger words that could suggest problematic messages.

One layer of defense for filtering social media traffic can be found in products such as iPrism from EdgeWave, Dadian said. The technology works with social media applications including Facebook, Twitter, Windows Live Messenger, Windows Messenger, Google Talk and Jabber.

But more often than not, many customers rely on the common sense of their employees for protection in the social media world.

"Right now the standard for this is better judgment," Dadian said.

Staying one step ahead

Another fact of life for any VAR or MSP offering a managed security service is the need to stay at least one step ahead of the bad guys, which means perpetual training and education is almost a given for every security services company.

This is not an insignificant investment.

At Towerwall, that means assigning senior engineers to keep on top of patch updates, evaluate new technologies and watch for malware alerts that could signal an upcoming attack. "We constantly focus on keeping our knives sharp," Drolet said.

Likewise, Accuvant dedicates resources to understand the behaviors and motivations beyond certain threats in order to get better about thwarting future attacks more proactively.

"How are the threats designed, how do they multiply, by what avenues do they proliferate? These are all things you need to look at if you are really serious about mitigating security threats for your clients," Currie said.

Heather Clancy is an award-winning business journalist in the New York City area with more than 20 years of experience. Her articles have appeared in Entrepreneur, Fortune Small Business, the International Herald Tribune and The New York Times. Clancy was previously editor at Computer Reseller News, a business-to-business trade publication covering news and trends about the high-tech channel.

Dig Deeper on MSP business model transformation

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.