A managed approach to security

Security vendor Internet Security Systems (ISS) is emphasising the importance of managed solutions in the enterprise market. This fits into a broader pattern in the industry, where enterprises are responding to an increasingly complex and fast changing security environment by demanding closer service relationships with security hardware and software vendors.

  • E-Mail
By  Simon Duddy Published  May 26, 2004

|~|boegarts_m.jpg|~|“We are seeing two distinct customer types at the moment. One is the tech-savvy larger enterprise customer that we have been dealing with for a long time. These companies have inhouse teams that can manage our security solutions,” says Alex Bogaerts, the Europe, Middle East & Africa president of ISS. “However, we are also seeing an increasing number of other businesses that need security but don’t have the time or resources to dedicate a team to run it, so we offer our managed protection services for this role.”|~|Security vendor Internet Security Systems (ISS) is emphasising the importance of managed solutions in the enterprise market. This fits into a broader pattern in the industry, where enterprises are responding to an increasingly complex and fast changing security environment by demanding closer service relationships with security hardware and software vendors. “We are seeing two distinct customer types at the moment. One is the tech-savvy larger enterprise customer that we have been dealing with for a long time. These companies have inhouse teams that can manage our security solutions,” says Alex Bogaerts, the Europe, Middle East & Africa president of ISS. “However, we are also seeing an increasing number of other businesses that need security but don’t have the time or resources to dedicate a team to run it, so we offer our managed protection services for this role.” This approach has led to a growing market for managed services providers such as ISS. In April, the company reported an increase in revenues from US$59.5 million first quarter 2003 to US$67 million for the same period this year, with year on year growth of 13%. “ISS started as a software company but we have had experience of managed services since the acquisition of Netrix in 1999,” adds Bogaerts. Making this move from its traditional high-end enterprise heartland to catering for companies in the mainstream business market has meant another change of tack for ISS. The company has developed its Proventia M series product line-up. At the core of this is a modular approach that can readily be adapted to different business needs. The product is an all-in-one security appliance that incorporates ‘blades’ dedicated to tackling a particular kind of threat. This scalable solution can include and exclude components such as firewall and content filtering. ISS also acquired German spam filtering specialist Cobion AG in January for US$34 million. ISS then added the spam filtering tools to its existing offering. With more enterprises looking for an all-encompassing solution from one company, this represents a significant step by ISS. ISS maintains that this gives the company a well-rounded security offering. So much so that it offers a money-back guarantee on its service level agreements (SLAs). “None of our customer’s systems were infected by the recent Sasser virus outbreak,” says Bogaerts. “We use a blend of scanning and intrusion detection systems (IDS) as this offers the best balance of affordable yet adequate protection. Having this balance and keeping systems operating efficiently and at an affordable level is just as critical as keeping dangers at bay,” he explains. ISS has a dedicated team called X-Force that researches worms and viruses. It looks for bugs in software that can be exploited by hackers and virus writers. The ISS experience reflects a broader cross industry move. By 2005, Gartner estimates that 60% of enterprises will outsource monitoring of at least one perimeter security technology. “Most enterprises will not have the resources to do an effective job at keeping the bad guys out and letting the good guys in. Outsourcing the keeping-the-bad-guys-out effort is a driver for the managed-security market,” says Gartner Group’s managing vice president, Victor Wheatman. The managed services market in the region is growing too, with other major security players making moves in this direction. In March, Symantec appointed Information Management Technologies (IMT) as its first managed security services partner (MSSP) in Saudi Arabia. Under this partnership, IMT provides complete management of client environments including risk profiling, vulnerability assessment and consulting services. In the modern enterprise, security solutions pose a problem as they generate a volume and sophistication of data that is often difficult for companies to interpret effectively. This is where out-sourcing to specialist companies, such as ISS, IMT and others, comes in to play. The service provider business still has to prove that it has an enduring model though. ASPs went through the hype and bust phase a few years ago and managed security services providers are still facing the fall-out as most customers remain cautious when it comes to outsourcing. According to Tom Scholtz, vice president of security & risk strategies for Meta Group, this is because many companies still have a mental block when it comes to outsourcing operational security. “True, administration and support of security technology is growing, but monitor and response tasks, such as tracking IDS, are growing much more slowly,” he says.||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code