Managed Security Services

As dig­i­tal­iza­tion takes place on a broad scale, companies and or­ga­ni­za­tions are shifting their ac­tiv­i­ties to virtual spaces and digital networks. This tends to increase ef­fi­cien­cy, but it also opens up a larger attack surface. Or­ga­ni­za­tions are therefore forced to address the issue of IT security. Here it pays to be proactive. It is better to prevent attacks before they occur than to try to repair damage that has already been done.

Usually, in­for­ma­tion security services are provided by in-house staff. However, because only larger companies operated data centers with the ap­pro­pri­ate spe­cial­ists, the topic often fell com­plete­ly under the radar for smaller companies. But even large companies were quickly over­whelmed due to the com­plex­i­ty of the topic and con­stant­ly changing threat scenarios.

The fact is: The cat-and-mouse game of pro­tect­ing one’s own systems against global gangs of cyber criminals is costly and con­stant­ly devours resources. That’s why it makes sense to outsource security services to spe­cial­ists. These tend to perform better with greater ef­fi­cien­cy, i.e. lower costs. We take a detailed look at the managed security services provided in this context.

Managed security services (MSS) are services designed to manage and ensure the IT security of companies or other or­ga­ni­za­tions. MSS are provided by spe­cial­ized providers, so-called “Managed Security Service Providers” (MSSP). The largest MSSPs include the IT industry giants IBM, AT&T, and Verizon, as well as con­sult­ing firms such as Accenture and Deloitte. The decisive factor for MSS is that the services are trans­ferred to an external partner. This makes MSSP a special form of Managed Service Provider (MSP).

Before we take a closer look at the actual managed security services, a brief excursion into the world of IT security. If one is familiar with the three basic terms of in­for­ma­tion security, the tension between IT systems, cyber attackers and MSSPs can be better un­der­stood. These are “Con­fi­den­tial­i­ty,” “Integrity,” and “Ac­ces­si­bil­i­ty,” often ab­bre­vi­at­ed as CIA:

Generally speaking, managed security services providers (MSSP) provide any services that serve to maintain IT security. Let’s look at the relevant terms again through the lens of in­for­ma­tion security:

So what do MSSPs do? They proac­tive­ly protect resources from attacks and damage, analyze incidents, respond to them, and deploy systems that generate alerts. Let’s take a look at what services MSSPs provide in detail below.

First of all, a managed security service provider (MSSP) is the point of contact for all issues related to the customer’s IT security. As part of strategic planning, MSSPs help define goals, uncover risks, and identify op­por­tu­ni­ties. The customer benefits from the provider’s ex­pe­ri­ence and spe­cial­ized knowledge.

Specif­i­cal­ly, MSSPs clarify which systems to build and manage and how. This includes hardware, software, and con­fig­u­ra­tion. In some cases, these are provided directly by the MSSP, which nowadays often happens in the cloud; otherwise, the provider manages the systems running at the customer’s site. In addition, MSSPs help the customer implement best practices for data center security. This includes staff training.

In addition to proactive con­sult­ing, emergency as­sis­tance is also a critical managed security service. After all, damage requires a rapid response. At the same time, it is essential not to panic, otherwise there is a risk of making the situation worse. The ex­pe­ri­enced spe­cial­ists of the managed security service provider have already ex­pe­ri­enced fre­quent­ly occurring scenarios. They can assess the risks and provide rec­om­men­da­tions on the best course of action.

Although having support from a managed security service provider is worth its weight in gold for an or­ga­ni­za­tion in an emergency, by then it’s often too late. If sensitive data has been stolen, for example, the only option is to attempt damage control. It is therefore better to act proac­tive­ly.

The basis for proactive action lies in forward-looking planning and con­tin­u­ous mon­i­tor­ing of critical struc­tures. This includes IT systems such as end devices, cloud en­vi­ron­ments, data storage, and networks. Systems are monitored for the emergence of sus­pi­cious patterns. If an incident is detected, alerts are generated. Based on this, ap­pro­pri­ate defensive or rescue measures are initiated.

Mon­i­tor­ing IT resources requires spe­cial­ized systems that generate alerts in real time. This is the only way to react in time. Because: Computer networks are con­stant­ly under attack. At the lowest level, automated defense measures are used. Let’s take a look at some of these.

The om­nipresent firewalls filter out unau­tho­rized packets based on static rules. They thus form the basis for network security. Firewalls are im­ple­ment­ed both as spe­cial­ized hardware and at the software level. Attack detection systems are also used. These are “Intrusion Detection Systems” (IDS) or “Intrusion Pre­ven­tion Systems” (IPS), the latter adapting firewall rules in response to detected incidents in real time. IDSs and IPSs are deployed both as part of network hardware and on users’ endpoints.

Less glamorous than fighting hackers, but no less important, is managing upgrades and patches. Since good patch man­age­ment prevents many attacks, it is an essential part of the IT security strategy. Fur­ther­more, upgrade man­age­ment can be out­sourced par­tic­u­lar­ly well as a managed security service. In general, problems can occur with any update. If a service provider performs the same update for many customers, the problems and their solutions are known.

As part of the proactive approach, managed security service providers take on another function. They check their customers’ systems for weak­ness­es and vul­ner­a­bil­i­ties. The goal is to minimize the prob­a­bil­i­ty of security breaches, as well as the severity of the resulting damage. Various ap­proach­es are used in this process.

In a security audit, all areas of an or­ga­ni­za­tion are checked for vul­ner­a­bil­i­ties. In addition to the oblig­a­tory technical aspects, the focus is par­tic­u­lar­ly on or­ga­ni­za­tion­al and human factors. First, the findings obtained during the audit are used to identify weak­ness­es on the basis of logical con­clu­sions and to initiate im­prove­ments.

Second, well-in­ten­tioned “white hat hackers” attempt to leverage or cir­cum­vent a system’s security pre­cau­tions as part of so-called “pen­e­tra­tion tests” (pen­test­ing). Pen­test­ing uses the same ap­proach­es and tools that are used by malicious black hat hackers. If the target has been suc­cess­ful­ly hacked, the pen­testers reveal which vul­ner­a­bil­i­ties they have exploited. Based on this in­for­ma­tion, the systems are sub­se­quent­ly hardened and improved. In this way, they are better protected against similar attacks by malicious actors.

Last but not least, managed security service providers support their customers in complying with ap­plic­a­ble reg­u­la­tions and correctly im­ple­ment­ing best practices. The topic is known as “Reg­u­la­to­ry Com­pli­ance” (or “com­pli­ance” for short). The mon­i­tor­ing of a customer’s com­pli­ance by an MSSP is known as com­pli­ance mon­i­tor­ing.

Es­pe­cial­ly for critical in­dus­tries such as health­care, insurance, legal or­ga­ni­za­tions, and banking and finance, com­pli­ance is of utmost im­por­tance. Because only by ensuring com­pli­ance is it possible to avert a loss of image and sub­stan­tial com­pen­sa­tion payments in the event of damage.

The promise of using managed security services is to achieve better security while reducing costs. managed security service providers (MSSP) take a sys­tem­at­ic approach to auditing and managing security-related issues. Their spe­cial­ized knowledge in the security field helps ensure com­pli­ance with higher security standards. If required, the MSSP provides the hardware needed for security com­pli­ance.

Permanent mon­i­tor­ing of security allows proactive coun­ter­mea­sures to be taken in the event of an attack. Security gaps are iden­ti­fied and elim­i­nat­ed in advance, networks and IT systems are monitored, and attacks are au­to­mat­i­cal­ly prevented. The customer benefits from the security expertise of an ex­pe­ri­enced service provider, because the spe­cial­ists with know-how in the security field are up to date with the latest knowledge. Depending on re­quire­ments, managed security services are provided flexibly either remotely or directly on site.

On the customer side, this results in a reduction in costs by saving the company’s own time and personnel expenses. Fur­ther­more, the ability to focus on the core business allows for a more efficient use of the employed resources. Managed security services are often offered in different per­for­mance classes. This makes IT security costs trans­par­ent and plannable. Costs can be minimized while op­ti­miz­ing security at the same time.

If special com­pli­ance rules must be observed, such as in the health­care or financial sectors, spe­cial­ized managed security service providers can be used. These offer complete plans that are perfectly tailored to the customer’s needs and include the required managed security services at an optimal price.