Fraud is a rapidly growing problem for public and private sector organizations of all sizes. Overall operational risk continues to grow at an alarming rate as the fraud component grows. The compounded growth in fraud can be attributed to the ever-increasing levels of sophisticated tools, attacks and methods used to defeat the security infrastructures we have built to identify, alert and remediate this threat. I find more and more organizations struggling to properly deploy technology to combat the risk associated with fraud. Since the threat for fraud can come from the internet as well as from the inside, the risk to your information, customers and shareholders is higher than it has ever been.
To detect fraudulent activity, we are challenged as security and IT professionals to manage, review and maintain a vast array of appliances and software. The massive amount of knowledge required to properly deploy and integrate these technologies and to manage the raw amount of data they produce is overwhelming to most organizations.
Managed security offerings are not new to the industry, but their growth lately cannot be ignored. As organizations have continued to struggle to manage their own security infrastructure, the value of a managed security relationship has evolved. Managed security solutions have evolved to fit just about any need you may encounter, whether your organization is looking to outsource a complete security offering, partner on a solution that it lacks the time or skill set to address in-house, to have a check and balance for compliance and regulatory reasons, or simply to leverage a second set of eyes to complement the in-house team.
In this Group Test, we are looking at companies that strive to deliver a security service as a hosted or managed offering. Our criteria was for the offerings to provide a turnkey approach to an organization's primary technical security needs. These could be either a co-located device at the client organization facility or a completely outsourced solution where the application to be protected would reside at the vendor's data center, network operation center (NOC) or security operation center (SOC).
How we tested
Our usual testing methodology differed this time. Since this review was based on mostly managed service offerings, there were no actual product submissions for us to install and review. Our examinations were a combination of web demonstrations and online studies of live analyst NOC/SOC tools and functionality and client portals to review reporting, alerting, ticketing and remediation activities.
There are numerous managed security offerings available today. Our submissions varied greatly and provided us with a very nice cross-section of the types of services available in the market. We looked at offerings that provide full-service managed security services through fully staffed 7/24/365 security operation centers. Other options took a more focused approach. We saw solutions that specialized in web application security using global threat data. Still others addressed web content security and network threat protection through the use of behavioral analysis/anomaly detection, as well as several other functions.
We were very pleased with the various web-based user tools and interfaces we saw. The reporting, configuration and alerting functions were easy to use and very powerful.
As we saw from our testing, offerings differ greatly. It is important to fully understand your goals in partnering with a managed service offering. It is also important to remember that this is a partnering arrangement and that your IT and security resources should always be engaged in the day-to-day management of enterprise risk. Topics like incident response and forensic investigations need to be considered. Some solutions make it very easy for you to get your log data back. Others don't make that task so easy or even possible.
As always, our best advice is to do your homework: Research all the options and make the choice that best fits your needs.