ISP-Planet - Technology - Survey - Managed Security Providers

Sections

• Best of the Lists
• Business
• CLEC-Planet
• Equipment
• Executive
Perspectives
• Fixed Wireless
• Investor
• Marketing
• Market Research
• News
• Notable Quotes
• Politics
• Profiles
• Resources
• Technology
• Value-Added
Services
• Webhosting
Also ...
• About Us
• Authors
• Letters
• Site Map
• Technology Jobs

internet.com

Internet News
Small Business

Advertise
Newsletters
Tech Jobs
E-mail Offers

internet.commerce

Be a Commerce Partner

ISP-Planet Survey:
Managed Security Service Providers—continued

Managed Intrusion
Detection and Security Monitoring

Managed Intrusion Detection Services vary, but typically include security event monitoring, analysis, and response/escalation procedures. Many rely on a commercial Intrusion Detection System (IDS) like ISS RealSecure or Enterasys Dragon, deployed in the customer's network, alone or with a managed firewall. Counterpane, RipTech, and SecureWorks use highly customized platforms that provide intelligent filtering, improving the security monitoring signal-to-noise ratio. Surveyed providers offering one or more of these Managed Services are listed on the Managed Intrusion Detection and Security Monitoring Chart.

Is there a big difference between Managed IDS and Managed Security Monitoring? One factor can be span: Counterpane's solution is designed to be security product independent, drawing events from a wider variety of sources. Another factor can be human expertise—do you want raw IDS notifications or in-depth event analysis? According to Vigilante's Reavis, "Both are active systems, looking for any sense of breach, centrally consolidating/correlating and notifying you. The difference is the technology they use. The value proposition and what they're trying to do are really pretty similar."

Automated intrusion response is a point of contention. Anyone who has used an IDS, even briefly, knows the importance of event correlation - and just how many "root cause" alerts still require human analysis. Given this, is it really a good idea to launch automated remedies? Keybridge doesn't think so; they warned, "Automated intrusion response creates additional security risks." Several other providers stressed customer involvement in creating an incident response plan, whether automated or not. As one provider put it: "The customer defines the security policy; [we] enforce it."

Managed Anti-Virus
These services may scan packets flowing through firewalls or deflect packets to an AV server. Some offerings scan e-mail and potentially infected attachments. Managed Anti-Virus Services include more than shrink-wrapped software—providers are responsible for installation, configuration, reporting, and regular updates. The platform may be a Managed Firewall, an appliance like the Nokia AV-445, or a provider-hosted AV server (below).

Managed Anti-Virus Services Chart
Providers	Platforms	Auto- Updates	Content Types	Comments
Exodus Anti-Virus Appliance Service	Nokia AV-445	Weekly	Email Attach	Standalone or as option. Monthly Exec Reports, every 6 minutes the box is verified up and running.
Guardent Managed Firewall Services	Trend Micro	Bi-Monthly	SMTP, HTTP, FTP	Option with managed firewall service
Intermedia Managed Firewall and VPN Services	Check Point OPSEC	None	Not Specified	Included in managed firewall and VPN
ISS Managed Intrusion Detection Services	Trend Micro	Daily	File transfer and Email	Supported in conjunction with Managed Check Point Firewall. Real-time reporting via customer web portal.
NetPlexus Managed Anti-Virus Service	Nokia AV-445 with McAfee WebShield	Weekly or As Required	SMTP including Email attachments	Standalone but typically ordered in conjunction with Managed Firewall
WorldCom Managed Email	Customized MTA Symantec Virus Scan EngineBrightmail Server	Yes, as necessary	Email messages and attachments	Anti-Virus service is an option with WorldCom Managed Email product. Hosted e-mail supports Web Mail, POP3, and IMAP4 mailboxes, with Web access available for each mailbox type.

Managed content filtering and URL blocking
Managed Content Filtering Services typically allow or deny Web traffic based on destination (URL) or payload (Java, ActiveX). Subscriptions are typically sold as a firewall add-ons, but we found two providers offering this as a standalone service. WebSense is the platform of choice for many of those surveyed; the website database used to filter by category can often be updated daily.

Managed Content Filtering Services Chart
Providers	Platforms	Auto- Updates	Content Types	Comments
AT&T Managed Firewall: Server Based (MFS-SB)	WebSense	Daily (Off Peak)	Web, inbound mail attachments, Java, ActiveX, & Applet tags, outbound host & field stripping.	Additional charge for this option with MFS-SB offer. Integrated content screening engine filters Web traffic based upon content ratings, with Group Policy overrides.
Guardent Managed Firewall Services	WebSense	Daily	HTTP	Option with managed firewall service
Intermedia Managed Firewall and VPN Services	Check Point	None	Not Specified	Included in managed firewall and VPN
ISS Managed Web Filtering Service	WebSense	Daily	URL/Web	Provided in conjunction with Check Point Managed Firewall
NetPlexus Managed Content Filtering Solution	WebSense Enterprise	Weekly or As Required	Web content by URL & Keyword	Standalone but typically ordered in conjunction with Managed Firewall
OneSecure Managed URL Filtering Service	WebSense SmartFilter	Daily	"All irrelevant and unwanted content"	Standalone or as option.
Telenisus Managed URL Filtering Service	WebSense	Determined by Mfg.	Web	May be layered with other services. Managed caching is also an option, delivered as WebSense on Cacheflow.
WorldCom WorldCom Internet Managed Firewalls-Check Pointl	Check Point	Not Specified	URL Blocking	Standalone or as option.

<Back to page 1:
ISP-Planet MSSP Survey

Go to page 3:
Managed Vulnerability Assessment >

Feedback

ISP-Planet's RSS feed