|
|
|
|
|
|
|
|
|
||
|
|
||
|
Be a Commerce Partner |
ISP-Planet
Survey:
Managed Security Service Providers—continued
Managed Vulnerability Assessment |
 |
Managed Vulnerability Assessment Services typically include automated penetration testing, followed by expert analysis to identify and plug security "holes". Assessments may be conducted before and after installation of other Managed Security Services, then periodically repeated. Look carefully at the level of automation and human analysis—these vary greatly. A quick scan may appear less costly than a carefully-crafted action plan, but which will accomplish your goal? Many providers also offer on-demand custom assessments that go far beyond automated perimeter defense scanning—for example, examining an organization's security policies, methods and procedures, verifying physical premises security, and attempting to break in through social engineering.
|
Managed Vulnerability Assessment Services Chart |
||||
|
Provider
|
Platforms
|
Frequency
|
Results
|
Comments
|
| Exodus
MVPA |
Nessus+ |
2/month
|
Mail
notification containing secure URL to report
|
Customer may request one hour telephonic analysis per report. Custom penetration testing also available. |
| Foundstone
Managed Vulnerability Assessment Services |
Proprietary |
Continuous,
Daily, or Weekly
|
HTML
drill down reports summarize findings and recommendations
|
Includes 32 hours consulting to look at systemic causes or present findings. Alerting service notifies of new vulnerabilities, customizable by kind and severity level. Standalone yearly subscription or bundled with penetration testing professional services. |
| Guardent
Vulnerability Protection Services |
Proprietary |
Weekly,
Monthly, Quarterly, or On-Demand
|
Available
offline and on-line
|
Intrusion testing and network architecture assessment consulting services also available. |
| Interland
Managed Security Assessment Service |
ISS Security Assessment |
Monthly
or Quarterly
|
Electronic
report
|
Standalone or as option |
| IntermediaSecure
Managed Firewall and VPN Services |
ISS Scanner |
Quarterly
|
Not
Specified
|
Included in managed firewall and VPN |
| ISS
Managed Scanning Service |
ISS
Internet Scanner™
|
Monthly,
Quarterly, or
On-Demand |
Available
by logging onto secure website for view, download or email.
|
Standalone
service.
|
| METASeS
DefenseONE |
Proprietary
and Manual Scans
|
Quarterly
|
Report
with recommendations (Word document)
|
Perimeter
scanning for firewalls, Web, FTP, and DNS servers, routers, etc.
Detailed reports, identification and reduction of networking and
Internet systems security vulnerabilities. Full range of consulting
and continued vulnerability management services.
|
| NetPlexus
Vulnerability Scanning Service |
NAI
CyberCop
|
Quarterly
|
Identify
changes, make corrections, additional policy recommendat-ions. Post
to secure Cust. Support Site.
|
Initial
and quarterly scans provided with Managed Firewall. Additional scanning
services can also be purchased.
|
| OneSecure
Managed Vulnerability Scanning Service |
Proprietary
|
On
Demand
|
Report
containing information to fortify machines tested, classified in
five levels
|
Standalone
or as option.
|
| Riptech
Security Professional Services |
Combination
of COTS and Custom Tools
|
At
Customer Request
|
Report
identifies vulnerabilities and recommendations
|
Standalone
or as option.
|
| SecureWorks
Network Visibility Assessment |
Customized
Nessus
|
Varies
with SLA 90 days
|
Word
document containing URLs
|
Option
with IDS
Customized version of open source Nessus scanner rated #1 by NWC |
| Symantec
Managed Vulnerability Assessment Services |
Symantec
Net Recon Others on Request |
Customized
Most Monthly Some Quarterly |
Report
in both hard and soft copy
|
Bundled with other managed security services to provide customized information protection. Long-term, onsite support available to help plan and execute organization's "fix-it" strategy. |
| Verio
Intellisecurity Managed Vulnerability Analysis and Scanning Services |
Mixture of COTS and Custom Tools by Riptech |
Customized
|
Report
includes recommended modifications
|
Standalone service, delivered in partnership with Riptech. |
Emergency response and forensics
Emergency Response involves damage control and service restoration following
a breach. Procedures should be defined in advance by creating an Incident
Response Plan. To track down the culprit and gather evidence for prosecution,
call in Network Forensics experts. These are not "Managed Services" in
the same sense as others included in this survey. They are as-needed professional
services, available from Managed Security Service Providers. Other Managed
Security offerings may include these services—for example, a Managed
Firewall service agreement may include N hours of Emergency Response per
quarter.
|
Emergency
Response and Forensics Services Chart
|
|
|
Provider
|
Comments
|
| Exodus Cyber Attack Tiger Team (CATT) |
Available standalone or with other services. |
| Guardent
Incident Management & Forensics |
Standalone; Corporate Incident Response Plan Development also available. |
| Interland
Managed Security Assessment Service |
Integrated with other Interland Managed Services. |
| IntermediaSecure
Managed Firewall and VPN Services |
Included in Managed Firewall and VPN Services. |
| ISS Emergency Response Service |
Basic ERS on standby 24/7, at discounted hourly rate. Comprehensive ERS includes Incident Response Planning and Forensic Investigations and Analysis. Enables response to point of prosecution. |
| Available standalone or with other services. | |
| NetPlexus
CERT |
Offered with other managed security services. |
| OneSecure
Managed Services |
Included with all OneSecure Managed Services. |
|
Riptech Security
Professional |
Available standalone or with other services. Combines advanced expertise with business-friendly methodology to provide a sound security strategy. |
Final thoughts
This survey is intended to be representative, not exhaustive. We believe
it can serve as a starting point for anyone thinking about purchasing
or providing Managed Security Services. However, a survey like this cannot
hope to capture the most critical dimensions of Managed Security—breadth
and depth of security expertise, provider experience and track record,
and ensuring a good fit between customer and provider.
Paul Gunstone, Commercial Director at Alice Networks, put this rather well: "It is obviously very difficult to show the provisions of any service in a few words on the page. Anyone buying security services needs to feel entirely happy and confident with the people, company, approach and ethos of whoever is involved. You wouldn't want to buy a house or a car from a brochure—and this sort of thing is far more important."
The information included in this survey was drawn from questionnaires completed by each participating provider. Please contact these providers directly for further information on any Managed Security Service.
| <Back
to page 1:
ISP-Planet MSSP Survey |
<Back
to page 2:
Managed Intrusion Detection & Security Monitoring |
—End
| Related articles: | |||
| [July 2, 2001] | Cisco Warns About Hacker Hole | ||
| [Apr. 19, 2001] | Slipping IPsec Past NAT | ||
| [Nov. 13, 2000] | What To Look For In A Managed Security Provider | ||
ISP-Planet's
RSS feed
