Friday, January 23, 2009

Managed Security with a Strategic Twist


Managed services provider Verizon Business has added an interesting twist to its security toolbox. Traditionally, managed security services are tactical: they monitor a network for potential attacks, using virus signatures and other definitions.

Earlier this month, Verizon upgraded its customers' security capabilities with what it calls its "Risk-Correlation Service," designed to add strategic insight to security.

The RCS works with vulnerability scans -- either those it does for customers or those from vendors such as McAfee, Qualys, and others -- to determine where potential vulnerabilities exist. The service also documents your system to create a map of devices and the business processes that run on them. "It marries threat information with vulnerability information," says Jonathan Nguyen-Duy, Director of Product Management for Verizon.

Calculating Risks
The result is a Web-based scorecard that shows Verizon customers not only where potential problems exist, but rank the level of relative importance of those devices. "We can tell you the likelihood of an event on a particular device, but also the business process associated with that device," says Nguyen-Duy. "Using the information from the vulnerability scan, we can tell you about the impact on availability. Is the device running real-time transactions, or is it a database server that might have less sensitive information?"

Strategically, companies can use the information presented in the online scorecard to get a sense of where to improve their online protection. Not all information is created equal, and not every database server requires the same level of protection.

The scorecard is designed to help companies prioritize their security budgets and their business continuity programs. "With limited resources, it's important to understand the relative risk of each vulnerability," he says.

Protection from Attacks
The online scorecard also works when attacks are underway. In those instances, it helps customers work with Verizon to identify where remediation is most important. "Sometimes you have to work in real-time to figure out where attacks are happening," Nguyen-Duy says. "Your ability to respond is improved when you have better information on the threat and what business process might be affected."

Being proactive about security is like flossing your teeth; you know you should do it more often, but it doesn't always happen. Applying a methodology that combines both strategic and tactical security needs is very wise. Clearly, when it comes to security, it's easier to be reactive when you've already been proactive.

Besides, the complexity of providing comprehensive network security protection, and keeping it fully up to date, is something best left to the experts. That's why managed security is one of the most utilized managed service offerings.

No comments:

Post a Comment