Feature Story


More feature stories by year:

2017
2016
2015
2014
2013
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999
1998

Return to: 2009 Feature Stories

CLIENT: NETWORK BOX USA

July 2009: Security Matters

CHOOSING A MANAGED SECURITY SERVICE PROVIDER

There are many advantages for an organization to outsource its network protection to a managed security service provider (MSSP) - e.g., it's more cost effective, and it lets the IT department operate without an in-depth understanding of the various security functions.

Once the decision is made to go the managed security route, an organization needs well-defined practices in order to evaluate and select an MSSP. If your organization is looking for managed security service, here are some tips.

First, it's vital that you specify your security requirements to the MSSP candidate and require them to demonstrate their ability to meet them, both as part of the evaluation and selection process and while providing ongoing services.

The service provider's reputation should be a prime consideration. Get references, and find out how good their support is, e.g.:

  • How available are they when you have a problem?
  • What is the expertise of the person who answers the phone?
  • Will they run you through four different escalation levels before someone can solve your problem?

This brings us to their service-level agreement. Read it carefully, because legal language can be tricky, and quality of service (QoS) is the most important thing to evaluate. A reliable indication of an MSSP's QoS is SAS 70 Type II attestation (Statement on Auditing Standards No. 70), the authoritative benchmark of the American Institute of Certified Public Accountants, against which service providers report control activities and processes to customers and their auditors. As an example, Network Box USA's audit encompassed detailed inspection of the internal control environment surrounding physical and electronic security measures, disaster-recovery planning, network access and monitoring, environmental back-up and network redundancies, change management, new-client implementation, and customer service.

Coverage is also something to consider. Your organization may be local, but Internet threats are global. Hackers in Russia, for instance, might use compromised computers in the USA to send spam to users in Canada, who are lured to websites hosted in China. The ability to detect these threats on one continent and apply solutions that protect clients on another is a tremendous advantage that MSSPs with a single geographical location lack - unlike providers like Network Box with security operation centers around the world.

How you request changes is another important factor in choosing an MSSP, and you need to find out in advance. If it's by email only, stay away from that provider, because email addresses can be spoofed so easily; better yet, don't contract with an MSSP that even allows change requests via email. Also find out how they log the change requests. Five years from now, will you be able to ascertain who requested a certain change, who executed it, and what was done?

As for the prospective MSSP's technology, don't try to test it yourself but do ask a lot of questions. Find out all the features of what you're purchasing and how flexible it is. If you're changing technology, make sure the new one is at least as good as the old one. Network Box USA provides its own UTM (unified threat management) appliance, which includes:

  • firewall;
  • multiple in-line intrusion detection and prevention systems;
  • virtual private network;
  • anti-malware,
  • anti-spam, and
  • content and web filtering.

Finally, consider the overall cost. Though we've already established that using an MSSP is more cost effective than doing it all in-house, the price of procuring, operating and overseeing the security service delivery should not exceed the anticipated benefits.

Network Box USA, Inc. was formed in response to the escalating dangers posed by security breaches, virus attacks and similar threats arising from widespread use of the Internet. Its mission is to provide enterprises of all types and sizes with a cutting-edge computer network security solution that is effective yet affordable. The company's flagship product, the Network Box appliance, has won numerous awards for excellence and is now in the forefront of UTM technology.

Return to: 2009 Feature Stories