For some time now we have tried to stress to small and medium-sized businesses that security is no longer ONLY a priority for large Fortune 500 companies. In fact, it seems almost a weekly occurrence that I learn about a local “small-town” business that was negatively impacted by a virus, malware, or even more sophisticated “targeted” attack. While the majority of these incidents go unreported by the mainstream news media, the impact and often financial repercussions are quickly realized by the stakeholders involved.
What Can Be Done?
An unfortunate reality is that most organizations think of security as an after-thought and find themselves taking corrective action for a problem, as opposed to viewing security as an insurance policy that can supply proactive benefits. The expectation for smaller businesses to make capital investments with purchases of the latest hardware/software products is both foolish and unrealistic. To combat this, the advent of Managed Security Services (MSS) was introduced and to date has been alarmingly successful. With MSS, a small or medium-sized business can leverage the technical infrastructure, software benefits, and certified-personnel experience that was largely unavailable and/or too expensive prior.
Managed Security Services empowers smaller organizations to shave enterprise costs like never before. The ability to maintain real-time awareness of network activity, vulnerabilities, and implement redundancy are aspects to MSS that were only distant thoughts a short-time ago. As a matter of fact, there is very little that cannot be managed under the umbrella of MSS. For example, threat protection, malware mitigation, Web filtering, spam filtering, access control, and VPN support are now common components included with most MSS offerings.
Are Managed Security Services Right for Your Company?
As with most long-term investments, organizations must determine which managed service model is right for them and would ultimately provide the most benefit to their operational business needs. As a starting point, I have broken down the MSS model into four (4) categories:
- Network Perimeter Management and Authentication – This level of service would address areas such as firewall configuration/management, intrusion detection, Virtual Private Networking (VPN), and two-factor/token-based authentication practices.
- Monitoring & Disaster Recovery – Largely deals with the day-to-day assessment and interpretation of system events on the network such as log management, suspicious activity, and denial of service (DoS) attacks. In addition to the active monitoring, the concept of data redundancy and disaster recovery play a significant role in leaving organizations feeling comfortable with their investment in MSS. This can also be considered the initial step in incident response.
- “Active” Vulnerability Management – Periodic scanning of the network resources for vulnerability detection and identification. Done properly, these periodic scans can also provide recommendations on vulnerability mitigation and remediation.
- Compliance – Many organizations are faced with regulatory compliance requirements and typically are faced with meeting these requirements on a technical level. While some compliance packages offered through MSS may maintain certain compliance requirements, it is important to ensure this verbiage is included in any contractual agreements prior to making any commitments.
The business model behind MSS is proven and brings the much-needed IT security expertise to its customers throughout the world. Organizations such as medical/dental offices, attorneys, professional service providers, and retailers can now implement effective security for their data protection and no longer be limited by financial resources, limited personnel, or lack of time.
Praetorian Secure offers industry-recognized Managed Security Services to companies of all sizes. To learn more about our growing capabilities with MSS please click here, or contact us at 855-519-7328 to set up a discussion with one of our experienced security engineers.