Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

ISS And You: The Fast Track To Managing Security?

Jennifer ZainoTwo trends could spur more business the way of ISS' managed services division: the convergence of security information management and network vulnerability assessment, and regulatory compliance demands. Wait, make that three???the desire to transition critical but mundane security tasks to a third-party provider without actually handing over the keys to the entire infrastructure. Or maybe four???the fact that fully implementing a security information management system can be a long, difficult and costly process, potentially taking (ISS says) up to six to 12 months and eating up hundreds of thousand of dollars just in product, plus deployment and management fees that can rack the bill up to a million bucks in just the first year.

At Interop the vendor plans to announce its Virtual Security Operation Center, a re-envisioning of its managed security services customer portal, and two new services to join its existing on-demand vulnerability assessment and other managed security offerings. Customers who sign up for any of the VSOC services, which by August will also include security event management and log management, will have access to a centralized view of both on-premise and remotely managed network and security devices from multiple vendors through a single interface. A consolidated view of reporting, workflow management, and incident ticketing across multiple geographic locations or across on-site or remotely-managed systems is designed to provide a level of integration that should result in better security management and, ultimately, tighter security.

The cost savings are significant???around 50 to 60% of the costs of an on-premises solution, ISS says???as are the advantages of quick time-to-deployment. Pricing for the Security Event Management service is determined based on the type of device reporting into the service. Pricing ranges from less than $0.04 per desktop per month up to $200.00 per networking class device per month. Pricing has yet to be set for the Log management service.

ISS seems on the right track in enabling levels of customization for its new services. You'd expect to be able to turn up or down the volume of security alerts to suit your individual organizational risks with the security event manager, and you can. The log management service adds the ability to monitor across OSes and applications (so long as they output logs in a text-based format), as well as across other non-security-centric network devices, data specific to an organization's business processes, and receive analyses based on best practices guidelines that map to their specific regulatory and business requirements. "In many cases companies are driven to SIM solutions because of regulatory compliance, which includes collecting and aggregating log data about transactions into one point," says Jason Hilling, director of product management for ISS' managed security services.

For ISS, the VSOC also provides a way of further leveraging its Proventia Integrated Security Appliances, with plans by 2007 to include full command and control management of ISS products through the portal, integrating the SiteProtector centralized management system that's a key part of its security platform. Before year's end expect to see all ISS products out-of-the-box enabled to tie into the VSOC. It's reasonable for ISS to want to expand its footprint in the managed security services market, which is one of the fastest growing portions of its business, with about 40% growth on annualized basis over the past four years. By the end of last year Gartner expected that the managed security services market in North America will reach over $1 billion, an 11.4 percent increase over 2004. ISS' managed services track record to date includes managing about 8,000 server class security devices across some 1500 customers, with the business accounting for between 13 to 15% of ISS' total revenues.