Who you gonna call?
- By Ed McKenna
- Sep 03, 2001
On the promise of strong growth forecasts, the managed security services market is attracting a diverse and growing roster of competitors.
The marketplace includes "a lot of big guys, little guys, telcos and just about anybody who was ever a value-added reseller" of security products, said Allen Vance, director of product offerings at Internet Security Systems Inc.
"Trying to compare them one against another is difficult," said Matthew Kovar, a senior analyst at the Yankee Group, who divides companies according to the markets they serve and the cost of their services. Those costs range from $500 to about $5,000 per month, Kovar said, noting that the government market largely fits into the high end.
Costs vary according to the size of the operation, the services offered and preset service levels, such as incident- response times.
For those fees, organizations receive one or more of several services, which the SANS Institute, a research and educational or.ganization for system administrators and security professionals, divides into six categories:
* Intelligence gathering, which involves actively monitoring Internet data sources for potential threats.
* Vulnerability assessment, which entails regularly scanning Internet-accessible systems and private networks and reporting scan results to customers.
* Firewall and virtual private network management.
* Incident response, which could involve a range of actions, including shutting down an infected host or conducting a forensics investigation.
* Policy compliance, which entails making sure that intrusion-detection systems and firewall activities comply with secu.rity policies.
* Virus scrubbing of all incoming and outgoing e-mail messages.