Security services are also known as managed security services (MSS) which is a systematic approach to managing an organization’s security needs. The services may be conducted in-house or outsourced to a service provider that oversees other companies’ network and information system security.
Functions of a managed security service include round-the-clock monitoring and management of intrusion detection systems and firewalls, overseeing patch management and upgrades, performing security assessments and security audits, and responding to emergencies. There are products available from a number of vendors to help organize and guide the procedures involved. This diverts the burden of performing the chores manually, which can be considerable, away from administrators.
Six Categories of Managed Security Services
This is customized assistance in the assessment of business risks, key business requirements for security and the development of security policies and processes. It may include comprehensive security architecture assessments and design (include technology, business risks, technical risks, and procedures). Consulting may also include security product integration and On-site incident response and forensics.
Remote perimeter management
This service installs and upgrades the firewall, Virtual Private Network (VPN) and intrusion detection hardware and software, commonly performing configuration changes on behalf of the customer.
Managed security monitoring
This is the day-to-day monitoring and interpretation of important system events throughout the network, including unauthorized behavior, malicious hacks and denials of service (DoS), anomalies and trend analysis. It is the first step in an incident response process.
Penetration and vulnerability testing
This includes one-time or periodic software scans or hacking attempts to find vulnerabilities in a technical and logical perimeter. It generally does not assess security throughout the network, nor does it accurately reflect personnel-related exposures due to disgruntled employees, social engineering, etc.
This includes monitoring event logs, not for intrusions but change management. This service will identify changes to a system that violates a formal security policy for example if a rogue administrator grants himself or herself too much access to a system. In short, it measures compliance with a technical risk model.
Intrusion Detection Services
Provides an elevated level of active intrusion detection protection against hostile network intrusions. While the firewall is an essential part of your IT security, it’s just a wall-a passive barrier that can’t distinguish a customer from a criminal. When services are allowed through the firewall, application vulnerabilities can be exploited to introduce severe threats like worms, viruses, buffer overflows and denial-of-service attacks. Intrusion Detection Service provides an advanced layer of security- backed by the ultimate threat detector: our expert security professionals within our enterprise-class data centers. Together they provide rapid intrusion detection that translates into optimal network security to minimize threats to your enterprise.
Although the organization remains responsible for defending its network against information security and related business risks, working with an MSSP allows the organization to focus on its core activities while remaining protected against network vulnerabilities. Business risks can result when information assets upon which the business depends are not securely configured and managed (resulting in asset compromise due to violations of confidentiality, availability, and integrity). Compliance with specific government-defined security requirements can be achieved by using managed security services.
IT security is an important priority for us represented in a proactive approach to a better and more secure IT management. Opennet Security services are:
• Policy improvement and development services (aligned with ISO 17799)
• Policy-based security process management
• Risk and Compliance Services (i.e. Sarbanes Oxley)
• Vulnerability Management Services
• Advanced Penetration Testing
• Firewall deployment and management
• Intrusion detection systems
• Security Operations Center (24×7 monitoring)
• Virus and SPAM protection
• User identity and password management
• Strong authentication solutions
• Documentation and Policies and Procedures to fulfill internal and external Audit requirements