February 1st 2016 - Monday

Businesses of all sizes are constantly engaged in a costly battle to secure their network and assets. Could MSSPs be the answer for companies to reduce overall IT and security related CA PEX and OPEX?

An increasing number of local companies plan to spend more of their budget with managed security service providers (MSSP) in the coming years. According to Frost & Sullivan, overall Managed Security Services (MSS) market is expected to grow from US$9 billion in 2013 to US$15 billion by 2016. The significant MSSP growth numbers show a clear trend, and there’s a growing consensus that outsourcing security is a viable option for small, medium and large enterprises.

A key to the MSSP’s success is understanding the security challenges facing both the small and midsize businesses (SMB) and enterprises in order to be able to build the right security infrastructure and deliver the appropriate MSS at competitive price points:

Perimeter Security Services – The MSS Foundations Securing the perimeter is the first line of defence for any SMB or enterprise customer. This security service establishes a clear logical and physical deny-by-default boundary and the limited paths into the customer’s network, data and applications. Beyond keeping the “bad guys” out, it controls the chaos of what enters the network.

It is the foundation upon which additional layers of protection are then applied, whether at ingress/egress points or deeper within the network. The perimeter security services may include firewall, Intrusion Protection (IPS), Application Control, etc. These are the fundamental services that SMBs and enterprises require and make up the majority of the MSS market. It is therefore crucial that MSSPs provide these services on a high performance infrastructure (virtual, physical or hybrid) that is highly scalable in a multi-tenant environment and provides high availability and disaster recovery.

Fixed and Wireless Secure Connectivity Services Broad adoption of IEEE 802.11 has created a complex Wi-Fi landscape with proliferating mobile devices and applications. It is no longer sufficient to treat all Wi-Fi users

“The growing trend of Bring Your Own Device (BYOD) and Bring Your Own Application (BYOA) adds additional security challenges.”

and applications alike and companies see the need to deploy and enforce WLAN control policies. The growing trend of Bring Your Own Device (BYOD) and Bring Your Own Application (BYOA) adds additional security challenges.

In order to achieve a unified security policy enforcement, security must be fully integrated into the fabric of the network. Deployment and management of the wireless infrastructure as part of the overall security services, network security, authentication, user, device and application based identification and policies enforcement are part of the MSSP services that SMB and enterprises are looking to outsource. These services provide real competitive differentiation and additional revenue streams for MSSPs.

Application Level Threats

The fastest growing categories of attacks and data breaches are those that target applications, application layer services and inexperienced users. These represent most of a network’s weak spots and there are countless possibilities to exploit code vulnerabilities, application modules, and trusting users who think that the e-mail they just received was a legitimate request to reset their account credentials.

Web Application Attacks

Since 2010, The Open Web Application Security Project (OWASP) has consistently reported that almost every web-based application has one or more vulnerabilities listed in their 2013 Top 10 list of application security risks. They have also reported that 95% of all websites have been hit by one or more instances of cross-site scripting or SQL injection attacks in the past year. Gartner stated in their recently published 2014 Web Application Firewall Magic Quadrant that they expect that over 80% of all enterprises will have a WAF in place by 2018 to protect against web application attacks (up from 60% in 2014). For SMB and enterprises, web-based applications are today one of the main interfaces to their clients and partners and securing these interfaces and applications are critical. Therefore MSSP should include a Web Application Firewall MSS as part of their portfolio.

Application Layer DDOS attacks

Distributed Denial of Service (DDoS) attacks have evolved over the past decade to target application level services. DDoS attacks are still ranked as the top threat by data centre managers compared to other events like infrastructure outages and bandwidth saturation. It is important that DDoS mitigation MSS will include all possible variations of DDoS attacks, from layer 3 to the application level.

Advanced Persistent Threats (APT)

Enterprises are under attack by increasingly sophisticated threats. Gartner recently stated “all organisations should now assume that

“The significant MSSP growth numbers show a clear trend, and there’s a growing consensus that outsourcing security is a viable option for small, medium and large enterprises.”

they are in a state of continuous compromise”. These new threats look for opportunities to bypass traditional firewalls and other company-specific defences, install custom malware, and then systematically and stealthily scrub every corner the organisation for data. MSSPs delivering an Advanced Threat Protection (ATP) service can meet customers’ most advanced concerns while creating additional competitive advantage.

Growth of SSL Encrypted Data

Many enterprises are aggressively expanding SSL to all their web facing applications to protect sensitive data. Sandvine’s latest Global Internet Phenomena Report demonstrated that encrypted traffic is growing at an unprecedented rate. Combined with this explosive expansion in traffic, the complexity of moving to more advanced encryption keys as the technology expands from 1,024 keys to 2,048 and now 4,096, is doubling and even quadrupling secure packet sizes. SMB and enterprise’s servers and application load balancers are struggling to keep up with this demand and are looking for MSS to be able to allow them to cost-effectively meet this dramatic expansion.