The supporters vehemently profess that Managed Security Services should be considered as a kind of panacea for today’s burgeoning security problems facing the industry. The critics on the other hand maintain that such a solution should not be considered as a full time solution but adequate training and awareness must be imparted to develop the core skills needed to run businesses securely.
Although a semblance of truth exists in each of these assertions, this paper attempts to highlight the current predicament facing organizations across the region and how with the aid of a competent and reliable MSS provider the organizations could overcome these shortcomings and continue to flourish and stay abreast in the cyber space.
The current trend:
Organizations in the Middle East are shifting to a new paradigm. The government organizations, the large institutions and the small start-ups are making a beeline to jump on to the Internet bandwagon in order to get connected. Getting connected to the highly precarious Internet is now being perceived as the life line for survival.
As more and more organizations are relying on the Internet more and more security problems are surfacing. Attacks and attackers are getting increasingly sophisticated. According to a recent study conducted by the Honeynet project, the life span of a system connected to the internet is around 15 minutes after which it will be targeted. The attack can either be a simple scan of the system or a full fledged attack. Since the Internet knows no geographic boundaries the attack can happen from any part of the world and at any time of the day. The attack tools are also widely distributed on the Internet and anyone can easily obtain them. There is an urgent need to protect our resources, assets and ourselves from these threats. But the question that comes to mind is – can we adequately protect our resources when we do not fully understand what security is all about?
Understanding Security
The authors of the famous and best selling security book “Hacking Exposed” say Security is not a goal, it is a process, and Security is not a product, it's a mentality. Security works by knowing the threats and managing the risks. The risks can never be completely eliminated but can be reduced by managing them properly. A competent Managed Security Services Provider can help reduce risks to organizations by
• Pro-active Monitoring of Security Devices
• Effective Management of Security Devices &
• Rapid Incident Response.
Most Managed Security Services Providers operate from their state-of-the-art SOC – Security Operations Center equipped with latest monitoring tools and gadgets. Managed Security Services Providers provide the following services:
• Managed Firewall Services
• Managed Intrusion Detection Services
• Managed Anti-Virus/Anti-Vandal Services
• Managed Vulnerability Assessment Services
• Managed System Forensics, Investigation & Response Services
The current predicament:
Most organizations are typically besieged with the following problems
• Critical business issues.
• Increasing security threats &
• Unmanageable technical issues
Managed Security Services Providers by the nature of their job are strategically placed to help organizations counter these problems.
Let’s take a closer look at each of these problems to understand how an MSSP can help alleviate these problems & thereby help reduce risks to an organization:
1. Critical Business Issues:
In most organizations, business demands exist on a 24x7x365 basis. Consumers seek information that must be available in real-time. There is no room for outages and the In-house IT staff needs to focus on running core mission-critical business applications. Consequently, security is considered an additional chore and gets neglected thereby resulting in serious security breaches. For instance:
• NIMDA virus compromised over 86,000 internet hosts (Source: SANS Institute)
• Code Red – 359,000 servers in less than 14 hours (Source: CAIDA)
The cost of these security breaches is typically high and will adversely impact the business revenue model of an organization. According to Datamonitor magazine, around USD15 Billion was the cost towards eSecurity breaches to U.S. businesses in one year.
MSSP helps reduce security breaches in organizations by managing security of the systems round the clock by ensuring that all the systems and applications are properly patched.
2. Increasing security threats:
Some of the increasing security threats affecting an organization are:
• Known vulnerabilities exploits
• Malicious Code
• Espionage
Let’s look how each of these threats will affect an organization:
Known Vulnerabilities exploits
Unfortunately, none of the operating systems are secure out of the box and attackers will take advantage of holes in default OS or application configurations or user/admin mis-configurations. A majority of the attacks are initiated through these well known holes. These holes are often well known and publicised in the computer underground and exploits are readily available for these vulnerabilities. For example: In a largest criminal Internet attack to date, a group of hackers spent a year systematically exploiting known vulnerabilities to steal customer data. More than a million credit cards were stolen and more than 40 high profile sites were victimized. The hackers gained accessed to high profile ecommerce sites thro well known vulnerabilities and once they were in, they download proprietary information, customer databases, and credit card information.
Vulnerabilities are disclosed everyday; systems have to be regularly patched. MSSP can help organizations by providing Managed Vulnerability Assessment by conducting periodic and regular vulnerability assessment of the systems.
Malicious code
Malicious code includes viruses, worms and trojans . Recent incidents like Nimda/Sobig virus indicate the seriousness of these threats.
MSS helps by providing Managed Anti-Virus and Managed Anti-Vandal Services to prevent the outbreak of viruses and worms.
Espionage
Contrary to the popular belief that espionage is limited only to militaries and governments, espionage or stealing of information routinely happens in many organizations. Espionage is quite often carried out by trusted insiders. Unless organizations have some sort of content filtering to monitor the internal traffic these sort of attacks will go unnoticed.
MSSP helps by providing Managed Monitoring & Managed Content Filtering Services by screening the contents of email, web and network traffic to prevent leakage of any sensitive information.
Unmanageable Technical Issues
To most organizations in the region, security is considered as a technological issue. The selfish and over zealous vendors too are doing their bid in stoking the flame further by impressing upon the organizations that technology can “solve” the computer security problems. This belief that “technology can make us more secure” is forcing the organizations to invest in more and more technology like
• firewalls,
• IDS,
• VPNs,
• Content Filters
• Java/active X protection
• Integrity Software's
• IDS
• PKI
• Smart Cards
• etc.
This technology is getting increasingly more complex to administer and manage. Quite often the task of managing and administering these complex devices is handed down to administrators who lack the specific knowledge and skills required to manage these devices. The administrators are also responsible for a lot of other devices and also tasked with various other activities.
The initial work of configuring the devices is often done by the vendors themselves as part of the purchase deal. However, once the devices are configured and the initial sense of novelty wears off, the administrators do not pay much attention to monitoring the logs emitted by these devices. Actually to be fair to the administrators, the logs are huge and gibberish in nature. For example:
A single firewall on a busy network generates around
• 200 MB of log data per hour
• 4.8 GB per day
• 33.6 GB per week
A single IDS on a busy network generates around
• 1,000 alerts per hour
• 24,000 alerts per day
• 168,000 alerts per week
These logs contain subtle clues of an attack or an impending attack but as the administrators are blissfully unaware of the tell-tale signs in the logs they will not be in a position to effectively respond to incidents. Trained people are needed to properly interpret the logs and take decisive actions to mitigate the risks.
Managed Security Services Providers have highly trained and skilled staff that can monitor the systems round the clock. The MSSP analysts are trained to monitor and interpret a wide variety of logs. As soon as the analysts identify an incident or an attack pattern taking shape they react by following a well orchestrated incident response plan. The incident response plan will vary depending upon the type and severity of the threat and will also include coordinating with the upstream ISPs to nullify attacks, notifying the CERT and law enforcement agencies.
Conclusion
The organizations have to shoulder a tremendous amount of responsibility to keep them properly secured to thwart attacks. The responsibility includes: Implementing defensive controls like firewalls, intrusion detection systems, Anti-Virus scanners, hardening internal systems, conducting periodic vulnerability assessment to eliminate potential vulnerabilities or holes through which attacks get manifested and by practicing due care and diligence to keep the firewalls, IDS’s, Anti-Virus scanners up-to date with latest security patches and fixes.
All of this consumes a huge amount of time, resources and significantly increases the cost. Forging a partnership with a reliable MSS provider can be a good viable alternative for organizations to keep themselves replenished with the highly specialized skill sets, facilities, state-of-the-art technologies, rapid response to incidents and a check on the spiralling costs.
The Managed Security Services in the Middle East is still considered to be in its infancy when compared to its western counterparts, but it does hold out a lot of promise especially for those enterprises who are bracing themselves for donning the mantle of cyber-omnipresent enterprises.