Custom-Fit Security Apps

Managed security goes proactive

If last year saw the birth of managed security services, then this is the year they will come of age, evolving from one-size-fits-all services into unique, proactive offerings tailored to the individual customer.

This new wave of service is typified by Ubizen, a Belgian security company that this week will launch its services in the United States, along with others such as Counterpane Internet Security Inc. and Netsec. Each of these companies is trying to change managed security from a strictly reactive discipline to a predictive and proactive field.

Unlike past attempts to manage security, these companies are concentrating on gathering real-time intelligence on attacks, vulnerabilities and exploits. Using data mining and artificial intelligence techniques, they can predict where problems could appear on a particular customers network and then design a system to counteract them.

Ubizen this week will launch in the United States its OnlineGuardian services, which include firewall and virtual private network management and provide customers with round-the-clock network intrusion detection and vulnerability assessment monitoring services that security administrators said are becoming a must.

"The architecture and the nonintrusive nature of the service is key," said Ron Zahavi, chief technology officer of MedContrax Inc., a Ubizen customer and pharmaceutical industry contracting portal based in Gaithersburg, Md. The company currently uses another Ubizen solution but will begin using OnlineGuardian soon. "We have a lot of security issues with our network, so we need someone to hand that off to and know that its taken care of," Zahavi said.

Later this year, Ubizen plans to unveil an application-monitoring service to address the growing number of application-level attacks plaguing corporations, as well as a policy-compliance service.

Services blossomed last year when companies faced a shortage of trained security personnel at the same time that attacks against networks hit new heights. Companies were often forced to foist critical tasks such as network monitoring and intrusion detection on overworked IT managers. As a result, crackers and virus writers had a field day on corporate networks.

And hackers are still having their way. In the latest Computer Crime and Security Survey, released last week by the Computer Security Institute and the FBI, 85 percent of respondents said they had detected a security breach within the last 12 months. More telling was that 27 percent of those surveyed didnt even know if there had been unauthorized access or misuse of their companys site.

"Companies have been spending a lot of money on security, but they cant keep up with the management of it because they dont have people with the knowledge to do it," said Stijn Bijnens, CEO of Ubizen, of Leuven, Belgium, with U.S. headquarters in Reston, Va.

But customers are now demanding more advanced services than many MSPs (management service providers) have offered. In response, Ubizen is unveiling its SEAM software, which stores, processes and classifies event data as well as information from network security devices such as firewalls and intrusion detection monitors. The data is analyzed by the Ubizen staff against information culled from other customers networks; analysts can then identify potential problems and recommend the appropriate responses.

The advantage lies in that, while any given attack may be new to a victimized company, the intelligence staff of an MSP is likely to have seen dozens of such attacks and will know how to respond.

"A managed security monitoring provider can learn from attacks against one customer and use that knowledge to protect all of its customers," said Bruce Schneier, chief technology officer of Counterpane, in San Jose, Calif. "To [us], network attacks are commonplace, not rare."

Ubizens database analyzes more than a million security events a week, which gives its staff a much larger picture of the overall security landscape than the staff of any one enterprise customer could ever have.

Netsec, in Herndon, Va., and Counterpane are in the process of building intelligence databases as well, and officials from both companies said these repositories are key to future services.

"The threat environment and vulnerability landscape changes every day, and you have to be able to deliver intelligence reports in advance of new problems," said Jerry Harold, director and co-founder of Netsec.

"Being able to glean information from the customers networks and analyze a wide array of threats is what makes managed security monitoring valuable."