The MSS path

Tom Noonan, President and CEO at Internet Security Systems.

|~|Managed security services have been a bone of contention among IT professionals for some time. While many companies have been eager to outsource areas of their IT business to more dedicated and experienced companies, when it comes to security many have been less than keen to hand over the reins to a third party. But according to Internet Security Services, the US company based in Atlanta and with offices across the globe, this is changing.

“While there are always exceptions, banks, telcos and governments generally want their own security experts, their own grown systems and solutions,” says Peter Stremus, VP EMEA marketing at ISS. He believes that it would be weird for these organisations to outsource their security. “Look at Barclays Bank for example, they have over 60 people working on their security.”

But other companies and organisations are turning towards managed security services more and more, suggests Stremus. “Many can’t afford to employ a dedicated round-the-clock security team.”

Research from Frost & Sullivan predicts that EMEA revenue from MSS will grow from around US$350 million currently to over US$1 billion by 2012. The Frost & Sullivan report suggests that the top driver for this growth is relentless innovative threats, but also puts legislation such as Sarbanes-Oxley, and the growing acceptance of the MSS model among the main reasons.

Rick Miller, MSS VP at ISS, agrees with this research. He claims the industry has been growing annually by around 24%. “The outsourcing model is becoming more accepted. While at ISS we started small, we are now seeing a annual growth rate of around 40-45% in MSS.” Subscription MSS services now make up around 14% of total revenue at ISS.

The ISS strategy for MSS in 2006 will be a focus on its partners. Around 30%-40% of ISS’s MSS business comes from its partners, claims Stremus. “We work with the Hewlett-Packards and IBMs, and also partner with Microsoft.”

But ISS also has major distribution channels in all major countries for its MSS offerings, claims Stratos. “We have a whole network of resellers, and we are expanding our channel in 2006, almost doubling the number of channel partners.” He says that these are typically security resellers but there are also networking resellers involved.

ISS has partnered with international operators such as BT Infonet and Telstra in Australia, to allow these to offer its MSS. “We partner with the local operators to do it in their own language,” says Miller.

ISS saw a 55% growth in MSS across EMEA in 2004, and around 48% in 2005. “We’ve seen a lot of interest from in the Middle East,” says Miller. “But nothing big yet. Most of the interest has come from Dubai and Qatar, with a little in Saudi Arabia.” Stremus claims that on a recent Middle East roadshow a lot of interest was generated in Oman.

The coming year will see new offerings from ISS in the MSS field that could generate further interest. “We’ll begin to offer part-time monitoring in late 2006,” says Miller. “This is for those companies that can do their own security during the day, but perhaps get ISS to do it nights and weekends.” Such approach may lead to difficulties in establishing on whose watch did the breach occur, but Miller is adamant that the ISS system will work this out.

ISS is especially pleased with its portals, giving its MSS subscribers a comprehensive view of their security posture and current internet threats around the clock. “Portals have become a big differentiator for managed security service providers. We want to show the work we do,” says Miller. “They can see who did what and when. They can make additions to the work log.” The ISS portal is almost in real-time, with about 2-5 minutes delay.

Such transparency in the security process may well reduce the initial fears about putting control in the hands of a third party. If the statistics from Frost & Sullivan and ISS are correct, then this could certainly be the case.

Working through its international partners, ISS adapts its portal accordingly. “Portals need to be flexible enough that they can be integrated into a partner’s portal,” explains Miller. ISS partners such as BT Infonet and NTT in Japan both integrate its portal. “The portal can be branded for the partner,” adds Miller.

The approach from ISS focuses not on ‘zero-day’ attacks, but on known vulnerabilities, which it claims are the most common method of attack. “It’s not about exploits, but vulnerabilities,” says Stremus. “It’s no good having a patch in five days. We must have virtual patches.”

President and CEO at ISS Tom Noonan believes that his company has a shot at becoming a global security leader. “Competitively we like our chances. Competitors are getting into different businesses.” Symantec’s merger with Veritas, valued at approximately US$13.5 billion, saw the security titan moving into previously unchartered waters of data storage.

The MSS market has changed dramatically, says Noonan. “Think differently to how you thought about MSS 10 years ago. It is moving in very different direction. We can provide it to 100% of our customers.” However, he points out that it “not just a case of providing a firewall.”

Noonan claims that 11,000 to 12,000 of the world’s largest companies use ISS. “But we’re looking at expansion into new middle market companies. Over 30% of every transaction is a new name customer.”

Unlike other MSS providers, ISS has said that should a customer suffer a security breach, it will hand over US$50,000, something Miller says they have never had to do. “This is simply meant to address something all MSS providers are guilty of,” he claims. Frost & Sullivan recently placed the company in its leader quadrant for MSS, distinguishing the company for this money-back guarantee.

As companies such as ISS provide more transparency for their MSS, allowing customers to view all movements on their networks and all actions by the third party, worries about losing control are starting to slide. While organisations such as banks may still need their own dedicated team, others feeling the pinch from either shareholders or legislation and looking to improve efficiency may change their view. And as more offerings become available, such as the babysitter approach, looking after networks at night and weekends, the MSS model should start to attract more followers.||**||